The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Just imagine, you are sitting in front of your laptop and your laptop is listening to your nearby conversations. What if the recorded audio from the system's microphone is being instantly uploaded to a malicious website? Google has created a speech-recognition Application Programming Interface (API) that allows websites to interact with Google Chrome and the computer's microphone allows you to speak instead of typing into any text box, to make hands-free web searches, quick conversions, and audio translator also work with them. In January, a flaw was discovered in Google Chrome that enabled malicious websites with speech recognition software to eavesdrop on users' conversations from background without their knowledge using an outdated Google speech API. CHROME IS LISTENING YOU A new similar vulnerability in Google Chrome has been discovered by Israeli security researcher, Guy Aharonovsky, claimed that the Chrome's speech-recognition API has a vulnerability that ...

Firewalls are the front-line soldiers, who sit strategically at the edge of your network and defend it from various security threats. Firewalls require constant maintenance and management to ensure that they are accurately configured for optimal security, continuous compliance, and high performance. Manual firewall configuration and change management is a time-consuming, error-prone, and headache-fraught task, especially in today's increasingly complex and dynamic networks and, for organizations dealing with dozens, or very commonly, hundreds of individual firewalls, routers and other network security devices, manual configuration and ongoing ACL changes can quickly become a management nightmare. If not managed correctly, organizations can find themselves exposed to dangerous cyber threats and compliance risks, which can lead to costly repercussions. The key to keeping up with ever-changing and ever-growing firewall rule-sets is automation.By automating firewall configu...

Millions of websites, users' passwords, credit card numbers and other personal information may be at risk as a result of the Heartbleed security flaw , a vulnerability in widely used cryptographic library ' OpenSSL '. [ READ DETAILS HERE ] Netcraft survey says that about half a million widely trusted active websites on the internet are vulnerable to the heartbleed bug, which means the information transmitting through hundreds of thousands of websites could be vulnerable, despite the protection offered by encryption techniques. According to Netcraft, " the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities. These certificates are consequently vulnerable to being spoofed (through private key disclosure), allowing an attacker to impersonate the affected websites without raising any browser warnings. " Among the trusted names running OpenSSL is Yahoo!, which has been ...

Are you safe from the critical bug Heartbleed?? OpenSSL- the encryption technology used by millions of websites to encrypt the communication and is also used to protect our sensitive data such as e-mails, passwords or banking information.  But a tiny, but most critical flaw called " Heartbleed " in the widely used OpenSSL opened doors for the cyber criminals to extract sensitive data from the system memory. WHAT IS HEARTBLEED? SSL and TLS are known to provide communication security and privacy over the Internet for applications such as websites, email, instant messaging (IM), including some virtual private networks (VPNs). Heartbleed is a critical bug ( CVE-2014-0160 ) is in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS (transport layer security protocols) and DTLS ( Datagram TLS ) heartbeat extension (RFC6520). This bug was independently discovered by a team of security enginee...

Passwords are the first line of defense against cyber criminals. It is the most vital secret of every activity we do over the internet and also a final check to get into any of your user account, whether it is your bank account, email account, shopping cart account or any other account you have. We all know storing passwords in clear text in your database is ridiculous. Many desktop applications and almost every web service including, blogs, forums eventually need to store a collection of user data and the passwords, that has to be stored using a hashing algorithm. Cryptographic hash algorithms MD5, SHA1, SHA256, SHA512, SHA-3 are general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. Hashing is the greatest way for protecting passwords and considered to be pretty safe for ensuring the integrity of data or password. The benefit of hashing is that if someone steals the database with hashed passwords, they o...

It is advised to those who are running their web server with OpenSSL 1.0.1 through 1.0, then it is significantly important that you update to OpenSSL 1.0.1g immediately or as soon as possible.  As this afternoon, an extremely critical programming flaw in the OpenSSL has been discovered that apparently exposed the cryptographic keys and private data from some of the most important sites and services on the Internet. The bug was independently discovered by security firm Codenomicon along with a Google Security engineer. The flaw is in the popular OpenSSL cryptographic software library and its weakness allows cyber criminals to steal the information protected, under normal conditions, by the SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption used to secure the Internet. OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions that enable SSL and TLS encryption. Mostly eve...

Yahoo! The one who enabled the HTTPS connections by default from the beginning of this year, the one who encrypts traffic moving between its data centers from 31st March , now has been accused of harming every  Mailing List  across the world. Experts from the Internet Engineering Council John R. Levine , specialized in email infrastructure and spam filtering claimed this in the post titled " Yahoo breaks every mailing list in the world including the IETF's. " on Internet Engineering Task Force (IETF). Yahoo has established a new rule to automatically exclude Yahoo users from the mailing list, because Mailing List server does not comply with DMARC requirements and they strongly modifies each email. He talks about an " emerging e-mail security scheme " known as Domain-based Message Authentication, Reporting and Conformance (DMARC) that has been implemented by almost every largest email service providers, including Gmail, Hotmail, Comcast, and Yahoo. DMARC helps to reduce ...

When we talk about security, only one thing cames to our mind – ENCRYPTION . Encryption of our online messages, encryption of our emails, encryption of our voice call, encryption of our every personal data and communication that we have to keep away from cybercriminals and, if I am not wrong, also from government intelligence agencies, such as NSA and GCHQ. Eventually, secure encryption is mandatory need of our modern Internet, Mobile communication, financial transactions, network sensors, car keys, and many more. But, government agencies like NSA are trying hard to break every effort that we adopt to secure our personal and confidential data.  NSA is trying to develop a futuristic super computer called ' Quantum computer ' that could be capable of breaking almost every kind of Encryption used to protect banks, medical, business including top-secret information held by government around the world. NEARLY UNBREAKABLE ENCRYPTION So, need for new encryption schem...