#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

FBI | Breaking Cybersecurity News | The Hacker News

Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History

Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History
Mar 16, 2017
In the digital world, it just takes one click to get the keys to the kingdom. Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history? It's true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let the hackers gain a foothold in the company's internal networks. You may be familiar with phishing attacks — an attempt to steal user credentials or financial data — while, Spear-phishing is a targeted form of phishing in which attackers trick employees or vendors into providing remote-access credentials or opening a malicious attachment containing an exploit or payload. Here's how the Yahoo's massive data breach was traced back to human error and who were the alleged masterminds behind this hack. On Wednesday, the US government charged two Russian spies (Dmitry Dokuchaev and Igor Sushchin) and two criminal hackers (Alexsey Belan and Karim Baratov) in connection with the 20

Update — Hacker Claims to Have Hacked the FBI, But It Wasn't

Update — Hacker Claims to Have Hacked the FBI, But It Wasn't
Jan 05, 2017
Update: A hacker yesterday claimed to have hacked the FBI's website running on Plone CMS, but it seems it wasn't hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story (see below) with official statements. A hacker, using Twitter handle CyberZeist , has claimed to have hacked the FBI's website (fbi.gov) and leaked personal account information of several FBI agents publically. CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website's code before making the data public. The hacker exploited a zero-day vulnerability in the Plone CMS , an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin , including their names, passwords, and email accounts. CyberZeist tweeted multiple screenshots as proof of his claims, showing his unauthorized access to server and database files usi

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Anonymous Hacktivist 'Barrett Brown' Released From Prison

Anonymous Hacktivist 'Barrett Brown' Released From Prison
Nov 30, 2016
Barrett Brown , a journalist, formerly served as an unofficial spokesman for the hacktivist collective Anonymous, finally walked free from prison on Tuesday morning after serving more than four years behind bars. The Dallas-born investigative journalist was arrested in 2012 from his home while he was in the middle of an online chat after posting tweets and YouTube video threatening revenge against an FBI agent. Brown, 35, initially attracted the law enforcement attention in 2011 when he shared a hyperlink to an IRC (Internet Relay Chat) channel where Anonymous members were distributing stolen information from the hack at security think tank Strategic Forecasting or Stratfor. The hack allegedly exposed 200 gigabytes of data, which included email addresses and credit card information from Stratfor clients, including the US Army, US Air Force, and Miami Police Department. Originally facing sentence to more than 100 years in prison, Brown was convicted in January 2015 under

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Breaking — Russian Hacker Responsible for LinkedIn Data Breach Arrested by FBI

Breaking — Russian Hacker Responsible for LinkedIn Data Breach Arrested by FBI
Oct 19, 2016
The alleged Russian hacker arrested by the FBI in collaboration with the Czech police is none other than the hacker who was allegedly responsible for massive 2012 data breach at LinkedIn , which affected nearly 117 Million user accounts. Yevgeniy N , 29-year-old Russian hacker was arrested in Prague on October 5 suspected of participating in conducting cyber-attacks against the United States, according to Reuters . Earlier it was suspected that the hacker could be involved in hacking against the  Democratic National Committee  (DNC), or its presidential candidate Hillary Clinton , intended to influence the presidential election. However, the latest statement released by LinkedIn suggests that the arrest was related to a 2012 data breach at the social network that exposed emails and hashed password of nearly 117 Million users. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this

Russian Hacker who was wanted by FBI arrested in Prague

Russian Hacker who was wanted by FBI arrested in Prague
Oct 19, 2016
UPDATE — It Turns out that the Russian Hacker arrested by the FBI is responsible for 2012 LinkedIn Data Breach. ( Read latest update here ) Czech police, in cooperation with the FBI, has arrested a Russian citizen in Prague suspected of participating in conducting cyber-attacks against the United States. Czech police announced the arrest on its official website Tuesday evening, without giving any further details about the man and for what he is wanted for. Yevgeniy N , 29-year-old, alleged Russian Hacker, was arrested after Interpol issued a warrant. Police detained the individual at a hotel in the city's center 12 hours after receiving the order. Officials say he was living in the country with his girlfriend and enjoying a lavish lifestyle, driving expensive cars. Neither the Czech police nor the FBI has issued any details on the charges that led to the arrest of the suspect. "Czech police carried out a successful joint operation with the US Federal Bureau of

