The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: data security

Doctor Implanted 6 MicroChips Under His Skin to Unlock Doors and Secure Data

Doctor Implanted 6 MicroChips Under His Skin to Unlock Doors and Secure Data

August 21, 2017Swati Khandelwal
Biohacking could be a next big thing in this smart world. At the beginning of this month, several dozen employees of Three Square Market (32M) received microchip implants in their hands during a "chip party," allowing them to log into their office computers, open doors, and pay for food and drinks, by simply waving their hands, AP reported . But, biohacking is already becoming common in Russia. It has been reported that a Siberian doctor has already implanted not one, but at least six microchips underneath his skin and turned his body into a multi-functional gadget for doing a number of jobs by just a wave of his hands. Alexander Volchek , who is an obstetrician/gynaecologist in a hospital in the Novosibirsk region in Russia's north, got his first microchip implant in 2014 and since then he acquired a few more and now has a total of six chips under his skin. However, Volchek does not want to stop here and hopes to implant a cryptosystem and a glucometer mic
How Top Companies Accidentally Leaking Terabytes of Sensitive Data Online

How Top Companies Accidentally Leaking Terabytes of Sensitive Data Online

August 09, 2017Swati Khandelwal
An anti-malware detection service provider and premium security firm has been accused of leaking terabytes of confidential data from several Fortune 1000 companies, including customer credentials, financial records, network intelligence and other sensitive data. However, in response to the accusations, the security firm confirmed that they are not pulling sensitive files from its customers; instead, it's up to companies—who are accidentally (but explicitly) sharing their sensitive data to leverage an optional cloud-based anti-malware service. On Wednesday, Information security firm DirectDefense published a blog post, claiming that they found a major issue with endpoint detection and response (EDR) solution offered by US-based company Carbon Black, alleging that the company is leaking hundreds of thousands of sensitive files from its customers. Carbon Black is a leading incident response and threat hunting company that offers security products to nearly thirty of the larg
Companies Could Face $22 Million Fine If They Fail to Protect Against Hackers

Companies Could Face $22 Million Fine If They Fail to Protect Against Hackers

August 09, 2017Swati Khandelwal
Over the past few years, massive data breaches have become more frequent and so common that pretty much every week we heard about some organisation being hacked or hacker dumping tens of millions of users records. But even after this wide range of data breach incidents, many organisations fail to grasp the importance of data protection, leaving its users' sensitive data vulnerable to hackers and cyber criminals. Not now! At least for organisations in Britain, as the UK government has committed to updating and strengthening its data protection laws through a new Data Protection Bill. The British government has warned businesses that if they fail to take measures to protect themselves adequately from cyber attacks, they could face fines of up to £17 Million (more than $22 Million), or 4% of their global turnover—whichever amount is higher. However, the financial penalties would be a last resort, and will not be applied to those organisations taking proper security measures
Telegram Agrees to Register With Russia to Avoid Ban, But Won't Share User Data

Telegram Agrees to Register With Russia to Avoid Ban, But Won't Share User Data

June 29, 2017Mohit Kumar
After being threatened with a ban in Russia , end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost. Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors. The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram 's app to communicate and plot attacks. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.  "And to officially send it to Roskomnadzor to include this data in the registry of organizers
European Parliament Proposes Ban On Encryption Backdoors

European Parliament Proposes Ban On Encryption Backdoors

June 19, 2017Mohit Kumar
Prime Minister Theresa May wants tech companies, like Facebook, Apple, and Google, to create controversial 'backdoors' for police, but even somewhere she knows that it's not that easy as it sounds. The Civil Liberties, Justice and Home Affairs Committee of the European Parliament has released a draft proposal [ PDF ] for new laws on privacy and electronic communications, recommending end-to-end (E2E) encryption on all communications and forbidding backdoors that offer access to law enforcement. "The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information," the draft reads. Draft Says, Your Security is Our Top Priority According to the draft, EU citizens need more protection, not less and they need to know that the "confidentiality and safety" of their
Scientists Store One Bit of Data on a Single Atom — Future of Data Storage

Scientists Store One Bit of Data on a Single Atom — Future of Data Storage

March 13, 2017Mohit Kumar
Imagine a pocket-sized hard drive capable of storing the entire list of 35 Million Songs? This isn't yet practical, but IBM has just taken a big step towards improving computing technology: IBM researchers just discovered a way to store data on a single atom. Data storage is undergoing dramatic evolution, recently researchers successfully stored digital data — an entire operating system, a movie, an Amazon gift card, a study and a computer virus — in strands of DNA. The IBM Research results announced Wednesday that the researchers have developed the world's smallest magnet using a single atom and they packed it with one bit of digital data. Currently, hard drives use about 100,000 atoms to store a single bit of information — a 1 or 0 — using traditional methods. So, this breakthrough could allow people to store 1,000 times more information in the same amount of space in the future applications. Scientists Store 1 Bit of data on a single Atom, whereas modern hard dri
Scientists Store an Operating System, a Movie and a Computer Virus on DNA

