Internet Security | Breaking Cybersecurity News | The Hacker News

PRIVACY  – a bit of an Internet buzzword nowadays. Why? Because the business model of the Internet has now become data collection. If you trust Google, Facebook or other Internet giants to be responsible managers of your data, the ongoing Edward Snowden revelations are making it all clear that this type of information can be easily snooped by the intelligence agencies like NSA and GCHQ. In short, the simple truth is that you have no or very little privacy when you are online. So, if you are worried about identity thieves, or your ISP spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to use a Virtual Private Network (VPN) service. Though you can take other measures to increase security on your end, like installing a firewall as well as blocking known intrusive IP addresses that might be spying on you — But VPN takes your security to the next level by encrypting all inbound and outbound data. VPN (Virtual Priv

It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers. While announcing on its official blog , the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers. The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF). What are the Problems? SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST , out of them the most recent one was POODLE ( Padding Oracle On Downgraded Legacy Encryption ) attacks, which lead to the recovery of plaintext communication

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Facebook founder Mark Zuckerberg has a dream to make Internet access available to everyone across the world - Zuckerberg argues Internet should be a service as essential as of 911 in the case of an emergency. In a blog post published Monday in The Wall Street Journal , founder of the social networking giant highlighted the future of universal Internet access, along with the steps he thinks to achieve it. Today 2.7 billion people, just over one-third of the world's population, have access to the Internet, Zuck said, and the adoption has been growing at a very lower rate, by less than 9% each year. The rest of the world's 5 billion people who do not have access to Internet are lacking access due to issues such as high costs or improper infrastructure. One may think that Zuckerberg's vision sounds like a self-interested push to gain more users for its social networking service, Facebook. But its true that the world is currently facing a growing technological divide,

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun

Spam is arguably the most irritating aspect of the internet and email for people globally. However, there is hope in Canada for those who have been targeted by spammers. A new law, Bill C-28, aims to facilitate government efforts in prosecuting and fining individuals and companies guilty of sending spam. This law allows the government to impose fines of up to $1 million on individuals and up to $10 million on companies. Company directors and owners can also be held personally responsible if they are aware their networks are sending spam. Additionally, the law criminalizes the use of aliases or false information in emails, making it easier for victims to prosecute offenders. However, nearly 70 percent of the world's spam is distributed by botnets, meaning the senders are often as much victims as the receivers. Therefore, these laws might not significantly reduce the volume of spam sent and received. The new legislation closes a loophole in Canadian law, as Canada was previously

A federal indictment unsealed earlier today alleges that a 35-year-old Texas man hacked into the computer network of an Eden Prairie business, stealing approximately $274,000. The indictment, filed in Minneapolis on October 13, 2010, charges Jeremy Parker of Houston, Texas, with one count of unauthorized access to a protected computer to further fraud and one count of wire fraud. It was unsealed following Parker's initial appearance in United States District Court. The indictment claims that from December 23, 2008, through October 15, 2009, Parker hacked into the computer network to obtain money belonging to Digital River, Inc., through a subsidiary, SWReg, Inc. SWReg pays independent software developers who write code that can run on Digital River's system. Royalties owed to these developers accumulate at SWReg, allowing developers to view their royalty balances online and cash out those accounts. When a developer cashes out, SWReg electronically transfers the money into the

A pro-WikiLeaks hacker has stated that an Internet insurgent group will continue targeting companies that oppose the whistleblowing website.For the first time, the cyber-insurgent "Bass" from the group Anonymous spoke on camera, revealing details about their operations and their expanding membership. "Our pool of targets is actually very limited," the masked spokesman told Sky News. "We are going after the agencies that were directly involved in the censorship of WikiLeaks. "They include PayPal, which cut off services and withheld funds, Visa and MasterCard for similar actions, and Amazon for terminating their service support. "We don't attack the media, even those critical of us. We don't target any news outlets," he emphasized. "Facebook, Twitter, and other social networks, despite some actions against us, are not our targets." In their last attack, the group mobilized 9,000 volunteers as part of a "hive-mind" e

A lot of people are gawking at Gawker Media this morning, though not for reasons that will bring much cheer to its founder, Nick Denton. Gawker, the parent company of popular blogs like Gizmodo, Lifehacker, Jezebel, and ValleyWag, has suffered a significant breach. A hacker group known as Gnosis has taken over the site. Gnosis accessed Gawker's source code and posted it on torrent sites. They also hacked into Gawker's content management system, posting a fake story on the home page linking to the source code torrents. Additionally, the group infiltrated the site's database, gaining access to the email addresses and passwords of Gawker's staff and over 1 million registered readers. These details have also been released on torrent sites, available for free download. Why is Gnosis targeting Gawker? They believe Gawker was picking on 4chan, a group known for creating the vigilante group Anonymous and various internet memes like lolcats and Rickrolling. Gnosis hacked Gawke

