encryption | Breaking Cybersecurity News | The Hacker News

Facebook has begun rolling out end-to-end encryption for its Messenger app, thus making its users' conversations completely private. The end-to-end encryption feature, dubbed " Secret Conversations ," will allow Messenger users to send and receive messages in a way that no one, including the FBI with a warrant, hackers and not even Facebook itself, can intercept them. But, this new feature will currently be available only to a small number of users for testing. So if you are one of those lucky users, you will be able to send end-to-end encrypted Secret Conversations through your Messenger app. Rest of the Messenger users will get Secret Conversations feature later this summer or in early fall, the company wrote in a Facebook newsroom post published today. Sounds exciting, right? But, there's a catch: Your conversations on Messenger will not be end-to-end encrypted by default, like what WhatsApp and Apple are offering. Instead, Facebook will require

Apple's new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system. However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users. On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad. But, Why Apple had left the iOS wide open when other features like iMessage offer end-to-end encryption ? Apple did this on purpose, because by leaving the iOS 10 kernel

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Apple announced one huge change at WWDC 2016: The company is replacing the HFS+ file system on MacOS, iOS, tvOS and WatchOS with a new file system. The company has introduced its brand new file system called The Apple File System — or APFS for short — for iOS, OS X, tvOS, and WatchOS, making security its centerpiece. " The Apple File System (APFS) is the next-generation file system designed to scale from an Apple Watch to a Mac Pro. APFS is optimized for Flash/SSD storage, and engineered with encryption as a primary feature, " according to an entry in the WWDC 2016 schedule. Yes, the Apple File System is optimized for Flash and SSD-based storage solutions that are used in iPhones, iPads, MacBooks, AppleTV set-top boxes, and others Apple gadgets. APFS supports "nearly" all features the HFS+ file system provides while offering improvements over the previous system in the process. Apple describes APFS as a modern file system that includes " strong enc

Facebook is set to introduce end-to-end encryption for its Messenger app , allowing more than its 900 Million users to send and receive messages that can not be read or intercepted by law enforcement or even the social network itself. However, it's not the kind of end-to-end encrypted chat feature provided by Apple or WhatsApp in which all your conversation are entirely encrypted by default. Instead, the social networking giant will offer an end-to-end encrypted chat mode in Messenger as opt-in, just like Google's Allo smart chat app that provides encrypted chat feature only if users opt for it. Privacy advocates criticized Google for adding its ' incognito ' encrypted chat mode as an opt-in feature, rather than offering end-to-end encryption by default. Now, Facebook Messenger will roll out the same choice for its users in the next few months, when the company will roll out this new encrypted chat mode in Messenger as an opt-in feature, reports  The Guardian.

Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens. Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people. All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported . In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers. However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp , Apple iMessage , and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even Whats

The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas , who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone. This is not Apple's first effort over its iPhone security . Just a few months back, the company hired Frederic Jacobs , one of the key developers of Signal — World's most secure, open source and encrypted messaging app . Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011. During his second joining, Callas designed a ful

OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic . OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. One of the high-severity flaws, CVE-2016-2107 , allows a man-in-the-middle attacker to initiate a " Padding Oracle Attack " that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. A Padding Oracle flaw weakens the encryption protection by allowing attackers to repeatedly request plaintext data about an encrypted payload content. The Padding Oracle flaw ( exploit code ) was discovered by Juraj Somorovsky using his own developed tool c

Clickjacking Vulnerability in Telegram Web Client The official Telegram web-client that allows its users to access messenger account over desktop's web browser is vulnerable to clickjacking web application vulnerability. Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user, including password and the recovery e-mail. [ Watch Video Demo ] "Telegram web client is not protecting itself from clickjacking with the typical X-Frame-Options header but uses a JS frame busting technique to prevent the website to be iframed," Mohamed says. However, by exploiting one of HTML5 Features, Mohamed was able to open the Telegram account's settings page with a sandboxed iframe to prevent redirecting to top window, which also allows him to execute cross-site request forgery (csrf) vulnerability on the web-client. " I sent [bug report] it to them [Telegram team]

Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se

On Tuesday, the Dutch Police arrested a 36-year-old man, Danny Manupassa , on suspicion of money laundering and involvement in selling encrypted smartphones to criminals. Manupassa owns a company called Ennetcom , which provides customized Blackberry Phones with the secure PGP-encrypted network. Reportedly, Ennetcom sold nearly 19,000 encrypted cell phones at 1500 euros each in last few years. Police have seized Ennetcom servers based in the Netherlands and Canada and pulled them offline. The seized servers contain data of encrypted communications belong to a large number of criminals. According to a press release , the investigation is ongoing and seized data from the servers will be analyzed soon. Police believe this operation would result in collecting evidence required for solving numerous ongoing investigations involving drug trafficking, assassinations, and other serious crimes. Moreover, Canadian Police is also involved in this investigation and surprisingly, i

In Brief Opera becomes the first web browser to offer a built-in Free, unlimited and 256-bit encrypted VPN service for everyone. Opera's Free VPN protects unencrypted browser session from leaking on public WiFi networks and will also let unblock firewalls to improve privacy and security. Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks. Opera has released an updated desktop version of its web browser with a Free built-in VPN service to keep you safe on the Internet with just a click. That's a great deal! For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. Free VPN Service with Unlimited Data Usage Unlike several other free VPN services,

In Brief: Introducing  RansomWhere , a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes. This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process. Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know. With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection , then what else can we do? Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption algori

