cyber security | Breaking Cybersecurity News | The Hacker News

Microsoft has been gradually changing its privacy settings in Windows 10 with the Fall Creators Update to give its users more controls over their data. In April, Microsoft addressed some initial privacy concerns in the Windows 10 Creators Update with simplified data collection levels—Security, Basic, Enhanced, and Full—and eventually revealed its data collection practices . Now, the software giant is making another privacy-related change with the upcoming Windows 10 Fall Creators Update, which is due for release in October 2017, giving you much more control over what apps can do with your device. Just like apps on your smartphone's app store, apps on Windows Store also require permission to access your computer's critical functionalities like camera, microphone, calendar, contacts, and music, pictures and video libraries. While Android and iOS allow you to limit an app's permissions to access these sensitive things, these permissions have currently been provided

The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a critical vulnerability on time, for which patches were already issued by the respected companies. Rated critical with a maximum 10.0 score, the Apache Struts2 vulnerability (CVE-2017-5638) exploited in the Equifax breach was disclosed and fixed by Apache on March 6 with the release of Apache Struts version 2.3.32 or 2.5.10.1. This flaw is separate from CVE-2017-9805, another Apache Struts2 vulnerability that was patched earlier this month, which was a programming bug that manifests due to the way Struts REST plugin handles XML payloads while deserializing them, and was fixed in Struts versio

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Internet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers. There are, of course, some really good reasons to connect certain devices to the Internet. But does everything need to be connected? Of course, not—especially when it comes to medical devices. Medical devices are increasingly found vulnerable to hacking. Earlier this month, the US Food and Drug Administration (FDA) recalled 465,000 pacemakers after they were found vulnerable to hackers. Now, it turns out that a syringe infusion pump used in acute care settings could be remotely accessed and manipulated by hackers to impact the intended operation of the device, ICS-CERT warned in an advisory issued on Thursday. An independent security researcher has discovered not just one or two, but eight security vulnerabilities in the Medfusion 4000 Wireless Syringe

Finally, European companies must inform employees in advance if their work email accounts are being monitored. The European Court of Human Rights (ECHR) on Tuesday gave a landmark judgement concerning privacy in the workplace by overturning an earlier ruling that gave employers the right to spy on workplace communications. The new ruling came in judging the case of Romanian engineer Bogdan Barbulescu, who was fired ten years ago for sending messages to his fianceé and brother using his workplace Yahoo Messenger account. Earlier Romanian courts had rejected Barbulescu's complaint that his employer had violated his right to correspondence—including in January last year when it was ruled that it was not " unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours. " But now, the European court ruled by an 11-6 majority that Romanian judges failed to protect Barbulescu's right to private life and cor

Do you know — 1 Gram of DNA Can Store 1,000,000,000 Terabyte of Data for 1000+ Years? Even in March this year, a team of researchers successfully stored digital data — an entire operating system, a movie, an Amazon gift card, a study and a computer virus — in the strands of DNA. But what if someone stores a malicious program into the DNA, just like an infected USB storage, to hijack the computer that reads it. A team of researchers from the University of Washington in Seattle have demonstrated the first successful DNA-based exploit of a computer system that executes the malicious code written into the synthesised DNA strands while reading it. To carry out the hack, the researchers created biological malware and encoded it in a short stretch of DNA, which allowed them to gain "full control" of a computer that tried to process the genetic data when read by a DNA sequencing machine. The DNA-based hack becomes possible due to lack of security in multiple DNA proces

Car Hacking is a hot topic, though it's not new for researchers to hack cars. Previously they had demonstrated how to hijack a car remotely , how to disable car's crucial functions like airbags, and even how to steal cars . But the latest car hacking trick doesn't require any extra ordinary skills to accomplished. All it takes is a simple sticker onto a sign board to confuse any self-driving car and cause accident. Isn't this so dangerous? A team of researchers from the University of Washington demonstrated how anyone could print stickers off at home and put them on a few road signs to convince "most" autonomous cars into misidentifying road signs and cause accidents. According to the researchers, image recognition system used by most autonomous cars fails to read road sign boards if they are altered by placing stickers or posters over part or the whole road sign board. In a research paper , titled " Robust Physical-World Attacks on Machine

