#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

spying | Breaking Cybersecurity News | The Hacker News

Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely

Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely
Aug 11, 2016
If you are using the Internet, there are the possibilities that you are open to attack. The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 ( version 3.6 and above of the Linux kernel ) poses a serious threat to Internet users, whether or not they use Linux directly. This issue is troubling because Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs. Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet. The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays. The flaw actually resides in the design and implementation of the Request for Comments: 5961 ( RF

How Your Computer Monitor Could Be Hacked To Spy On You

How Your Computer Monitor Could Be Hacked To Spy On You
Aug 09, 2016
Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen. Although changing pixels is really hard and complicated, a team of security researchers at this year's DEF CON says that it is not impossible. Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images. How to Hack Computer Monitors? According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display. The duo said they discovered the hack by rev

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Telegram Hacked? Turn ON Important Security Settings to Secure your Private Chats

Telegram Hacked? Turn ON Important Security Settings to Secure your Private Chats
Aug 03, 2016
We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong. No good deed today can help you protect yourself completely. Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw. Telegram is a messaging app " with a focus on security " that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers. According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram. The incident is even said to be the

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

FBI 'Double Agent' Pleads Guilty to Selling 'Classified Information' to China

FBI 'Double Agent' Pleads Guilty to Selling 'Classified Information' to China
Aug 02, 2016
An FBI electronics technician has pleaded guilty to acting as a Chinese secret agent and passing along sensitive information about the Feds to a Chinese government official. Kun Shan "Joey" Chun , 46, admitted in federal court in Manhattan on Monday that he violated his security clearance on several occasions between 2011 and 2016 in an effort to pass on secret information to China in exchange for money. Chun is a 19-year FBI veteran from Brooklyn who was born in China but was employed by the FBI in 1997. His duties with the FBI included " accessing sensitive and, in some instance, classified information ." The g-man, as a double agent, sent confidential government information – including the identity and travel plans of an FBI special agent, the internal structure of the FBI and spying technology used by the Bureau – to a Chinese official. Chun, who was initially arrested in March, got a top secret security clearance in 1998, at the time he did not reveal h

Snowden says It's a 'Dark Day for Russia' after Putin Signs Anti-Terror Law

Snowden says It's a 'Dark Day for Russia' after Putin Signs Anti-Terror Law
Jul 09, 2016
Whistleblower and ex-NSA employee Edward Snowden has criticized a new anti-terror law introduced on Thursday by Russian President Vladimir Putin, referring it as "repressive" and noting that it is a " dark day for Russia ." The new legislation signed by Putin would compel the country's telephone carriers and Internet providers to record and store the private communications of each and every one of their customers for six months – and turn them over to the government if requested. The data collected on customers would include phone calls, text messages, photographs, and Internet activities that would be stored for six months, and "metadata" would be stored up to 3 years. Moreover, Instant messaging services that make use of encryption, including WhatsApp, Telegram, and Viber, could face heavy fines of thousands of pounds if these services continue to operate in Russia without handing over their encryption keys to the government. "Putin

Traveling to US? Agencies want to Spy on your Social Media activities right from Airport

Traveling to US? Agencies want to Spy on your Social Media activities right from Airport
Jun 27, 2016
Hey! Welcome to the United States. May we have your Twitter handle, please? That's exactly what you'll likely be asked by the U.S. Customs and Border Protection at the airport prior to entering U.S. soil. Yes, your Twitter handle may soon be part of the US Visa process as U.S. Customs and Border Protection has entered a new proposal into the federal register, suggesting a new field in which foreign visitors can declare their online presence. This new proposal submitted by the US Department of Homeland Security (DHS) to the Federal Register on Thursday would update the required entry forms with a question asking travelers to " Please enter information associated with your online presence -- Provider/Platform -- Social media identifier. " This information would not be mandatory, but of course, foreign travelers who decline to reveal their online presence may subject for additional scrutiny. What's the idea behind Knowing the visitors' Online Prese

NSA wants to Exploit Internet of Things and Biomedical Devices

NSA wants to Exploit Internet of Things and Biomedical Devices
Jun 11, 2016
The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs) become more commonplace, making valuable data accessible through an ever-widening selection of entry points. Although it's not the hackers alone, the NSA is also behind the Internet of Things. We already know the United States National Security Agency's (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistleblower Edward Snowden in 2013. But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers. During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are "looking at it sort of theoretically from a research point of view right now." Ledgett totally agreed o

Have you ever suspected that Facebook is listening to your conversations through Microphone?