Microsoft has detailed new security features for Internet Explorer 9 (IE9) that will help users prevent sites from tracking their activity across browsing sessions. The new feature, set to launch with the first release candidate of IE9 early next year, uses a list to control which third-party elements can be blocked from tracking. These elements include advertisements and embedded widgets from specific providers. Dean Hachamovitch, head of Internet Explorer development, explained how this feature works on Microsoft's IE blog: "A Tracking Protection List (TPL) contains Web addresses (like msdn.com) that the browser will visit (or 'call') only if the user visits them directly by clicking on a link or typing their address. By limiting the calls to these websites and resources from other web pages, the TPL limits the information these other sites can collect. You can look at this as a translation of the 'Do Not Call' list from the telephone to the browser and we

The increasing threats of cyberwar are keeping U.S. officials busy alongside ongoing wars on terror and drugs. Recent incidents highlight the rising cyberwarfare concerns: Google reported espionage attacks originating from China, mysterious Internet traffic activities related to China, the Stuxnet worm targeting Iranian nuclear centrifuges, an attack on the WikiLeaks site following the release of classified U.S. documents, and the significant Internet attack on Estonia a few years ago. To address these cyber threats, the U.S. has adopted military strategies for cybersecurity, establishing Cyber Command and placing national cybersecurity under the Department of Defense. However, relying solely on offensive strategies is not the best defense. Gary McGraw, CTO at Cigital and author, argues that more secure software, rather than cyber warriors, is essential to protect networks and online data. In his article, "Cyber Warmongering and Influence Peddling," McGraw emphasizes the nee

In a major embarrassment, the website of India's premier investigating agency, the Central Bureau of Investigation (CBI), was hacked tonight by a group identifying themselves as the "Pakistani Cyber Army." The CBI homepage displayed a message from the Pakistani Cyber Army, warning the Indian Cyber Army not to attack their websites. The hackers have exposed a significant vulnerability in India's cybersecurity by infiltrating one of the most secure websites. The CBI is linked to the command center of the world police organization, Interpol, 24/7. The hackers' message also criticized the National Informatics Centre (NIC), responsible for managing computer servers across India, and their filtering controls. Intelligence agencies have repeatedly warned the government that proper cybersecurity measures are lacking in government offices, and that no security audits are being conducted. The Pakistani Cyber Army further threatened to conduct "mass defacement"

You can get a ZeuS infection through a drive-by download from a malicious website or a hacked legitimate site. Clicking a link in an innocent-looking email can also open your system to attack. This past week, there was a surge of fake LinkedIn connection requests linked to ZeuS. While savvy users avoid clicking links from strangers, even links from friends can be dangerous, as a virus might have infected their system. But being cautious isn't enough. You might think a Trojan or virus attack affects only your computer, but this is far from the truth. The threat known as ZeuS or ZBot is a tool used by an international cybercrime ring with a single goal: to steal your money. While several criminals were charged recently, many remain free, and the malicious code continues to spread. To protect against all potential infection sources, you must install a security suite on any internet-connected computer. Because cybercriminals frequently release new ZeuS variants, you need a suite with

WikiLeaks faced another distributed denial of service (DDoS) attack on Tuesday morning, as reported by Fast Company. This attack was more intense than the one on Sunday, but it still didn't come close to shutting down the site. A computer hacker known as "The Jester" shocked officials by claiming responsibility for the cyber attack that disabled the WikiLeaks website on Sunday morning. This incident occurred just before WikiLeaks released hundreds of thousands of classified U.S. embassy cables to the public. The Jester, an ex-soldier, justified his hacking by accusing the website of "attempting to endanger the lives of our troops, 'other assets,' and foreign relations." The self-proclaimed "hacktivist for good" turned to the web to combat terrorism and organizations that seem to support Islamic extremism after his military service. Cybersecurity expert Mikko Hypponen of F-Secure told CNN he believed The Jester was indeed behind the attack. WikiLeaks

Over the past three days, the European Union, the U.S., and NATO have approved new plans to combat cybercrime. On Monday, the European Commission announced its proposals to develop three systems aimed at enhancing cybersecurity for citizens and businesses. First, the E.U. plans to establish a cybercrime center by 2013 to coordinate cooperation between member states, E.U. institutions, and international partners. Second, a European information sharing and alert system, also set for 2013, will facilitate communication between rapid-response teams and law enforcement authorities. Third, the Commission aims to create a network of Computer Emergency Response Teams (CERTs) by 2012, with a CERT in every E.U. country. Home Affairs Commissioner Cecilia Malmström assured that these systems would not lead to the creation of another citizens' information database. She emphasized that the goal is to manage the flow of information to prevent cyber-attacks, not to store data. Meanwhile, follo

Attackers are targeting people searching for last-minute Halloween costume ideas, reported CyberDefender on Oct. 29. The Internet security vendor, along with other firms like Blue Coat and BitDefender, warned users about the dangers of searching online for Halloween-related topics. "Popular search terms have always been a target for cyber-criminals," said Achal Khetarpal, director of CyberDefender Research Labs. CyberDefender identified a fake anti-virus Trojan downloader infecting pages related to Halloween costume searches. When users visit these pages, the fake anti-virus installer hijacks the user's web browser and initiates a malicious process, making the PC sluggish and exposing personal data. One form of this attack, identified by Panda Labs, displays a fake video player page and prompts users to download a codec to play the video. "Popular search terms reflect current user interests, making them lucrative targets," Khetarpal explained. Criminals create p