surveillance | Breaking Cybersecurity News | The Hacker News

If you have an account with Microsoft's popular free email service Outlook.com, and using Outlook app for Android, then there is a bad news for you. Microsoft's Android app for Outlook.com,  provides users to access their Outlook emails on their Android devices, fails to provide security and encryption. LOOPHOLES DISCOVERED Researchers from ' Include Security ' firm claims to have found multiple vulnerabilities in Microsoft's Outlook app for Android, that leaves users' email data vulnerable to hackers and other malicious third party apps. By default, Email attachments are stored into easily accessible folders on the Android filesystem Email Database ( Body, Subject ) is stored locally in an unencrypted manner App's 'Pin Code' feature doesn't protect or encrypt email data. EMAIL ATTACHMENTS ARE ACCESSIBLE TO ANY OTHER APPS Today almost every applications available at Google Play Store generally ask for  READ_EXTERNAL_STORA

The most popular open source Instant messaging application based on the ' Extensible Messaging and Presence Protocol ' (XMPP), formerly known as Jabber that enables you to connect with other people over the Internet will begin refusing unencrypted connections as from today. In an announcement yesterday, The XMPP Standard Foundation (XSF) informs that a large number of XMPP service operators and software developers permanently turned on mandatory encryption for client-to-server and server-to-server connections from today in order to harden the security of the messaging service. Many XMPP-based services operate independently, so it is tough to enforce all of them to use Encryption . ' While XMPP is an open distributed network, obviously no single entity can "mandate" encryption for the whole network - but as a group we are moving in the right direction ,' reads the blog post. ' If you use an XMPP service provided by someone else and you encounter problems contact

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

When it comes to crime, whether it's an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement authorities to arrest a particular group of cyber criminals and Hackers. The FBI has targeted the customers of a popular Remote Administration Tool (RAT) called ' blackshades ', which allows them to connect and manage thousands of remotely infected computers over the Internet. WHAT IS BLACKSHADES RAT?? ' Blackshades ' is a remote administration tool (RAT) which allows an attacker to control several clients from around the world.  Blackshades  malware   is fully equipped with Drive-by attacks, Java exploits, keylogger and it allows an attacker to steal usernames and passwords for email and Web services, instant messaging applications, FTP clients and lots more. In worst

It's an era of Mass Surveillance, where Encryption has become more important today for all of us than any other time in the History. But the trouble is that Crypto programs are too hard for Non-Internet-Savvy to implement and use. Time is loudly announcing the need to switch to some alternatives that provide end-to-end encryption for communication between two devices in order to keep your personal data away from NSA's prying eyes and respect your Privacy . But, many services, including Facebook's messaging application, don't support encryption and therefore are weak in providing security of our online data, which could result in data breach either by cyber criminals or by our own Government under surveillance programs. Because Facebook's messaging application doesn't support end-to-end encryption, an Open-source and most popular crypto chat-encryption application called 'Cryptocat' has made it possible to chat with your Facebook friends and rel

Last year, Just after Snowden leaks, the U.S Government warned that NSA surveillance revelations will make harder to track bad guys trying to harm the United States, as disclosures can be helpful to terrorist groups. In response to the NSA revelations, the terrorists at Al-Qaeda have started using strongest encryption techniques in order to bypass the standard cryptographic protections in its various communications, according to the recent report released by the Threat Intelligence  company, Recorded Future . The analysis carried out by the intelligence firm revealed that the Infamous Terrorist Organizations, Al-Qaeda that attacked civilian and military targets in various countries, has switched to new encryption software for the first time in seven years, following the revelations of the US National Security Agency (NSA) by former contractor Edward Snowden . Al-Qaeda is a global militant Islamist and takfiri organization which operates as a network comprising both a

We All now know about the existence of the extensive metadata collection program by U.S National Security Agency ( NSA ), which creates an intimate repository of our lives -- whom we love, whom we're friends with, where we work, whom we call, when we you, how long we talk over the calls, and how often calls between the two parties are made and even the your interactions on social networking sites. Although U.S Government always argues that Metadata doesn't record the actual content ( of your call ) and it is used for NSA's automated analysis, but should we be worried? You are unique in the world and therefore your metadata too. So anyone with knowledge of the subject knows that analyzing terabytes of metadata can easily reveal far more details about a person's life than ever before. Worldwide debate on mass surveillance still was not finished yet, but today is a new alarming report revealed that US government murdering people around the world based solely on the

Despite the contrary regarding NSA's DROPOUTJEEP program, Apple had always denied working with the NSA in the creation of any backdoors used to spy on its users and also claimed that the NSA doesn't have backdoor access to its data. But, Apple could legally share your phone data with the law enforcement agencies if asked for. Being a secretive company, Apple is very clear at its point of sharing its users' data with the government when U.S. law enforcement agencies request data relating to the company's users. With the release of a set of new guidelines late Wednesday regarding requests for customer data from the U.S. law enforcement agencies, Apple specifies what information can and cannot be lifted from its users devices upon the receipt of disclosure requests, search warrants, or legal orders. " These guidelines are provided for use by law enforcement or other government entities in the U.S. when seeking information from Apple Inc. about users of Apple

Edward Snowden 's leaks last year questioned the integrity of several big and reputed companies such as Apple, Google and Microsoft that were found in relation with the NSA in its surveillance programs.  Thereafter they maintained distance with the Agency and claimed to be unaware of such government spying activities. Now, email exchanges between Google executives Sergey Brin and Eric Schmidt and former NSA director Gen. Keith Alexander , obtained through the Freedom of Information Act that in real do not reveal anything ridiculously outrageous but suggest that the tech companies behind the services you use are very closely in relationship with the NSA and have worked with them over the years. The series of emails obtained by Al Jazeera clearly indicate that the relationship between Google and the National Security Agency (NSA) was far cozier than anyone thought. This revelation questions not only the reputation of the largest Internet giant, but also the privac

