#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for RSA hack | Breaking Cybersecurity News | The Hacker News

RollJam — $30 Device That Unlocks Almost Any Car And Garage Door

RollJam — $30 Device That Unlocks Almost Any Car And Garage Door

Aug 08, 2015
We have talked a lot about car hacking. Recently researchers even demonstrated how hackers can remotely hijack Jeep Cherokee to control its steering, brakes and transmission. Now, researchers have discovered another type of car hack that can be used to unlock almost every car or garage door. You only need two radios, a microcontroller and a battery, costing barely under $30, to devise what's called RollJam capable to unlock any car or garage at the click of a button, making auto hacking cars so simple that anyone can do it. The recent hack takes advantage of the same vulnerable wireless unlocking technology that is being used by the majority of cars manufacturers. These wireless unlocking systems are Keyless entry systems that enable the car owner to unlock his car just by pressing a button sitting at his workplace remotely ( within a range of 20 metres ). What RollJam does and How? RollJam steals the secret codes, called Rolling Code, that is gene
How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

Feb 16, 2016
Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hackers can't remotely access their contents. But you need to think again before calling them ' Safe .' A team of security researchers from Tel Aviv University and Technion have discovered a new method to steal sensitive data from a target air-gapped computer located in another room. The team is the same group of researchers who had experimented a number of different methods to extract data from a computer. Last year, the team demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread. In 2014, the team devised a special digitizer wristband that had the ability to extract the cryptographic key used to secu
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
How to Crack Android Full Disk Encryption on Qualcomm Devices

How to Crack Android Full Disk Encryption on Qualcomm Devices

Jul 01, 2016
The heated battle between Apple and the FBI provoked a lot of talk about Encryption – the technology that has been used to keep all your bits and bytes as safe as possible. We can not say a lot about Apple's users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data. Android's full-disk encryption can be cracked much more easily than expected with brute force attack and some patience, affecting potentially hundreds of millions of mobile devices. And the worst part: There may not be a full fix available for current Android handsets in the market. Google started implementing Full Disk Encryption on Android by default with Android 5.0 Lollipop. Full disk encryption (FDE) can prevent both hackers and even powerful law enforcement agencies from gaining unauthorized access to device's data. Android's disk encryption, in short, is the process of encoding all user's data on an Android device before ever wri
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Two more Comodo registration authority accounts compromised !

Two more Comodo registration authority accounts compromised !

Mar 30, 2011
Two more Comodo registration authority accounts compromised ! Certification company's humiliation drags on as hacker scalps two more Comodo registration authority accounts The Iranian hacker that managed to trick Comodo into issuing nine fraudulent certificates appears to have compromised two more registration authority accounts, raising questions of what exactly is going on at the certificate authority. "Two further RA accounts have since been compromised," wrote Robin Alden, CTO of Comodo Security, on the mozilla-dev-security-policy mailing list. The partners have had their registration authority privileges withdrawn, Alden said. Comodo Retrofitting Broken Padlocks Alden made the announcement in an email addressing questions posed by the members of the mailing list. "No further mis-issued certificates have resulted from these compromises," Alden said. The self-identified Comodo hacker (writing under the name Janam Fadaye Rahbar) claimed in a follow-up message on Pastebin to
iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Oct 30, 2013
Security researchers Adi Sharabani and Yair Amit  have disclosed details about a widespread vulnerability in iOS apps , that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details  on this  vulnerability , which stems from a commonly used approach to URL caching. Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods. The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker's server to the attacker's server. There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this attack and t
Anonymous hackers planning real-world attacks !

Anonymous hackers planning real-world attacks !