Have you ever suspected that Facebook is listening to your conversations through Microphone?
Jun 03, 2016
Have you ever felt Facebook is showing you very relevant ads about topics you're only discussing around your phone? If yes, then you may find this news worth reading. Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are talking about. However, the social networking giant responds  it does listen to audio and collect information from users, but does not record or use sounds heard around people for targeted ads. " Facebook does not use microphone audio to inform advertising or News Feed stories in any way ," a Facebook spokesperson said. " Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection. " Facebook rolled out a feature in May of 2014 when the company said that it might target ads " in t

Iran orders all Messaging Apps to store its citizens' data within Country

Iran orders all Messaging Apps to store its citizens' data within Country
May 31, 2016
Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens. Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people. All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported . In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers. However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp , Apple iMessage , and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even Whats

U.S. developing Technology to Identify and Track Hackers Worldwide

U.S. developing Technology to Identify and Track Hackers Worldwide
May 05, 2016
Without adequate analysis and algorithms, mass surveillance is not the answer to fighting terrorism and tracking suspects. That's what President Obama had learned last year when he signed the USA Freedom Act , which ends the bulk collection of domestic phone data by US Intelligence Agencies. There is no doubt that US Government is collecting a vast quantity of data from your smartphone to every connected device i.e. Internet of the things , but… Do they have enough capabilities to predict and identify terrorists or cyber criminals or state-sponsored hackers before they act? Well, if they had, I would not be getting chance to write about so many brutal cyber attacks , data breaches, and terrorist attacks that not only threatened Americans but also impacted people worldwide. The Ex-NSA technical director William E. Binney, who served the US National Security Agency for over 30-years, said last year in the front of Parliamentary Joint Committee that forcing analysts t

Hackers can spy on your calls and track location, using just your phone number

Hackers can spy on your calls and track location, using just your phone number
Apr 19, 2016
In Brief The famous '60 Minutes' television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles. Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages. The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks. All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations. SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one

Microsoft Sues US Govt Over Unconstitutional Secret Data Requests

Microsoft Sues US Govt Over Unconstitutional Secret Data Requests
Apr 14, 2016
Microsoft is suing the Department of Justice (DoJ) to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act (ECPA) allows the government to issue gag orders saying that the people or companies involved in a legal case cannot talk about the case or anything related to it in public. So, the government is continuously forcing tech companies to hand over their customers' emails or personal records stored in the cloud servers without their clients' knowledge. Microsoft has filed a lawsuit [ PDF ] against the DoJ, arguing that it is " unconstitutional " and violates constitutional protection of free speech to force the tech companies for not informing their customers when their stored data has been shared with authorities. "We believe these actions violate two of the fundamental rights that have been part of this countr

Facebook's Vice President Arrested in Brazil for Refusing to Share WhatsApp Data

Facebook's Vice President Arrested in Brazil for Refusing to Share WhatsApp Data
Mar 01, 2016
Apple is not the only technology giant battling against authorities over a court order; Facebook is also facing the same. Brazil's federal police arrested Facebook Latin America Vice President for failing to comply with court orders to help investigators in a drug trafficking case that involves WhatsApp, a popular messaging app owned by Facebook that has over 100 Million users in Brazil. Facebook VP Diego Jorge Dzodan was arrested on his way to work in São Paulo, Brazil today because the company refused to provide details of a WhatsApp user involved in organized crime and drug trafficking. Dzodan is still in police custody and is responding to police questioning in Sao Paulo, Local media reported . According to a statement released by a spokesperson from WhatsApp: "We are disappointed that law enforcement took this extreme step. WhatsApp cannot provide information we do not have. We cooperated to the full extent of our ability in this case, and while we re

NSA Data Center Experiencing 300 Million Hacking Attempts Per Day

NSA Data Center Experiencing 300 Million Hacking Attempts Per Day
Feb 22, 2016
Utah State computer systems are experiencing a massive cyber attack on up to 300 Million Hacking attempts per day due to National Security Agency's (NSA) data center in the state. Yes, 300,000,000 hacking attempts in a day! According to the statistical survey, it is evident that the computer systems in the US State of Utah began to experience the hacking attack a few years back, precisely, soon after the NSA revelations by global surveillance whistleblower Edward Snowden. It is a less-known fact that the NSA has built its new data center near the city of Bluffdale, Utah. However, a couple of years back, when Snowden revealed the presence of the data center, the attacks have constantly been going on. The PRISM spying program by Big Brothers at NSA might have shifted the attention of hackers for the retaliation against mass-surveillance and flared up this heightened cyber attacks against the spying agency. According to Utah Commissioner of public safety, Keith S

