cryptography | Breaking Cybersecurity News | The Hacker News

Credit card frauds are very common these days – today a data breach occurs in retailer's shop, online shopping site or banking site and at the next moment millions of cards appears in the underground black market – how simple is that for cyber criminals nowadays. But imagine if there is no possible way to hack credit cards and ID cards. Seems like next to impossible, but quantum cryptography ensures that stealing people's personal data will soon be very difficult for hackers and cyber thieves due to an extra layer of verification. SECURE FRAUD-PROOF CREDIT CARDS The research at the University of Twente in Enschede, Netherlands has suggested that " fraud-proof " credit cards are possible to develop using Quantum Physics that will protect users' financial and personal information from hackers. Security researchers describe this extra layer of verification as Quantum-Secure Authentication (QSA) of a " classical multiple-scattering key ." With the

British government surveillance agency GCHQ – counterpart of NSA – has fired-up another debate over the Internet by launching Android application to encourage teenagers to tackle emerging cybersecurity threats. The newly launched Android app , dubbed " Cryptoy ", was developed by STEM (science, technology, engineering and maths) students on an industrial year placement at GCHQ. The Cryptoy app was highly appreciated and liked by GCHQ at the Cheltenham Science Festival that they made it available to download today. The app is designed mainly to tempt youngsters between the ages of 14 and 16 into trying their hand in cryptography and code-breaking, but can be used by anyone interested in cryptography. According to GCHQ , Cryptoy app will help users to understand basic encryption methods, teach the codes of the past, and create their own encrypted messages. The app allows users to share these encoded messages by using four code-breaking techniques – Shift, Subs

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Do you use  TextSecure Private Messenger  for your private conversations? If yes, then Are you sure you are actually using a Secure messaging app? TextSecure , an Android app developed by Open WhisperSystems , is completely open-source and claims to support end-to-end encryption of text messages. The app is free and designed by keeping privacy in mind. However, while conducting the first audit of the software, security researchers from Ruhr University Bochum found that the most popular mobile messaging app is open to an Unknown Key-Share attack . After Edward Snowden revealed state surveillance programs conducted by the National Security Agency, and meanwhile when Facebook acquired WhatsApp , TextSecure came into limelight and became one of the best alternatives for users who want a secure communication. " Since Facebook bought WhatsApp , instant messaging apps with security guarantees became more and more popular ," the team wrote in the paper titled,

Researcher has discovered a new Timing attack that could unmask Google users under some special conditions. Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification. TIMING ATTACK USED TO DE-MASK TOR USER'S IDENTITY Now, using timing attack exploit technique, a cyber criminal could figure out when someone logged into any one of the shared addresses visits the their site, Cantino said. An attacker could even use this attack in spear phishing campaigns or even could unmask the identity of Tor users if they're logged in to Google while using the Tor browser . Timing attack can allow to unmask targeted Google users as they browse the web. Cantino said the attack is straightforwa

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research profes

Today, Microsoft has issued an emergency update for almost all versions of Windows and also for Microsoft devices running Windows Phone 8 and 8.1 to secure users from attacks that abuse the latest issued rogue SSL certificates, which could be used to impersonate Google and Yahoo! websites. A week after the search engine giant Google spotted and blocked unauthorized digital certificates for a number of its domains that could result in a potentially serious security and privacy threat, Microsoft has responded back to block the bogus certificates from being used on its software as well. " Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates, " said Dustin Childs, group manager of response communications. The fake digital certificates , issued by the National Informatics Centre (NIC) of India - a unit of India's Ministry of Communications and Infor

It's the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy. To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported . The encryption program is dubbed as miniLock , which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection. " The tagline is that this is file encryption that does more with less, " says Kobeissi, activist and security consultant. " It's super simple, approachable, and it's almost impossible to be confused using it. " Drag-and-drop interface here means, miniL

After the wide chain of scandals over US global snooping that seriously damaged the trust on the top U.S. Tech companies, Google and Yahoo! came forward and took initiative to provide more secure, encrypted and NSA-proofed service in an effort to gain their reputation again among its users. Now, Microsoft has also announced several improvements to the encryption used in its online cloud services in order to protect them from cyber criminals, bad actors and prying eyes. The company effort detailed in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security. MICROSOFT'S COMMITMENT Last December, Microsoft promised to protect its users data from government snooping by expanding encryption across its services, reinforcing legal protections for its customers' data and enhancing the transparency of its software code, making it easier for the customers to reassure themselves that its products contain no backdoors. Yesterday's announc

