#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

encryption | Breaking Cybersecurity News | The Hacker News

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

Feb 18, 2016
Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data. The devastation of the compromised files can be pitched as: Compromised emails Lockout Electronic Medical Record System [EMR] Encrypted patient data Unable to carry CT Scans of the admitted patients Ferried risky patients to nearby hospitals ...and much more unexplained outcomes. The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse. Hospital End up Paying $17,000 As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys. "T
Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle

Feb 18, 2016
In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone . Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino , California, in December. Here's What the FBI is Demanding: The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed. Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

Feb 13, 2016
Over the last few years, we have seen several types of Ransomware malware that demand a whopping amount of money from users for the retrieval of their locked, compromised sensitive files. We have also witnessed the birth of decryption solution for some of the Ransomware like Cryptolocker (partial), Coinvault , Rescue Kit . One more solution has recently been released for decryption of newly emerging ransomware, dubbed as Hydracrypt and Umbrecrypt that are propagated through Angler Exploit Kit. Both of the malware belong to CrypBoss ransomware family. The source code of CrypBoss Ransomware was leaked last year on Pastebin, which was later analyzed by Fabian Wosar, a security researcher at Emsisoft. With the help of CrypBoss Source code, Wosar was successfully able to crack the encryption algorithm of the ransomware and quickly made the decryption tool for CrypBoss and its variants ( Hydracrypt and Umbrecrypt ). It is found that both Hydracrypt and Umbrec
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New York Police Used Cell Phone Spying Tool Over 1000 Times Without Warrant

New York Police Used Cell Phone Spying Tool Over 1000 Times Without Warrant

Feb 12, 2016
The New York Police Department (NYPD) has admitted that it used controversial cell phone spying tool " Stingrays " more than 1,000 times since 2008 without warrants. In the documents obtained by the New York Civil Liberties Union (NYCLU) , the NYPD acknowledged that the department has used Stingrays to intercept personal communications and track the locations of nearby mobile phone users. What are Stingrays? In my previous article , I have explained the scope of Stingrays along with its working, how it cracks encryption and how the police agencies are using these cell phone spying devices equipped in its military surveillance technology DRTBox  in order to: Track people Intercept thousands of cellphone calls Quietly eavesdrop on conversations Eavesdrop on emails and text messages Stingrays are small cell phone surveillance devices that work by imitating cellphone towers, forcing all nearby phones to connect to them and revealing the owners' locat
ENCRYPT Act of 2016 — Proposed Bill Restricts States to Ban Encryption

ENCRYPT Act of 2016 — Proposed Bill Restricts States to Ban Encryption

Feb 11, 2016
The last year's ISIS-linked terror attacks in Paris and California has sparked debate on Encryption, and the intelligent agencies started reviving their efforts to weaken encryption on various encrypted products and services. But, there is some Good News! California Congressman and Texas Republican are now challenging state-level proposals to restrict US citizens' ability to encrypt their smartphones. On Wednesday, California Congressman Ted Lieu , one of four members of Congress, and Texas Republican Blake Farenthold , a member of the House Oversight and House Judiciary committees, introduced a new bill in Congress that… …attempts to ban states efforts to implement their own anti-encryption policies at a state level while a national debate on Encryption is ongoing. The bill, called " Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016 " – in short, " ENCRYPT Act of 2016 " – would stop states fr
How to Crack GCHQ Crypto Puzzle? — Here's the Solution

How to Crack GCHQ Crypto Puzzle? — Here's the Solution

Feb 09, 2016
GCHQ has finally released the solution to their head spinning Xmas Puzzle , after all, the participants failed to reach the final answer. GCHQ had released a crypto puzzle, dubbed Xmas Puzzle , on 9th December in the form of a Christmas Card that went viral online soon after its release. Nearly 600,000 people shot a "Go" for the challenge since early December, but only 30,000 had made it reach the final stage. The puzzle got popped up with a grid-shading Nonogram that resulted in the formation of a QR Code containing a hint to unlock the next level challenges. Xmas Puzzle prolonged to various topics like Web Link Maze, Word & Numeric Puzzle, Graph Theory and other Cipher Dilemmas. Some of the questions also intrigued on entertaining topics like Lord of the Rings, Ducks, Chess, French, and Semaphores. Who Created Crypto 'Xmas Puzzle'? This brainstorming puzzle was created by a small team of GCHQ Cryptographers under the GCHQ director Robert Han
WhatsApp to Share your Personal Data With Facebook

WhatsApp to Share your Personal Data With Facebook

Jan 30, 2016
Recently the Facebook-owned messaging app dropped its $1 annual subscription fee to make WhatsApp Free for Lifetime . Now, WhatsApp has plans to introduce a new feature that would allow its users to integrate their Facebook accounts with the most widely used messaging app. So far, the social media giant has been focusing on its own messaging platform, Messenger and both WhatsApp and Facebook have been working separately in terms of adding new features. WhatsApp to Share User Data With Facebook Android developer Javier Santos spotted a new feature in the latest beta build of WhatsApp, which indicates that soon you'll start seeing some features interconnected between WhatsApp and Facebook. The feature (optional, for now), dubbed " Share my account info ," when selected will share your personal WhatsApp account information with Facebook in order "to improve your Facebook experience," according to the description. Although it's uncle
Police Using Planes Equipped with Dirtbox to Spy on your Cell Phones