Russia Wants to Kick Foreign Tech Companies Out Of The Nation

Russia Wants to Kick Foreign Tech Companies Out Of The Nation
Feb 13, 2016
Someone wants to kick Microsoft, Google and Apple off from his land, but himself uses Gmail and Mac. The newly appointed Internet Tsar German Klemenko , who is the first internet advisor of Vladimir Putin , wants to kick off American Giants from Russia. In a 90-minute interview conducted by Bloomberg, Klemenko expressed his interest to vanish the presence of tech biggies of foreign countries from Russia. Google & Apple have to Pay 18% more VAT As part of this, Klemenko plans to hike the tax on foreign companies, including Google and Apple, by 18% VAT on their applications & services sold online. It is estimated that Apple, Google and other companies are nearly gaining RUB 300 Billion (£2.7 Billion, US$4 Billion) in revenue every year from Russia. "When you buy an app from Google Play or the App Store anywhere in Europe, VAT is charged at the place of payment, but not here in our banana republic," says Klemenko. The proposed movement wi

British Intelligence is Legally Allowed to Hack Anyone, Court Says

British Intelligence is Legally Allowed to Hack Anyone, Court Says
Feb 13, 2016
Hacking of computers, smartphones and networks in the United Kingdom or abroad by the Government Communications Headquarters (GCHQ) is LEGAL , the UK's Investigatory Powers Tribunal ( IPT ) ruled. So, the UK is giving clean chit to its intelligence agency to spy on its people as well as people living abroad. Now, How is that okay? The British spying nerve center GCHQ has won a major court case in defense of the agency's persistent hacking programs.  After revelations by NSA whistleblower Edward Snowden about the extent of spying by the US and the UK, Privacy International and seven Internet Service Providers (ISPs) launched a legal challenge against the GCHQ's hacking operations. The case alleged that the British spying agency was breaking European law and violating fundamental warrant protections by its too intrusive and persistent surveillance actions. GCHQ Admitted its Hacking Practices Though GCHQ "neither confirm nor deny" the e

Google Wants to Fly Drones Over Your Head to Deliver High Speed 5G Internet

Google Wants to Fly Drones Over Your Head to Deliver High Speed 5G Internet
Jan 30, 2016
Would you enjoy If Drones hovering outside your window or above your head, just because it is offering High-Speed Internet Service? Most Americans may simply prefer to "Shoot Down" unwelcome items. Well, Google is working on a similar secret project, codenamed Project Skybender , to beam faster internet service, as fast as 5G , from the air. Google is currently testing multiple prototypes of Solar-powered Internet Drones in the New Mexico desert, as per some documents obtained by the Guardian under public records laws. To ensure security, Google is also said to have installed its own dedicated flight control centre near Spaceflight Operations Center at the Spaceport America facility in the town of Truth or Consequences, New Mexico. Google's Project SkyBender Drones are equipped with millimetre-wave radio transmissions to deliver next generation 5G wireless Internet, up to 40 times faster than 4G LTE systems. Drones  —  Privacy Nightmare

Apple Can Still Read Your End-to-End Encrypted iMessages

Apple Can Still Read Your End-to-End Encrypted iMessages
Jan 25, 2016
If you are backing up your data using iCloud Backup , then you need you watch your steps NOW! In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products. When it comes to Apple's iMessage service, the company claims that it can't read messages sent between its devices because they use end-to-end encryption, which apparently means that only you and the intended recipient can read it. Moreover, in case, if the federal authorities ask Apple to hand over messages related to any of its users, there is nothing with Apple to offer them. "If the government laid a subpoena to get iMessages, we can't provide it," Apple CEO Tim Cook told Charlie Rose back in 2014. "It is encrypted, and we do not have a key." But Wait! There are still hundreds of Millions of Apple users whose data are stored on Apple'

Microsoft will Inform You If Government is Spying on You

Microsoft will Inform You If Government is Spying on You
Dec 31, 2016
Following in the footsteps of Twitter, Facebook and Google, Microsoft promises to notify users of its e-mail ( Outlook ) and cloud storage ( OneDrive ) services if government hackers may have targeted their accounts. The company already notifies users if an unauthorized person tries to access their Outlook or OneDrive accounts. But from now on, the company will also inform if it suspects government-sponsored hackers. Ex-Employee: Microsoft Didn't Notify When China Spied Tibetans Leaders The move could be taken in the wake of the claims made by Microsoft's former employees that several years ago Chinese government hacked into more than a thousand Hotmail email accounts of international leaders of Tibetan and Uighur minorities , but the company decided not to tell the victims, allowing the hackers to continue their campaign. Instead of alerting those leaders of the hacking attempts, Microsoft simply recommended them to change their passwords without disclosi
Cybersecurity Resources