Scientists Store an Operating System, a Movie and a Computer Virus on DNA

March 04, 2017Swati Khandelwal
Do you know — 1 Gram of DNA Can Store 1,000,000,000 Terabyte of Data for 1000+ Years. Just last year, Microsoft purchased 10 Million strands of synthetic DNA from San Francisco DNA synthesis startup called Twist Bioscience and collaborated with researchers from the University of Washington to focus on using DNA as a data storage medium. However, in the latest experiments, a pair of researchers from Columbia University and the New York Genome Center (NYGC) have come up with a new technique to store massive amounts of data on DNA, and the results are marvelous. The duo successfully stored around 2mb in data, encoding a total number of six files, which include: A full computer operating system An 1895 French movie "Arrival of a Train at La Ciotat" A $50 Amazon gift card A computer virus A Pioneer plaque A 1948 study by information theorist Claude Shannon The new research, which comes courtesy of Yaniv Erlich and Dina Zielinski, has been published in the jou
Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

January 12, 2017Swati Khandelwal
The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation
DailyMotion Hacked — 85 Million User Accounts Stolen

DailyMotion Hacked — 85 Million User Accounts Stolen

December 05, 2016Swati Khandelwal
Another day, another data breach. This time a popular video sharing platform DailyMotion has allegedly been hacked and tens of millions of users information have been stolen. Breach notification service LeakedSource announced the data breach on Monday after the company obtained 85.2 Million records from Dailymotion. According to LeakedSource, the DailyMotion data breach appears to have taken place on October 20, 2016, which means it is possible that hackers have been circulating the data for over a month. The stolen data consists of 85.2 Million unique email addresses and usernames and around 20 percent of the accounts (more than 18 Million users) had hashed passwords tied to them. The passwords were protected using the Bcrypt hashing algorithm with ten rounds of rekeying, making it difficult for hackers to obtain user's actual password. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to actual brute-
Russian Court bans LinkedIn in Russia; Facebook and Twitter Could be Next

Russian Court bans LinkedIn in Russia; Facebook and Twitter Could be Next

November 12, 2016Swati Khandelwal
As reported late October, the world's largest online professional network LinkedIn is going to ban in Russia beginning Monday following a Moscow court decision this week that found Microsoft-owned LinkedIn to be in violation of the country's data protection laws. Here's why LinkedIn is facing ban in Russia: In July 2014, Russia approved amendments to the Russian Personal Data Law that came into force on 1st September 2015, under which foreign tech companies were required to store the personal data of its citizens within the country. Legislation put in place for protecting its citizens' data from the NSA's worldwide surveillance revealed by whistleblower Edward Snowden. The Russian state's federal media regulator, known as Roskomnadzor, is now threatening to block any company that stored its citizens' personal data on non-Russian servers. Facebook and Twitter could be Next to Get BLOCKED! Not just LinkedIn, even other bigger companies, includ
Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

September 23, 2016Swati Khandelwal
After the iPhone encryption battle between Apple and the FBI , Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's most secure, encrypted messaging apps — its core security team to achieve this goal. But it seems like Apple has taken something of a backward step. Apple deliberately weakens Backup Encryption For iOS 10 With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users' security and privacy. Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor. PBKDF2 stands for Password-Based Key Deri
Microsoft to Store Data on DNA — 1,000,000,000 TB in Just a Gram

Microsoft to Store Data on DNA — 1,000,000,000 TB in Just a Gram

April 29, 2016Mohit Kumar
In Brief Do you know — 1 Gram of DNA Can Store 1,000,000,000 Terabyte of Data for 1000+ Years. Microsoft has purchased 10 Million strands of synthetic DNA, called Oligonucleotides a.k.a. DNA molecules, from biology startup Twist and collaborated with researchers from University of Washington to explore the idea of using synthetic DNA to store huge amount of data. Microsoft is planning to drastically change the future of data storage technology as we know it today. The volume and rate of production of data being produced and stored every day are so fast that the servers and hard drives needing to be replaced periodically, potentially increasing the risk of corruption and data loss. According to stats, 5.4 zettabytes (4.4 trillion gigabytes) of digital data, circulating and available worldwide, had been created by 2015, and it will boost to 54 zettabytes (ZB) by 2020. How will the world suppose to store this 10 times amount of data in next four years? For this, Microsof
This Android Malware Can Root Your Device And Erase Everything