FBI is Investigating Theft of $1.3 Million in Bitcoin from a Massachusetts Man

FBI is Investigating Theft of $1.3 Million in Bitcoin from a Massachusetts Man
Oct 15, 2016
Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports . The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August's Bitfinex breach, he was left with $2.1 Million in his account. Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the l

Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100

Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100
Sep 16, 2016
Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist? Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone. However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100. Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million . Cheap Method to Unlock iPhone 5C Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C. Dubbed NAND Mirroring , the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. "It does not work," FBI Director James Comey said back in March,

FBI 'Double Agent' Pleads Guilty to Selling 'Classified Information' to China

FBI 'Double Agent' Pleads Guilty to Selling 'Classified Information' to China
Aug 02, 2016
An FBI electronics technician has pleaded guilty to acting as a Chinese secret agent and passing along sensitive information about the Feds to a Chinese government official. Kun Shan "Joey" Chun , 46, admitted in federal court in Manhattan on Monday that he violated his security clearance on several occasions between 2011 and 2016 in an effort to pass on secret information to China in exchange for money. Chun is a 19-year FBI veteran from Brooklyn who was born in China but was employed by the FBI in 1997. His duties with the FBI included " accessing sensitive and, in some instance, classified information ." The g-man, as a double agent, sent confidential government information – including the identity and travel plans of an FBI special agent, the internal structure of the FBI and spying technology used by the Bureau – to a Chinese official. Chun, who was initially arrested in March, got a top secret security clearance in 1998, at the time he did not reveal h

Corrupt Federal Agent charged in Silk Road theft accused of stealing another $700,000

Corrupt Federal Agent charged in Silk Road theft accused of stealing another $700,000
Jul 04, 2016
A former United States undercover agent who stole hundreds of thousands of dollars worth of Bitcoins during an investigation into the underground drug marketplace Silk Road is now suspected of stealing even more of the cryptocurrency from two other cases. Shaun Bridges is one of two former US agents who pleaded guilty last year and was sentenced in December to almost six years in prison for stealing over $800,000 in Bitcoin while investigating the Darknet marketplace. Bridges and his partner stole money from Silk Road accounts and framed someone else for it, which lead the Silk Road chief Ross Ulbricht to plan a murder. Ulbricht is now serving life in prison sentence . Ulbricht was convicted in February 2015 of running the underground black market . According to court filings unsealed on Thursday, Bridges is believed to have stolen additional funds from a Secret Service account on two different occasions months after he was initially charged. Bridges and 46-year-old fo

STOP Rule 41 — FBI should not get Legal Power to Hack Computers Worldwide

STOP Rule 41 — FBI should not get Legal Power to Hack Computers Worldwide
Jun 23, 2016
We have been hearing a lot about Rule 41 after the US Department of Justice has pushed an update to the rule. The change to the Rule 41 of the Federal Rules of Criminal Procedure grants the FBI much greater powers to hack legally into any computer across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any US judge. However, both civil liberties groups and tech companies have blasted the proposed change, saying it is an affront to the Fourth Amendment and would allow the cops and Feds in America to hack remotely into people's computers and phones around the world. Google, Electronic Frontier Foundation (EFF), Demand Progress, FightForTheFuture, TOR (The Onion Router), Private Internet Access and other VPN providers have joined their hands to block changes to Rule 41. " The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack," the