Feb 17, 2011
A computer security firm working to expose members of hacker group "Anonymous" pulled out of a premier industry conference here due to threats of real-world attacks on its employees. HBGary personnel have been peppered with threatening messages since Anonymous hackers looted data from its computer systems earlier this month, according to a message on the California firm's website Wednesday. "In addition to the data theft, HBGary individuals have received numerous threats of violence, including threats at our tradeshow booth," the company said. "In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks." Cyber security specialists and national security officials are in San Francisco this week to share insights on topics ranging from guarding "smart" power grids to blocking attacks on smartphones and computer tablets. Anonymous, the hacker group behind online
Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers

Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers

Dec 11, 2020
A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software—as well as with ability for its affiliates to launch double extortion attacks. The MountLocker ransomware, which only began making the rounds in July 2020, has already gained notoriety for stealing files before encryption and demanding ransom amounts in the millions to prevent public disclosure of stolen data, a tactic known as  double extortion . "The MountLocker Operators are clearly just warming up. After a slow start in July they are rapidly gaining ground, as the high-profile nature of extortion and data leaks drive ransom demands ever higher," researchers from BlackBerry Research and Intelligence Team said. "MountLocker affiliates are typically fast operators, rapidly exfiltrating sensitive documents and encrypting them across key targets in a matter of hours."
Focus on cyber war defense

Focus on cyber war defense

Oct 31, 2010
The difference between cyber crime, cyber espionage and cyber war is a matter of a few keystrokes. They use the same techniques. These were the words of Richard Clarke, chairman of Good Harbor Consulting , during his keynote at the RSA Europe 2010 conference, being held in London this week. Giving background, he said cyber crime is not a theory, it goes on every day. "Just two weeks ago, there were arrests of a cyber cartel in the US. However, those arrested were students, acting as mules. To be a mule all they have to do is open a bank account and allow money to flow in and out of it. They are on the lowest level of the cyber crime structure." This is typically the situation in cyber crime, explained Clarke. "These cartels are often based in Moldova, Estonia, Belarus or Russia. Once there has been an investigation, often long and complicated, using warrants to search computers and servers , crimes are traced back to these countries. However, when the investigators
Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen

Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen

Dec 09, 2020
FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a  state-sponsored attack  by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's actively investigating the breach in coordination with the US Federal Bureau of Investigation (FBI) and other key partners, including Microsoft. It did not identify a specific culprit who might be behind the breach or disclose when the hack exactly took place. However,  The New York Times  and  The Washington Post  reported that the FBI has turned over the investigation to its Russian specialists and that the attack is likely the work of  APT29  (or Cozy Bear) — state-sponsored hackers affiliated with Russia's SVR Foreign Intelligence Service — citing unnamed sources. As of writing, the hacking tools have not been exploited in the wild, nor do they contain zero-day expl
Team Injector (1337db) Hack Into Exploit-db Website !

Team Injector (1337db) Hack Into Exploit-db Website !

Dec 25, 2010
Team Injector Hack Into Exploit-db Website ! ================================ Data Extracted From Exploit-db's Server ! ================================ $ uname -a Linux www 2.6.32-25-server #45-Ubuntu SMP Sat Oct 16 20:06:58 UTC 2010 x86_64 GNU/Linux $ id uid=33(www-data) gid=33(www-data) groups=33(www-data) $ pwd /var/www $ ls -la total 24180 drwxr-xr-x 18 www-data www-data     4096 Nov 26 10:16 . drwxr-xr-x 19 root     root         4096 Sep 24 09:26 .. -rw-r--r--  1 www-data www-data     1005 Nov 12 19:03 .htaccess -rw-r--r--  1 www-data www-data      764 Nov  5 17:32 .htaccess.save -rw-r--r--  1 www-data www-data  2820676 Nov 15 14:26 1920x1200_edb-wallpaper.png drwxr-xr-x  4 www-data www-data     4096 Nov 11 07:43 92384723987239847239847234982734 -rw-r--r--  1 www-data www-data    46149 Nov 11 17:04 apc123456.php -rw-r--r--  1 www-data www-data 10723590 Nov 28 06:52 archive.tar.bz2 -rw-r--r--  1 www-data www-data    18851 Jul  9 14:42 disclosure.
Cybersecurity Resources