interception tool | Breaking Cybersecurity News | The Hacker News

In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software. Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the " Qaznet Trust Network " certificate should not be trusted when attempting to access a website that responds with the government-issued certificate. As The Hacker News reported last month , all major Kazakh Internet Service Providers (ISPs) are forcing their customers into installing a government-issued root certificate on their devices in order to regain access to their Internet services. The root certificate in question, labeled as " trusted certificate " or "national security certificate," if installed, allows ISPs to intercept, monitor, and decrypt users' encrypted HTTPS and TLS connections,

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus messages to trick mobile users into downloading a malware app onto their smartphones or lures victims into giving up sensitive information. Security researchers at Check Point Software Technologies have uncovered that Chinese hackers are using fake base transceiver stations (BTS towers) to distribute " Swearing Trojan ," an Android banking malware that once appeared neutralized after its authors were arrested in a police raid. This is the first ever reported real-world case in which criminals played smart in such a way that they used BTS — a piece of equipment usually installed on cellular telephone towers — to spread malware. The phishing SMS, which masquerades itself as the on

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

If you are using the Internet, there are the possibilities that you are open to attack. The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 ( version 3.6 and above of the Linux kernel ) poses a serious threat to Internet users, whether or not they use Linux directly. This issue is troubling because Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs. Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet. The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays. The flaw actually resides in the design and implementation of the Request for Comments: 5961 ( RF

Spying on the world by injecting sophisticated backdoors in software, systems, and mobile phones, leads to violation of the Privacy and Security of every individual. Yes, we are talking about Surveillance , but this time not about NSA . Instead, Countries including some with poor human-rights records and a much less technically advanced nation are the likely culprits, as they apparently used commercial spyware in making surveillance capabilities that once were the exclusive expertise of the known spy agencies, such as National Security Agency (NSA) and GCHQ. Citizen lab , a nonprofit research lab has  found traces of a remote hacking tool  in 21 countries , developed by  Hacking Team,  including Ethiopia, Sudan, Azerbaijan and Saudi Arabia, which the team had already  denied  back in 2013. Hacking Team, also known as HT S.r.l , is an Italian company, which is known for its powerful surveillance software, Remote Code System (RCS) that it sells to Governments and law enforcement