NSA | Breaking Cybersecurity News | The Hacker News

We All now know about the existence of the extensive metadata collection program by U.S National Security Agency ( NSA ), which creates an intimate repository of our lives -- whom we love, whom we're friends with, where we work, whom we call, when we you, how long we talk over the calls, and how often calls between the two parties are made and even the your interactions on social networking sites. Although U.S Government always argues that Metadata doesn't record the actual content ( of your call ) and it is used for NSA's automated analysis, but should we be worried? You are unique in the world and therefore your metadata too. So anyone with knowledge of the subject knows that analyzing terabytes of metadata can easily reveal far more details about a person's life than ever before. Worldwide debate on mass surveillance still was not finished yet, but today is a new alarming report revealed that US government murdering people around the world based solely on the

The US Intelligence Agency, NSA has been reportedly intercepting and accessing routers, servers, and other computer networking hardware to plant data gathering " backdoors " and other spywares before they are exported and delivered to the international customers, reported by the Guardian. Yesterday in a published excerpt of his forthcoming book, " No Place to Hide ", Journalist Glenn Greenwald underlines the interest of National Security Agency in planting backdoors in U.S. suppliers' routers and other networking devices in order to carry out its massive surveillance program. " A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit ," Greenwald said. " The NSA routinely receives — or intercepts — routers, servers and other computer network devices being exported from the US before they are delivered. " While US government is always prohibiting the purchase of Huawei products due to suspected

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Despite the contrary regarding NSA's DROPOUTJEEP program, Apple had always denied working with the NSA in the creation of any backdoors used to spy on its users and also claimed that the NSA doesn't have backdoor access to its data. But, Apple could legally share your phone data with the law enforcement agencies if asked for. Being a secretive company, Apple is very clear at its point of sharing its users' data with the government when U.S. law enforcement agencies request data relating to the company's users. With the release of a set of new guidelines late Wednesday regarding requests for customer data from the U.S. law enforcement agencies, Apple specifies what information can and cannot be lifted from its users devices upon the receipt of disclosure requests, search warrants, or legal orders. " These guidelines are provided for use by law enforcement or other government entities in the U.S. when seeking information from Apple Inc. about users of Apple

The US Justice Department (DOJ) is seeking a transition in the criminal rules that would make the authorities to have more leeway to secretly hack into the suspected criminals' computer during criminal investigations at any times in bunches. The proposed [ PDF ] change in the rules would make FBI to easily obtain warrants to secretly access suspects' computers for the evidence when the physical location of the computer is not known to them. The problem FBI and government agents increasingly face as more and more crime carried out is online, and with the help of online tools, it is easy to conceal identity of the criminal. " This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority ," Justice Department spokesman Peter Carr told Bloomberg . " The proposal makes explicit that it does not change the traditional rules governing probable cause and notice. " This new U.S. proposal

Edward Snowden 's leaks last year questioned the integrity of several big and reputed companies such as Apple, Google and Microsoft that were found in relation with the NSA in its surveillance programs.  Thereafter they maintained distance with the Agency and claimed to be unaware of such government spying activities. Now, email exchanges between Google executives Sergey Brin and Eric Schmidt and former NSA director Gen. Keith Alexander , obtained through the Freedom of Information Act that in real do not reveal anything ridiculously outrageous but suggest that the tech companies behind the services you use are very closely in relationship with the NSA and have worked with them over the years. The series of emails obtained by Al Jazeera clearly indicate that the relationship between Google and the National Security Agency (NSA) was far cozier than anyone thought. This revelation questions not only the reputation of the largest Internet giant, but also the privac

There is no question that Mobile devices have become a staple in everyday living around the world. But have you ever asked yourself, How Secure are the Android, iPhone or any other Smart devices? It is really important for us to think about the Security and Privacy of our Data stored in Smartphones. In June 2010, Apple introduced ' Data protection ' feature in iOS 4.0 devices that offer hardware encryption for  all the data stored on the devices. " Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments , and third-party applications ." Apple claimed  in an old announcement. But unexpectedly, In last few updates Apple has silently removed the email attachment encryption from  data protection mechanisms. Noticed by Security Researcher -  Andreas Kurtz , claims that  since at least version 7.0.4 and including the current

The National Institute of Standards and Technology (NIST) has announced to abandon the controversial  Dual Elliptic Curve Deterministic  Random Bit Generator,  better known as  Dual_EC_DRBG in the wake of allegations that the National Security Agency. Back in December, Edward Snowden leaks revealed that RSA received $10 million bribe from NSA under a secret contract to implement their flawed cryptographic algorithm Dual_EC_DRBG in its bSafe Security tool as the default protocol in its products for keeping Encryption Weak . In response to the accusations on NSA and RSA, and despite RSA denied all the accusations. without wasting time NIST issued an announcement recommending against using Dual_EC_DRBG and abandon the cryptographic algorithm from its revised guidance provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators ( NIST Special Publication 800-90A, Rev.1 ). But it didn't remove it from its random number generator

At the beginning of this year, we reported about the secret backdoor 'TCP 32764' discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken , who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file 'scfgmgr' which contains the backdoor is still present there with a new option " -l ", that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse en

Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug. Tor is one of the best and freely available privacy software, runs on the network of donated servers that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An Exit relay is the final relay that Tor encrypted traffic passes through before it reaches its destination. But some of these Tor exit nodes are running on the servers with the affected version of OpenSSL installed which are vulnerable to the critical Heartbleed Flaw. This means an attacker can grab the hidden information from the Tor network which is actually restricte