This Android Malware Can Root Your Device And Erase Everything

February 15, 2016Swati Khandelwal
A new Android malware has been making waves recently that have the capability to gain root access on your smartphone and completely erase your phone's storag e. Dubbed Mazar BOT , the serious malware program is loaded with so many hidden capabilities that security researchers are calling it a dangerous malware that can turn your smartphone into a zombie inside hacker's botnet. Mazar BOT was discovered by Heimdal Security while the researchers at the firm were analyzing an SMS message sent to random mobile numbers and locations. How Mazar BOT Works Despite other Android malware that distributes itself by tricking users into installing an app from third-party app stores, Mazar spreads via a spam SMS or MMS messages that carry a link to a malicious APK (Android app file). Once the user clicks the given link, he/she'll be ending up downloading the APK file on their Android devices, which when run, prompts the user to install a new application. This
Top 10 — 2016 New Year's Resolutions for Cyber Security Professionals

Top 10 — 2016 New Year's Resolutions for Cyber Security Professionals

December 15, 2015Mohit Kumar
Billions of dollars are spent in securing business operations, and yet attackers still find ways to breach a network. With the ever increasing growth in security attacks across all threat vectors, you should consider these New Year's resolutions to help solve your security challenges in 2016: Take stock of what you have Segment your Network Setup controls with ACLs Secure protocols, network ports, & services Monitor account activity Monitor servers & databases Make sure that your applications are secured Ensure security policies are in place Measure effectiveness and ensure your security products are doing their job Add threat intelligence into your security operations As you prepare for 2016 and reflect on all the security news stories from this year, these ten resolutions need to be on your " to-do " list: 1. Take stock of what you have Knowing the genetic makeup of your environment is the key to securing your IT systems. It is critical to have an updated invento
Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

September 22, 2015Mohit Kumar
While the Indian people continue to struggle for Net Neutrality, a new problem surrounded them with the release of the latest policy for ' National Encryption Policy ' by the Indian Government. If you delete your WhatsApp Messages or Emails that you receive or send before 90 days, it might be a crime and you can End-up In Jail. If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster. With the aim to 'provide confidentiality of information' and ensure 'protection of sensitive or proprietary information', the draft policy, proposed by an so-called ' expert panel ' from the Department of Electronics and Information Technology ( DeitY ) , requires: Access to your Private Data The government wants to have access to all your encrypted information including your personal emails, text and voice messages, and data stored in a privat
Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security

Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security

August 11, 2015Swati Khandelwal
Encrypting your sensitive data is important. As you may know, CIA... C onfidentiality I ntegrity A vailability ...are the essential elements of Information Security. There are a number of tools and methods available out there, but not all encryption tools are same. We are now living in an era where everyone is watching everyone else, and now you need to pay extra attention before choosing any tool. VeraCrypt , a TrueCrypt alternative, is an open source file encryption software designed to protect your online privacy. VeraCrypt enters the market within months after TrueCrypt died , almost similar to it, but with enhancements to further secure your data. A week ago, latest version VeraCrypt 1.12 released with a new feature called PIM, which stands for " Personal Iterations Multiplier ". PIM (Personal Iterations Multiplier) is a new parameter introduced in VeraCrypt 1.12 to secure your data. PIM is basically a secret numerical value that
WhatsApp Ranked Worst at Protecting Your Privacy and Data

WhatsApp Ranked Worst at Protecting Your Privacy and Data

June 20, 2015Mohit Kumar
The Electronic Frontier Foundation has released its annual report card of tech companies for 2015 based upon how much they keep your personal data secure from government snoops. And the Worst Companies Award goes to… At&T WhatsApp Verizon Yes, you heard right! WhatsApp is one of the three worst companies at protecting its users' data so if you are concerned about your data privacy, you should think twice before using WhatsApp. The EFF released its latest Who Has Your Back report based on 5 basic criteria that included: Follows Industry Accepted Best Practices Tells Users About Government Data Demands Discloses Policies on Data Retention Discloses Government Content Removal Requests Pro-user Public Policy: opposes backdoors The prominent privacy advocacy group analysed 24 companies in total, and among them AT&T, Verizon and WhatsApp came out to be the worst companies at protecting its users' data. Where Verizon met two criteria of the EFF&#
13-year-old SSL/TLS Weakness Exposing Sensitive Data in Plain Text

13-year-old SSL/TLS Weakness Exposing Sensitive Data in Plain Text

March 28, 2015Swati Khandelwal
The most popular and widely used encryption scheme has been found to be weaker with the disclosure of a new attack that could allow attackers to steal credit card numbers, passwords and other sensitive data from transmissions protected by SSL ( secure sockets layer ) and TLS ( transport layer security ) protocols. The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm , which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today. BAR-MITZVAH ATTACK The attack, dubbed " Bar-Mitzvah ", can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks. Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, " Attacking SSL when using RC4 " at the Black Hat Asia security conference Thursday in Singapore. Bar Mitzv
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.