Police Using Planes Equipped with Dirtbox to Spy on your Cell Phones

Jan 29, 2016
The Anaheim Police Department of California — Home of Disneyland — admitted that they used special Cell Phone surveillance technology, known as DirtBox , mounted on aircraft to track millions of mobile users activities. More than 400 pages of new documents [ PDF ] published Wednesday revealed that Local Police and federal authorities are using, DRTBox , an advanced version of Dirtbox developed by Digital Receiver Technology ( Boeing's  Maryland-based  subsidiary ). DRTBox — Spies in the Sky DRTBox is a military surveillance technology that has capabilities of both Stingray as well as Dirtbox, allowing the police to track, intercept thousands of cellphone calls and quietly eavesdrop on conversations, emails, and text messages. According to the report, DRTBox model is also capable of simultaneously breaking the encryption hundreds of cellphone communications at once, helping Anaheim Police Department track criminals while recording innocent citizens' inform
Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

Jan 29, 2016
The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security (TLS) channels. OpenSSL is an open-source library that is the most widely used in applications for secure data transfers. Most websites use it to enable Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. However, after serious security vulnerabilities were discovered in OpenSSL over the last few years, the crypto library has been under much investigation by security researchers. The latest bugs affect OpenSSL versions 1.0.1 and 1.0.2, which has been patched in new releases of OpenSSL, versions 1.0.1r and 1.0.2f . The team has patched two separate vulnerabilities in OpenSSL. The " high severity " bug, identified as CVE-2016-0701 , addresses issues in the implementations of the Diffie-Hellman key exchang
Apple Can Still Read Your End-to-End Encrypted iMessages

Apple Can Still Read Your End-to-End Encrypted iMessages

Jan 25, 2016
If you are backing up your data using iCloud Backup , then you need you watch your steps NOW! In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products. When it comes to Apple's iMessage service, the company claims that it can't read messages sent between its devices because they use end-to-end encryption, which apparently means that only you and the intended recipient can read it. Moreover, in case, if the federal authorities ask Apple to hand over messages related to any of its users, there is nothing with Apple to offer them. "If the government laid a subpoena to get iMessages, we can't provide it," Apple CEO Tim Cook told Charlie Rose back in 2014. "It is encrypted, and we do not have a key." But Wait! There are still hundreds of Millions of Apple users whose data are stored on Apple'
EPIC Fail — For the Third Time, Linux Ransomware CRACKED!

EPIC Fail — For the Third Time, Linux Ransomware CRACKED!

Jan 07, 2016
Ransomware is now a common practice for money-motivated cyber criminals. It's basically a type of software written in any system-based programming language that has the ability to hijack victim's computer, encrypts files and then ask for a ransom amount to get them back. One such ransomware dubbed Linux.Encoder targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asks for 1 Bitcoin ( $453.99 ) to decrypt those crucial files. But, the good news is it is very easy to get rid of it. The Malware author released the third version of the Linux.Encoder ransomware, which security researchers from Bitdefender have managed to crack, yet again, after breaking previous two versions. However, before the team managed to release the Linux.Encoder decryption tool, the third iteration of Linux.Encoder ransomware, which was first discovered by antivirus maker Dr.Web, has infected a nearly 600 servers w
Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites

Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites

Jan 07, 2016
Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its
Microsoft Keeps Backup of Your Encryption Key on its Server — Here's How to Delete it

Microsoft Keeps Backup of Your Encryption Key on its Server — Here's How to Delete it

Dec 29, 2016
Have you recently purchased a Windows computer? Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen. Moreover, In case you lost your encryption keys then don't worry, Microsoft has a copy of your Recovery Key. But Wait! If Microsoft already has your Disk Encryption Keys then what's the use of using disk encryption feature? Doesn't Encryption mean Only you can unlock your disk ? Microsoft Probably Holds your Encryption Keys Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices. However, there is a little-known fact, highlighted by The Intercept, that if you have logged into Windows 10 using your Microsoft account, your system had automatically uploaded a copy of your recovery key to Microsoft's servers secretly, and you can't pre
China Passes Anti-Terrorism Law; Here's What You Need to Know

China Passes Anti-Terrorism Law; Here's What You Need to Know

Dec 28, 2016
If you rely on encrypted services to keep your data private and, unfortunately, you are in China, then you are about to be worried. As of now Chinese government could snoop into the operations of technology companies as well as circumvent privacy protections in everyday gadgets. China So-called Anti-Terrorism Law Despite months of objections from major technology firms and concerns over human rights… China passed its controversial new anti-terrorism law on Sunday that requires tech companies to help decrypt information or hand over encryption keys to officials when they want to spy on someone's communication in order to counter terror operations. However, the officials swear that the law wouldn't require technology firms to install " backdoors " in their products, but it doesn't make any difference when the government mandate companies operating in China to provide encryption keys and passwords when requested. Just like recent propo
Cybersecurity Resources