Over the past few years, massive data breaches have become more frequent and so common that pretty much every week we heard about some organisation being hacked or hacker dumping tens of millions of users records. But even after this wide range of data breach incidents, many organisations fail to grasp the importance of data protection, leaving its users' sensitive data vulnerable to hackers and cyber criminals. Not now! At least for organisations in Britain, as the UK government has committed to updating and strengthening its data protection laws through a new Data Protection Bill. The British government has warned businesses that if they fail to take measures to protect themselves adequately from cyber attacks, they could face fines of up to £17 Million (more than $22 Million), or 4% of their global turnover—whichever amount is higher. However, the financial penalties would be a last resort, and will not be applied to those organisations taking proper security measures

By this time, almost every one of you owns at least one internet-connected device—better known as the " Internet of things "—at your home, but how secure is your device? We have recently seen Car hacking that could risk anyone's life, Hoverboard hacking, even hacking of a so-called smart Gun and also the widespread hacks of insecure CCTV cameras, routers and other internet-connected home appliances. But this did not stop vendors from selling unsecured Internet-connected smart devices, and customers are buying them without giving a sh*t about the security of their smart devices. However, the massive cyber attack on a popular DNS service provider that shut down a large portion of the Internet last year made us all fear about the innocent-looking IoT devices, which surround us every day, but actually, poses a threat to global cyber security. Not anymore! A bipartisan group of senators have now introduced a new bill aimed at securing internet-connected devices b

Here we are with our weekly roundup, briefing this week's top cyber security threats, incidents and challenges. This week has been very short with big news from shutting down of two of the largest Dark Web marketplaces and theft of millions of dollars in the popular Ethereum cryptocurrency to the discovery of new Linux malware leveraging SambaCry exploit. We are here with the outline of this week's stories, just in case you missed any of them. We recommend you read the entire thing ( just click 'Read More' because there's some valuable advice in there as well ). Here's the list of this Week's Top Stories: 1. Feds Shuts Down AlphaBay and Hansa Dark Web Markets — Dream Market Under Suspicion On Thursday, Europol announced that the authorities had shut down two of the largest criminal Dark Web markets — AlphaBay and Hansa — in what's being called the largest-ever international operation against the dark web's black market conducted by the

Prime Minister Theresa May wants tech companies, like Facebook, Apple, and Google, to create controversial 'backdoors' for police, but even somewhere she knows that it's not that easy as it sounds. The Civil Liberties, Justice and Home Affairs Committee of the European Parliament has released a draft proposal [ PDF ] for new laws on privacy and electronic communications, recommending end-to-end (E2E) encryption on all communications and forbidding backdoors that offer access to law enforcement. "The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information," the draft reads. Draft Says, Your Security is Our Top Priority According to the draft, EU citizens need more protection, not less and they need to know that the "confidentiality and safety" of their

" If you want to keep living, Pay a ransom, or die ." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could eventually take their lives. A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest to help control the heartbeats. This device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate. While cyber security firms are continually improving software and security systems to protect systems from hackers, medical devices such as insulin pumps or pacemakers are also vulnerable to life-threatening hacks. In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are

WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing an alleged CIA project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network. Codenamed Pandemic , the tool is a persistent implant for Microsoft Windows machines that share files with remote users on a local network. The documents leaked by the whistleblower organisation date from April 2014 to January 2015. According to WikiLeaks, Pandemic infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software. "Pandemic is a tool which is run as kernel shellcode to install a file system filter driver," a leaked CIA manual reads. "The filter will 'replace' a target file with the given payload file when a remote user accesses the file via SMB (read-only, not w

Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or urgently patch a vulnerability – you know what I am talking about. All of these issues have been with us basically forever. Recently, the list of complex tasks extended to getting cloud infrastructure connected to the rest of the network, and secure access for mobile users. There seems to be a change coming to this key part of IT, a silver lining if you will. We decided to take a look at one solution to this problem – the Cato Cloud from Cato Networks. Founded in 2015, Cato Networks provides a software-defined and cloud-based secure enterprise network that connects all locations, people and data to the Cato Cloud – a single, global, and secure network. Cato promises to simplify netwo