The National Institute of Standards and Technology (NIST) has announced to abandon the controversial  Dual Elliptic Curve Deterministic  Random Bit Generator,  better known as  Dual_EC_DRBG in the wake of allegations that the National Security Agency. Back in December, Edward Snowden leaks revealed that RSA received $10 million bribe from NSA under a secret contract to implement their flawed cryptographic algorithm Dual_EC_DRBG in its bSafe Security tool as the default protocol in its products for keeping Encryption Weak . In response to the accusations on NSA and RSA, and despite RSA denied all the accusations. without wasting time NIST issued an announcement recommending against using Dual_EC_DRBG and abandon the cryptographic algorithm from its revised guidance provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators ( NIST Special Publication 800-90A, Rev.1 ). But it didn't remove it from its random number generator

Yesterday reports revealed that Pavel Durov , the 29-year-old founder of Russia's most popular social networking site VKontakte (VK) - Russia's Facebook, had been fired from his post of general director of Vkontakte. On monday, Durov said that the social networking site VK is now under the complete control of two close allies of President Vladimir Putin. Publicly announcing his firing on his VK page he said, " In this way, today VKontakte goes under the complete control of Igor Sechin and Alisher Usmanov. Probably, in the Russian context, something like this was inevitable, but I'm happy we lasted seven and a half years. We did a lot. And part of what's been done can't be turned back. " Last Month on 21st March, the 29-year-old entrepreneur announced submitted his resignation, but earlier this month that he had rescinded his resignation as the company's CEO because it was an April Fool Prank, but unfortunately he supposedly failed to properly withdraw befor

We are already aware about the fact that most probably every mobile app is collecting our data in one or the other form. Thanks to Edward Snowden, who provided the secret documents that revealed that the world's most popular Smartphone applications, including gaming apps such as Angry Birds , are telling the government intelligence agencies (NSA) everything about us. We  reported earlier  that how the government intelligence agencies, such as British intelligence agency GCHQ and U.S. intelligence firm NSA, use popular games to collect users' personal data including their GPS location. Yes, the popular game Angry Bird , which is the top-selling paid mobile application in the United States and Europe for the iPhones, Android and has been downloaded more than a billion times by the devoted game players worldwide, who often spend hours squawking and playing the game.  In fact earlier this month,  CBS 60 Minutes  shows that how Rovio shares users' locations. Recently, t

The respected encryption and network security company RSA Security (now a division of EMC), whose respect was already on stack after revelation by former NSA contractor Edward Snowden  revealed that the NSA created a flawed random number generation system ( Dual_EC_DRBG ), Dual Elliptic Curve, which the most trusted security provider company RSA used in its Bsafe security tool.  Until then RSA wasn't able to come up from this aspersion, a new document by Snowden revealed that RSA received $10 million from NSA for keeping Encryption Weak. Researchers from Johns Hopkins , the University of Wisconsin , the University of Illinois  have claimed that the RSA adopted one more NSA recommended tool called Extended Random extension  for secure websites, which actually helps NSA to crack a version of the Dual Elliptic Curve software tens of thousands of times faster,  Reuters reported. Dual Elliptic Curve Deterministic Random Bit Generator ( Dual EC_DRBG ) is a cryptograph

Another leak from  Edward Snowden files, but this time not about the NSA, rather the documents revealed that France's central intelligence agency, the DGSE has complete and unconditional  access to all of  telecom giant  Orange's data, not just metadata . Yes! It is the same  Orange company who threatened to sue the NSA for hacking into the underwater cable that it jointly owns with 15 other companies. According to the French paper Le Monde -- Orange, the leading telecom company in France with more than 26 million customers worldwide cooperated allegedly illegally for years with France's main intelligence agency. DGSE and Agents with military clearance have been working with Orange for at least 30 years. France has a PRISM like surveillance  program to target phone communications, emails and data from tech companies like Google, Facebook, Apple, Microsoft and Yahoo. Furthermore, DGSE is also sharing this data with foreign allies like GCHQ.  The revelations c

I am quite sure that you must be syncing your Smartphone with your Computers for transferring files and taking backup of your device. If you are using windows operating system and Android devices, then it's a bad news for you, because FireEye Security Researchers have identified a new piece of windows malware that can also infects your Android Devices. During an investigation of a targeted attack on a US based financial institution, researchers spotted a new version of Windows Remote Access Trojan (RAT) called ' Win-Spy Software Pro v16 ', a spying and monitoring tool.  WinSpy was embedded in macro documents to kick off a spam campaign via a spear phishing email. " The recent surge in Android-based RATs such as Dendroid and AndroRAT shows a spike in the interest of malicious actors to control mobile devices.  GimmeRAT  is another startling example of malicious actors venturing into the Android ecosystem ," security firm said. The Researchers dubbed the

The US intelligence agency NSA ( National Security Agency ) broke the Silence on the claim that it has reportedly  'infected millions of computers around the world with malware' and that it is 'impersonating U.S. Social media or other websites ', emphasized the claim as inaccurate. The document provided previously by NSA whistleblower Edward Snowden , analyzed by Glenn Greenwald from  The Intercept claimed that the NSA is spreading surveillance malware on computers and networking devices around the world that are capable to spam out millions of pieces of sophisticated malware at a time on a large scale.  Moreover, the report also claimed that the NSA could silently masquerade as legit websites, such as Facebook, or other sites and therefore intercepting victims' online activities, but the agency denied the claims issuing a statement on Thursday. The statement released by the agency notes: " Recent media reports that allege NSA has infected millions of computers