If you are using WhatsApp to chit-chat with your friends or relatives, then you should be careful about sharing your location with them using WhatsApp 'Location Share' feature. No doubt, WhatsApp communication between your phone and company's server is now encrypted with SSL, which means whatever you are sharing with your friends, is secured from the man-in-the-middle attacks . But the extremely popular instant messaging service for Smartphones that delivers more than 1 billion messages per day has another serious security issue. According to Researchers at UNH Cyber Forensics Research & Education Group , WhatsApp location sharing service could expose your location to hackers or Spy Agencies. While sharing the location on WhatsApp users need to first locate themselves on Google Map within the app window, as shown:  Once selected, WhatsApp fetches the location and thumbnail (an image) from the Google Map service to share it as the message icon, but unfortunately Wh

Is TrueCrypt Audited Yet? Yes, In Part!  One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the audit and given a relatively clean bill of health. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition.  The program is also capable to do some amazing things, such as can create a hidden operating system on a computer, essentially an OS within an OS where users can keep their most secret files. EVERYONE HAS SOMETHING TO HIDE TrueCrypt developers are anonymous and used the aliases " ennead " and " syncon ", perhaps to avoid unwelcome attention from their own governments. But when we talk about Privacy an

On Saturday, the Senior Administration Officials cast light on the subject of Internet Security and said President Obama has clearly decided that whenever the U.S. Intelligence agency like NSA discovers major vulnerabilities, in most of the situations the agency should reveal them rather than exploiting for national purpose, according to The New York Times . OBAMA's POLICY WITH LOOPHOLE FOR NSA Yet, there is an exception to the above statement, as Mr. President carved a detailed exception to the policy " Unless there is a clear national security or law enforcement need, " which means that the policy creates a loophole for the spying agencies like NSA to sustain their surveillance programs by exploiting security vulnerabilities to create Cyber Weapons. After three-month review of recommendations [ PDF-file ], the Final Report of the Review Group on Intelligence and Communications Technologies was submitted to Mr. Obama on last December, out of which one of the recommendation on pa

Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40

The Bloomberg claimed that the U.S. National Security Agency (NSA) knew about the most critical Heartbleed flaw and has been using it on a regular basis to gather " critical intelligence " and sensitive information for at least past two years and decided to keep the bug secret, citing two sources ' familiar with the matter '. In response to the above report, NSA has issued a ' 94 character' statement today denying the claims that it has known about the Heartbleed bug since two years and that it has been using it silently for the purpose of surveillance. " NSA was not aware of the recently identified Heartbleed vulnerability until it was made public ," the U.S. intelligence agency said on its Twitter feed . Heartbleed is one of the biggest Internet vulnerabilities in recent history that left large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Int

We have already read so many articles on Heartbleed, one of the biggest iNternet threat that recently came across by a team of security engineers at Codenomicon , while improving the SafeGuard feature in Codenomicon's Defensics security testing tools.  The story has taken every media attention across the World, as the bug opened doors for the cyber criminals to extract sensitive data from the server's memory and almost every major site have been affected by it. UNINTENTIONAL  BIRTH OF HEARTBLEED More than two years ago, German programmer Robin Seggelmann introduced a new feature called " Heartbeat " in the most secured open source encryption protocol, OpenSSL , which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data. But introducing heartbeat feature cost him dearly, as here the most critical bug resides. Dr. Seggelmann allegedly was just trying to improve OpenSSL and wo

When we talk about security, only one thing cames to our mind – ENCRYPTION . Encryption of our online messages, encryption of our emails, encryption of our voice call, encryption of our every personal data and communication that we have to keep away from cybercriminals and, if I am not wrong, also from government intelligence agencies, such as NSA and GCHQ. Eventually, secure encryption is mandatory need of our modern Internet, Mobile communication, financial transactions, network sensors, car keys, and many more. But, government agencies like NSA are trying hard to break every effort that we adopt to secure our personal and confidential data.  NSA is trying to develop a futuristic super computer called ' Quantum computer ' that could be capable of breaking almost every kind of Encryption used to protect banks, medical, business including top-secret information held by government around the world. NEARLY UNBREAKABLE ENCRYPTION So, need for new encryption schem

Have you noticed a blue color " Free Voice Call " icon that appears next to your Facebook contacts in the iOS and Android Facebook Messenger app? Yes, Facebook has updated their Messenger app that includes the ability to make free voice calls to your online pals and now Facebook users can simply tap the phone icon to call their friends. FACEBOOK DITCH WHATSAPP OVER CALLING FEATURE WhatsApp was reportedly developing voice call feature since last year and when it was acquired by Facebook for $19 billion in February, users estimated that Facebook will add Internet calling feature to Whatsapp soon, rather than to its own Facebook Messenger. However, the WhatsApp VoIP calling is still to come and is expected to launch the update with the feature in the coming weeks, but sadly before that Facebook may leave other popular free calling apps, such as Viber, Line, Google's Hangout, Skype behind. USERS' PRIVACY AT RISK, AS NO ENCRYPTION As expected, Faceboo

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automatically encrypts the connections between users and its email service. November last year, Yahoo revealed plans to encrypt all information that moves between its data centers and finally from 31st March Yahoo has taken another leap in user-data protection through the deployment of new encryption technologies. NSA TARGET LIST -  GMAIL, YAHOO, ... many more. Last year, It was revealed by  Edward Snowden  that under MUSCULAR program , the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers. After finding themselves in the NSA's target list, Yahoo! and Google forced to think hard about the security and privacy of its users. Google had replied back