In Brief Viber, the popular mobile messaging app announced Tuesday that it has added full end-to-end encryption for video, voice and text message services for its millions of users. Here, the end-to-end encryption means only you and the person you are communicating with can read the content, and nobody in between, not even the company and if court orders company to provide user data, they will get only the heaps of encrypted data. Viber is the latest messaging platform to join WhatsApp , Telegram , and Apple iMessage , who strengthened their default privacy features in recent times. Founded in 2010 and acquired by Japanese e-commerce titan Rakuten for $900 Million in 2014, Viber is currently being used by more than 700 Million users globally across Android, iOS, Windows Phone, and desktop, the company claimed in a blog post published today. The move comes just a couple of weeks after Facebook-owned Whatsapp messaging app implemented full end-to-end encryption by default

The United States anti-encryption bill will kill your Privacy. In the wake of the Apple vs. FBI case, two leading Intelligence Committee Senators have introduced an anti-encryption bill that would effectively ban strong encryption. Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) released the official version of their bill today in response to concerns that criminals and terrorists are increasingly using encrypted devices to hide their plans and plots from authorities. As its name suggests, the Compliance with Court Orders Act of 2016 [ PDF ] would require people and technology firms like Apple and Google to comply with court orders to decrypt phones and its data. The draft copy of the Burr-Feinstein proposal was leaked last week, which has already faced heavy criticism from both the technology and legislative communities. Even the White House has declined to support the bill. The official version of the anti-encryption bill seems to be even wors

Ransomware has risen dramatically since last few years and is currently one of the most popular threats on the Internet. The Ransomware infections have become so sophisticated with the time that victims end up paying ransom in order to get their critical and sensitive data back. But if you are infected with Petya Ransomware , there is good news for you. You can unlock your infected computer without paying the hefty ransom. Thanks to the Petya author who left a bug in the Ransomware code. What is Petya Ransomware? Petya is a nasty piece of ransomware that emerged two weeks ago and worked very differently from any other ransomware. The ransomware targets the victims by rebooting their Windows computers, encrypting the hard drive's master boot file, and rendering the master boot record inoperable. Also Read:  How to Decrypt CoinVault and Bitcryptor Ransomware A master boot record (MBR) is the information in the first sector of any hard disk that ide

Although everyone, including Apple, was worried about the iPhone hacking tool used by the Federal Bureau of Investigation (FBI) to access data on iPhone belonged to the San Bernardino shooter, the FBI director said the hack does not work on an iPhone 5S or later. FBI Director James Comey said Wednesday that the agency was able to avoid a prolonged legal battle with Apple by buying a tool from a private source to hack into terrorist Syed Farook's iPhone 5C. Apple was engaged in a legal battle with the Department of Justice (DOJ) for a month over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone to help them access data on it. Apple refused to comply with the order, so the FBI worked with a third-party firm, most likely the Israeli mobile forensic firm Cellebrite, and was successfully able to access data on the locked iPhone used in the San Bernardino shooting incident last year. But speaking to the

Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.  This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export authorities have revoked the company's license to sell outside of Europe. Almost a year after it was hacked and got all its secrets leaked online , Hacking Team somehow managed to resume its operations and start pitching new hacking tools to help the United States law enforcement gets around their encryption issues. Hacking Team had sold its malware, officially known as the Galileo Remote Control System , to authorities in Egypt, Morocco, Brazil, Malaysia, Thailand, Kazakhstan, Vietnam, Mexico, and Panama. Hacking Team had also signed big contracts with the Federal Burea

WhatsApp is updating its messaging app so that every text message and voice call will be encrypted for the company's one billion users. Yes, Whatsapp has finally implemented full end-to-end encryption , as promised a year ago. This means, from now every message, image or voice call you made will be secured by end-to-end encryption so that only you and the person you're communicating with can read the content of the message, and nobody in between, not even WhatsApp. In other words, this also means that WhatsApp would not be able to comply with any court order that demands access to the content of any conversation happens over its service. Starting today, you will see a notification on your WhatsApp conversation screen as your messenger becomes end-to-end encrypted, as shown in the screenshot. "Message you send to this chat and calls are now secured with end-to-end encryption. Tap for more info."  "This is because your messages are secured with a lock,

Terrorist organisations are increasingly using high-grade encryption technologies to prevent being caught by the law enforcement. But, that was not in the case of last year's Paris attacks that killed 129 people, as Encryption seems to have played little to no role. So, Who was the Real Culprit Behind the Attacks? The 'Burner' Phones. Burner Phones, or Prepaid mobile phones, are often the quick, easy, and anonymous method of communication. All you need to do is head to your nearest big-box store and pick up a cheap prepaid "burner" phone and a phone card. Now you have an entirely useable phone with no ID that could reveal your identity. It seems that these prepaid "burner" phones are a dream tool for terrorist organisations that bring them in bulk and then disposed of each time they make a communication. The same prepaid phones were utilized in the terrorist attacks in Paris late last year. Therefore, by using different phon

The legal battle between Apple and the Federal Bureau of Investigation (FBI) is turning ugly with each passing day. Apple is fighting with the federal authorities over iPhone encryption case . The Federal Bureau of Investigation (FBI) requires Apple's assistance to unlock an iPhone 5C belonging to San Bernardino shooter Syed Rizwan Farook. Apple CEO Tim Cook has said explicitly that providing a backdoor would likely open up the company's iPhones to not just the federal agents, but also to malicious hackers who could use it for evil purposes. Now the Apple's decision not to comply with the court order has provoked a Florida sheriff, who has threatened to arrest Tim Cook if he gets the chance. Sheriff Vows: I'll Lock the Rascal up. During a Wednesday press conference, when Polk County Sheriff Grady Judd was asked about Cook's refusal to help create a custom operating system that would assist the FBI to circumvent security measures on terrorist iPhone