encryption | Breaking Cybersecurity News | The Hacker News

First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017. Although the company did not yet specify the total number of its customers affected by the breach, it did confirm that malware was installed on some point of sale (POS) systems in stores across the U.S. at varying times between April 3, 2017, and November 18, 2017. According to the company's investigation, which is still ongoing, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names. Forever 21 has been using encryption technology since 2015 to protect its payment processing systems, but during the investigation, the company found that some POS terminals at certain stores had their encryption switched off, whic

A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages. Dubbed ROBOT ( Return of Bleichenbacher's Oracle Attack ), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers. ROBOT attack is nothing but a couple of minor variations to the old Bleichenbacher attack on the RSA encryption protocol. First discovered in 1998 and named after Swiss cryptographer Daniel Bleichenbacher, the Bleichenbacher attack is a padding oracle attack on RSA-based PKCS#1 v1.5 encryption scheme used in SSLv2. Leveraging an adaptive chosen-ciphertext attack which occurred due to error messages by SSL servers for errors in the PKCS #1 1.5 padding, Bleichenbacher attack allows attackers to determine whether a decrypted message is correctly padded.

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Researchers have uncovered several major weaknesses in the implementation of the Institute of Electrical and Electronics Engineers (IEEE) P1735 cryptography standard that can be exploited to unlock, modify or steal encrypted system-on-chip blueprints. The IEEE P1735 scheme was designed to encrypt electronic-design intellectual property (IP) in the hardware and software so that chip designers can protect their IPs from hackers and other prying eyes. Majority of mobile and embedded devices include a System-on-Chip (SoC), a single integrated circuit that can consist of multiple IPs—a collection of reusable design specifications—like a radio-frequency receiver, an analogue-to-digital converter, a digital signal processing unit, a graphics processing unit, a cryptographic engine, from different vendors. Therefore, these licensed IPs are quite valuable to their vendors, so to protect them from being reverse engineered after being sold, the IEEE developed the P1735 standard to encryp

No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit. Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks. Almost every Internet activity starts with a DNS query, making it a fundamental building block of the Internet. DNS works as an Internet's phone book that resolves human-readable web addresses, like thehackernews.com, against their IP addresses. DNS queries and responses are sent in clear text (using UDP or TCP) without encryption, which makes it vulnerable to eavesdropping and compromises privacy. ISPs by default resolve DNS queries from their servers. So when you type a website name in your browser, the query first goes to their DNS servers to find the website's IP address, which eventually exposes this information (metada

Microsoft today announced built-in support for Cortana—an artificial intelligence-powered smart assistant—in Skype messenger on Android as well as iOS devices. What purpose does it serve? Microsoft wants its AI-based smart assistance to understand your conversations and help you with quick suggestions, ideas and information right inside your chat window. "Cortana can also help you organize your day—no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled," Skype said in a blog post . In other words, it typically means — Microsoft's Cortana can now read your private Skype conversations. Should You Worry About Your Privacy? Yes, Cortana needs continuous monitoring of your private chats in order to come up with useful suggestions such as movie bookings, travel plans, nearby restaura