In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits. Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key and algorithm to a block of data at once as a group rather than to one bit at a time, so that identical blocks of text do not get encrypted the same way. However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a  small block cipher , what it calls "FNR" (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software. Sashank Dara , software engineer at the security technology group Cisco , says in a detailed explanation that FNR is a flexible length small domain block cipher for encrypting objects that works without the need for padding, as happens in the traditional

The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit , a Texas-based Encrypted Email Service. In response, a group of young developers at the European Organization for Nuclear Research (CERN) has launched a new email service which offers end-to-end encryption and securing communications that could put an end to government snooping and will keep away our personal data from prying eyes. PROTONMAIL - AN END-to-END ENCRYPTED EMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN. ProtonMail offers a user-friendly experience with full "end-to-end" encryption . It encrypts the data on the browser

The National Institute of Standards and Technology (NIST) has announced to abandon the controversial  Dual Elliptic Curve Deterministic  Random Bit Generator,  better known as  Dual_EC_DRBG in the wake of allegations that the National Security Agency. Back in December, Edward Snowden leaks revealed that RSA received $10 million bribe from NSA under a secret contract to implement their flawed cryptographic algorithm Dual_EC_DRBG in its bSafe Security tool as the default protocol in its products for keeping Encryption Weak . In response to the accusations on NSA and RSA, and despite RSA denied all the accusations. without wasting time NIST issued an announcement recommending against using Dual_EC_DRBG and abandon the cryptographic algorithm from its revised guidance provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators ( NIST Special Publication 800-90A, Rev.1 ). But it didn't remove it from its random number generator

Is TrueCrypt Audited Yet? Yes, In Part!  One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the audit and given a relatively clean bill of health. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition.  The program is also capable to do some amazing things, such as can create a hidden operating system on a computer, essentially an OS within an OS where users can keep their most secret files. EVERYONE HAS SOMETHING TO HIDE TrueCrypt developers are anonymous and used the aliases " ennead " and " syncon ", perhaps to avoid unwelcome attention from their own governments. But when we talk about Privacy an

Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40

The Bloomberg claimed that the U.S. National Security Agency (NSA) knew about the most critical Heartbleed flaw and has been using it on a regular basis to gather " critical intelligence " and sensitive information for at least past two years and decided to keep the bug secret, citing two sources ' familiar with the matter '. In response to the above report, NSA has issued a ' 94 character' statement today denying the claims that it has known about the Heartbleed bug since two years and that it has been using it silently for the purpose of surveillance. " NSA was not aware of the recently identified Heartbleed vulnerability until it was made public ," the U.S. intelligence agency said on its Twitter feed . Heartbleed is one of the biggest Internet vulnerabilities in recent history that left large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Int

Millions of websites, users' passwords, credit card numbers and other personal information may be at risk as a result of the Heartbleed security flaw , a vulnerability in widely used cryptographic library ' OpenSSL '. [ READ DETAILS HERE ] Netcraft survey says that about half a million widely trusted active websites on the internet are vulnerable to the heartbleed bug, which means the information transmitting through hundreds of thousands of websites could be vulnerable, despite the protection offered by encryption techniques. According to Netcraft, " the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities. These certificates are consequently vulnerable to being spoofed (through private key disclosure), allowing an attacker to impersonate the affected websites without raising any browser warnings. " Among the trusted names running OpenSSL is Yahoo!, which has been

Are you safe from the critical bug Heartbleed?? OpenSSL- the encryption technology used by millions of websites to encrypt the communication and is also used to protect our sensitive data such as e-mails, passwords or banking information.  But a tiny, but most critical flaw called " Heartbleed " in the widely used OpenSSL opened doors for the cyber criminals to extract sensitive data from the system memory. WHAT IS HEARTBLEED? SSL and TLS are known to provide communication security and privacy over the Internet for applications such as websites, email, instant messaging (IM), including some virtual private networks (VPNs). Heartbleed is a critical bug ( CVE-2014-0160 ) is in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS (transport layer security protocols) and DTLS ( Datagram TLS ) heartbeat extension (RFC6520). This bug was independently discovered by a team of security enginee