HTTPS | Breaking Cybersecurity News | The Hacker News

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden . We have learned that the NSA is collecting millions of Americans' phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, including Email, Facebook posts, and instant messages. The NSA is allowed to record the conversations of non-Americans without a specific warrant for each person monitored, if at least one end of the conversation is outside of the U.S. It is also allowed to record the communications of Americans if they are outside the U.S. and the NSA first gets a warrant for each case. Because Facebook is using outdated Web encryption, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communications using 

Skype … once upon a time a VOIP application considered very secure and wiretap-proof, it was the common belief that no one could intercept such communications due a complex mechanism for the management of audio / video and text streams. One day, Microsoft decided to buy the product, according to many to catch a significant portion of users fond of Skype, but according many experts the company of Redmond wasn't interested only to acquire new market share. The architecture of the popular VOIP infrastructure was improved according Microsoft, in reality it is common thought that it was implemented the possibility to intercept every conversation, as requested by US government to major service providers. The claim is that Law enforcement and intelligence agencies are today able to access the communications exchanged by Skype users and Microsoft has still not been adequately answered to various question on the matter. The German associates to H security magazine at heise Security have be

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications. Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store. Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week. An attacker only needs to be on the same network as the person who is using the App Store. From there, they can intercept the communications between the device and the App Store and insert their own commands. The malicious user could take advantage of the unsecure connection to carry out a number of different attacks i.e steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intende