Apple hires Encryption Expert to Beef Up Security on its Devices

Apple hires Encryption Expert to Beef Up Security on its Devices
May 25, 2016
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas , who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone. This is not Apple's first effort over its iPhone security . Just a few months back, the company hired Frederic Jacobs , one of the key developers of Signal — World's most secure, open source and encrypted messaging app . Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011. During his second joining, Callas designed a ful

Core Tor Developer who accuses FBI of Harassment moves to Germany

Core Tor Developer who accuses FBI of Harassment moves to Germany
May 18, 2016
One of TOR's primary software developers, Isis Agora Lovecruft , has fled to Germany, following the threat of a federal subpoena. Lovecruft is a well-known cryptographer and lead software developer for Tor project from many years. She has worked for a variety of other security and encryption products, such as Open Whisper Systems and the LEAP Encryption Access Project. Since November 2015, the FBI special agents in the United States have been trying to meet with her, but they will not tell her or her lawyer exactly why. When her lawyer reached out the FBI Special Agent Mark Burnett and asked why he wanted to meet with her, the agent assured the lawyer that she is not the target of any investigation, but also said that… Also Read:   Mozilla asks Court to disclose Firefox Exploit used by FBI to hack Tor users . The FBI have their agents on the streets in 5 cities in the United States hunting for her, intending to simply ask her some questions without her lawyer's pre

Mozilla asks Court to disclose Firefox Exploit used by FBI to hack Tor users

Mozilla asks Court to disclose Firefox Exploit used by FBI to hack Tor users
May 13, 2016
Mozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiting child sex websites. Now, Mozilla is requesting the government to ask the FBI about the details of the hack so that it can ensure the security of its Firefox browser. TOR is an anonymity software that provides a safe haven to human rights activists, government, journalists but also is a place where drugs, child pornography, assassins for hire and other illegal activities has allegedly been traded. TOR Browser Bundle is basically an Internet browser based on Mozilla Firefox configured to protect the user's anonymity via Tor and Vidalia. In 2015, the FBI seized computer servers running the world's largest dark web child pornography site 'Playpen' from a web host in Lenoir, No

U.S. Supreme Court allows the FBI to Hack any Computer in the World

U.S. Supreme Court allows the FBI to Hack any Computer in the World
Apr 29, 2016
In Brief The US Supreme Court has approved amendments to Rule 41, which now gives judges the authority to issue search warrants, not only for computers located in their jurisdiction but also outside their jurisdiction. Under the original Rule 41, let's say, a New York judge can only authorize the FBI to hack into a suspect's computer in New York. But the amended rule would now make it easier for the FBI to hack into any computer or network, literally anywhere in the world. The Federal Bureau of Investigation (FBI) can now Hack your computers anywhere, anytime. The FBI appeared to have been granted powers to hack any computer legally across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any United States judge. The U.S. Supreme Court approved yesterday a change in Rule 41 of the Federal Rules of Criminal Procedure that would let U.S. judges issue warrants for remote access to electronic devices outside their jurisdict

Former Tor Developer Created Malware for FBI to Unmask Tor Users

Former Tor Developer Created Malware for FBI to Unmask Tor Users
Apr 28, 2016
In Brief According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road. Do you know who created malware for the FBI that allowed Feds to unmask Tor users? It's an insider's job… A former Tor Project developer. In an investigation conducted by Daily Dot journalists, it turns out that  Matthew J. Edman , a former part-time employee of Tor Project, created malware for the Federal Bureau of Investigation (FBI) that has been used by US law enforcement and intelligence agencies in several investigations, including Operation Torpedo . Matthew Edman is a computer scientist who specializes in cyber security and investigations and  joined the Tor Project in 2008 to build and enhance Tor software's interactions with Vidalia software, cross-platform

For the First time, FBI discloses a Flaw to Apple, but it's already Patched!

