sensitive information | Breaking Cybersecurity News | The Hacker News

Good News for privacy concerned people! Now, your online data will not be marketed for business; at least by your Internet Service Providers (ISPs). Yes, it's time for your ISPs to ask your permission in order to share your sensitive data for marketing or advertisement purposes, the FCC rules. On Thursday, the United States Federal Communications Commission (FCC) has imposed new privacy rules on Internet Service Providers (ISPs) that restrict them from sharing your online history with third parties without your consent. In a 3-2 vote, the FCC approved the new rules by which many privacy advocates seem pleased, while some of them wanted the Commission to even apply the same rules to web-based services like Google and Facebook as well. Initially proposed earlier this year, the new rule says : "ISPs are required to obtain affirmative 'opt-in' consent from consumers to use and share sensitive information." What does 'sensitive' information mean h

Last week, I have to communicate with my friend overseas in China. We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle. If you are ever faced with the same situation, I am here to introduce you a very simple and easy-to-use approach to encrypt your files and send them to the person you want to communicate with. Here's the Kicker: You don't even need to install any software or sign up to any website in order to use the file encryption service. So, what do I have today in my box? " Otr.to " — an open-source peer-to-peer browser-based messaging application that offers secure communication by making use of "Off-the-Record" (OTR) Messaging, a cryptographic protocol for encrypting instant messaging applications. We first introduced you Otr.to two months ago. At that time,

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The Android operating system has hardened its security with application Sandboxing features to ensure that no application can access sensitive information held by another without proper privileges. Android applications communicate with each other through Intents and these intents can be abused by hackers to provide a channel for a malicious application to inject malicious data into a target, potentially vulnerable application. Security Researchers at IBM have discovered multiple vulnerabilities in Firefox for Android platform that allow a malicious application to leak the sensitive information related to the user's profile. Android's Firefox app stores the personal data at following location: / data /data/org . mozilla . firefox /files/mozilla/<RANDOM-STRING >. default . Where the random name for user's profile is used to prevent unwanted access to this directory in case of Firefox exploitation. Researchers developed an exploit to brute-force the &

For millions of low income families, the federal government's Lifeline program offers affordable phone service. But an online security lapse has exposed tens of thousands of them to an increased risk of identity theft, after their Social Security numbers, birth dates and other pieces of highly sensitive information were included in files posted publicly online. Reporters with Scripps were investigating Lifeline, a government benefit-program that provides low-income Americans with discounted phone service, when they came across the sensitive data. They discovered 170,000 Lifeline phone customer records online through a basic Google search that contained everything needed for identity theft. They asked for an interview with the COO of TerraCom and YourTel, which are the telcos who look after Lifeline,but they threatened reporters who found a security hole in their Lifeline phone system with charges under the Computer Fraud and Abuse Act. Then, the blame-the-messenger hack

U.S. intelligence agencies traced a recent cyber intrusion into U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams.  The U.S. Army Corps of Engineers National Inventory of Dams contains information about 79,000 dams throughout the country and tracks such information as the number of estimated deaths that could occur if a specific dam failed. The database also holds sensitive information, including vulnerabilities, of every major dam throughout the country. Michelle Van Cleave, a former consultant to the CIA, told the Beacon that the data breach appeared to be part of a greater effort to collect vulnerability and targeting data for future cyber or military attacks. The Corps of Engineers National Inventory of Dams was hacked by an unauthorized user believed to be from Chinese government or military cyber warriors, beginning in January and uncovered earlier this month. " In the wrong hands, the Army Corps of Engineers' database cou

ReVuln Ltd. , a small security company headed by Donato Ferrante and Luigi Auriemma, post a video that demonstrates that how attacks can gain root on the appliances. Samsung Smart TV contain a vulnerability which allows remote attackers to swipe data from attached storage devices. In this demonstration readers will see how it is possible to use a 0-day vulnerability to retrieve sensitive information, root access, and ultimately monitor and fully control the device remotely. Auriemma said, " We have tested different Samsung televisions of the latest generations running the latest version of their firmware.  Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability. ".

" H4ksniper " hacker claiming responsibility for disrupting three South African government websites. This morning after hack, website of The social development department opened to a black page with a window containing the animated graphic " Website hacked by H4ksniper ". Another message on the deface page was " Hello South Africa :D , Bad News For You IM BACK ! ..You Messed With Us & Now You Must Suffer..From Morocco with love. " On asking, hacker said that the reason of hack is " We all know that SA is the first supporter of the [República Árabe Saharaui Democrática] RASD and the enemy of Morocco since a long time and we are hackers and our goal is defending our country... " From statement, its clear that hacker belongs to Morocco and claiming to defend it from its enemy. Defaced domains : https://www.dsd.gov.za/ https://www.population.gov.za/ https://www.pnc.gov.za/ Mirror Links: https://www.th3mirror.com/mirror/id/146186/ http