For the First time, FBI discloses a Flaw to Apple, but it's already Patched!
Apr 27, 2016
In Brief The Federal Bureau of Investigation (FBI) made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process (VEP), a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public. Unfortunately, the vulnerability reported by the federal agency only affected older versions of Apple's iOS and OS X operating system and was patched nine months ago, with the release of iOS 9 for iPhones and Mac OS X El Capitan, according to Apple. The FBI informed Apple of a vulnerability in its iPhone and Mac software on April 14, but it's not the one used to unlock an iPhone of one of the San Bernardino shooters, Reuters  reported . But, Why didn't the FBI disclose the hack used to get data off the San Bernardino iPhone ? Well, the answer came from the FBI is not much complicated. According to the FBI Director James Comey, the FBI is still assessing whether the hack used to unlock Farook's i

FBI paid Hacker $1.3 Million to Unlock San Bernardino Shooter's iPhone

FBI paid Hacker $1.3 Million to Unlock San Bernardino Shooter's iPhone
Apr 22, 2016
In Brief Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter's iPhone? FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it. Apple's  legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau's announcement last month that it bought a hacking tool to break into the locked iPhone 5C belonging to the alleged San Bernardino shooter Syed Farook. At the time, the FBI did not disclose the name of the third party neither it revealed the cost of the hacking tool. But yesterday while speaking at the Aspen Security Forum in London, FBI Director James Comey gave a hint on the price it gave to the unnamed "outside party" for the hacking solution after Apple refused to help the agency bypass the iPhone's security mechanisms. The FBI Paid Over $1.3 MILLION f

Microsoft Sues US Govt Over Unconstitutional Secret Data Requests

Microsoft Sues US Govt Over Unconstitutional Secret Data Requests
Apr 14, 2016
Microsoft is suing the Department of Justice (DoJ) to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act (ECPA) allows the government to issue gag orders saying that the people or companies involved in a legal case cannot talk about the case or anything related to it in public. So, the government is continuously forcing tech companies to hand over their customers' emails or personal records stored in the cloud servers without their clients' knowledge. Microsoft has filed a lawsuit [ PDF ] against the DoJ, arguing that it is " unconstitutional " and violates constitutional protection of free speech to force the tech companies for not informing their customers when their stored data has been shared with authorities. "We believe these actions violate two of the fundamental rights that have been part of this countr

Forensic Firm that Unlocked Terrorist's iPhone 5C is Close to Crack iPhone 6

Forensic Firm that Unlocked Terrorist's iPhone 5C is Close to Crack iPhone 6
Apr 11, 2016
The FBI didn't disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case. For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order that was forcing the company to write software, which could disable passcode protection on terrorist's iPhone, helping them access data on it. However, Apple refused to comply with the court order, so the FBI hired an unknown third-party firm, most likely Cellebrite, who managed to successfully hack the locked iPhone 5C used by the terrorist in the San Bernardino shooting incident last year. The new method helped the Federal Bureau of Investigation (FBI) to hack iPhone 5C, but that wasn't the FBI's victory as the method didn't work on iPhone 5S and later iPhone

FBI claims its iPhone Hacking Tool can't Unlock iPhone 5S, 6S and 6S Plus

FBI claims its iPhone Hacking Tool can't Unlock iPhone 5S, 6S and 6S Plus
Apr 07, 2016
Although everyone, including Apple, was worried about the iPhone hacking tool used by the Federal Bureau of Investigation (FBI) to access data on iPhone belonged to the San Bernardino shooter, the FBI director said the hack does not work on an iPhone 5S or later. FBI Director James Comey said Wednesday that the agency was able to avoid a prolonged legal battle with Apple by buying a tool from a private source to hack into terrorist Syed Farook's iPhone 5C. Apple was engaged in a legal battle with the Department of Justice (DOJ) for a month over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone to help them access data on it. Apple refused to comply with the order, so the FBI worked with a third-party firm, most likely the Israeli mobile forensic firm Cellebrite, and was successfully able to access data on the locked iPhone used in the San Bernardino shooting incident last year. But speaking to the
Cybersecurity Resources