Search results for Security | Breaking Cybersecurity News | The Hacker News

Looking for a Secure Smartphone? World's biggest Aerospace company - Boeing is finally close to the launch of its high-security Android Smartphone, called " Boeing Black (H8V-BLK1) ", primarily designed for secure communication between Governmental agencies and their contractors. Encrypted email, Secure Instant Messaging and Other privacy services and tools are booming in the wake of the National Security Agency's recently revealed surveillance programs. Encryption isn't meant to keep hackers out, but when it's designed and implemented correctly, it alters the way messages look. Boeing is the company which is already providing secure communications for US Government officials, including the president. Don't mess with it, It can  Self-Destruct:  Boeing Black Smartphone can Self-Destruct  if it is tampered with, destroying all the data on it. The device is delivered in complete sealed form, any attempt to open the seal of the device will destruct the operati

It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017. So you may not have to separately download and install EMET in the upcoming version of the Windows 10. If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security. EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities. " EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software ," Microsoft site reads. Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities,

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of a new Kali project, known as NetHunter , that runs on a Google Nexus device. Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security. After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone. Kali Linux NetHunter project provides much of the power to Nexus users, those runni

There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users' personal data into the world in one shot. If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi network to access the Internet. However, next time you need to be extra cautious before connecting to Hotel's Wi-Fi network, as it may expose you to hackers. Security researchers have unearthed a critical flaw in routers that many hotel chains depend on for distributing Wi-Fi networks. The security vulnerability could allow a hacker to infect guests with malware, steal or monitor personal data sent over the network, and even gain access to the hotel's keycard systems and reservation. HACKING GUEST WIFI ROUTER Several models of InnGate routers manufactured by ANTlabs, a Singapore firm, have a security weakness in the authentication mechanism of the firmware. The se

Microsoft rolled out  Patch Tuesday updates  for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.  Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, with six of these bugs publicly known at the time of release.  The updates span across several of Microsoft's products, including Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS, and Visual Studio Code. July also marks a dramatic jump in the volume of vulnerabilities, surpassing the number Microsoft collectively addressed as part of its updates in  May  (55) and  June  (50). Chief among the security flaws actively exploited are as follows — CVE-2021-34527  (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosed

The Iranian hacking group, which calls itself the " Ajax Security Team ", was quite famous from last few years for websites defacement attacks , and then suddenly they went into dark since past few months. But that doesn't mean that the group was inactive, rather defacing the websites, the group was planning something bigger. The Group of hackers at Ajax Security Team last defaced a website in December 2013 and after that it transitioned to sophisticated malware-based espionage campaigns in order to target U.S. defense organizations and Iranian dissidents, according to the report released by FireEye researchers. " The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events ," researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote in the report. " This is followed by increasing links between the hacking

On Saturday, the Senior Administration Officials cast light on the subject of Internet Security and said President Obama has clearly decided that whenever the U.S. Intelligence agency like NSA discovers major vulnerabilities, in most of the situations the agency should reveal them rather than exploiting for national purpose, according to The New York Times . OBAMA's POLICY WITH LOOPHOLE FOR NSA Yet, there is an exception to the above statement, as Mr. President carved a detailed exception to the policy " Unless there is a clear national security or law enforcement need, " which means that the policy creates a loophole for the spying agencies like NSA to sustain their surveillance programs by exploiting security vulnerabilities to create Cyber Weapons. After three-month review of recommendations [ PDF-file ], the Final Report of the Review Group on Intelligence and Communications Technologies was submitted to Mr. Obama on last December, out of which one of the recommendation on pa

If we talk about old days, a hacker often rely on the natural helpfulness as well as weaknesses of people whom he wanted to target. This tactic to break into a computer network by gaining the confidence of an authorized user and get them to reveal information that compromises the network's security is known as Social Engineering . WHAT IS SOCIAL ENGINEERING Social engineering is nothing but a non technical kind of intrusion that relies heavily on human interaction and involves manipulating people so they give up confidential information. Social engineering was very effective those old days as well as today, as major targets are made victims using this old trick only and it is also one of the important components of many types of exploits like: Virus writers use social engineering tactics to persuade people to run malicious email attachments Phishers use social engineering tactics to convince people to disclose their sensitive information such as banking credentia

A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in  Android 5.0 Lollipop  – the latest version of the mobile operating system. The security vulnerability ( CVE-2014-7911 ), discovered by a security researcher named Jann Horn , could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks. The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year. According to the security researcher, android apps can communicate with system_service, which runs under admin privileges

The respected encryption and network security company RSA Security (now a division of EMC), whose respect was already on stack after revelation by former NSA contractor Edward Snowden  revealed that the NSA created a flawed random number generation system ( Dual_EC_DRBG ), Dual Elliptic Curve, which the most trusted security provider company RSA used in its Bsafe security tool.  Until then RSA wasn't able to come up from this aspersion, a new document by Snowden revealed that RSA received $10 million from NSA for keeping Encryption Weak. Researchers from Johns Hopkins , the University of Wisconsin , the University of Illinois  have claimed that the RSA adopted one more NSA recommended tool called Extended Random extension  for secure websites, which actually helps NSA to crack a version of the Dual Elliptic Curve software tens of thousands of times faster,  Reuters reported. Dual Elliptic Curve Deterministic Random Bit Generator ( Dual EC_DRBG ) is a cryptograph

Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to protect their organizations against the threats that bypass AV and firewall. Added to this is another challenge in that most organizations are limited in the resources they can invest in security. Many are left reliant on a single product on top of their security stack. Common practice in organizational security circles as they attempt to remain secure is to upgrade endpoint protection with EPP\EDR or a Network Analytic tool. But as we all know, what's common is not necessarily what's best. How can an organization ensure it remains secure, especially with all that is at stake?

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. The vulnerability, tracked as CVE-2019-0090 , resides in the hard-coded firmware running on the ROM ("read-only memory") of the Intel's Converged Security and Management Engine (CSME), which can't be patched without replacing the silicon. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features

A single ransomware attack on a New Zealand managed service provider (MSP) disrupted several of its clients' business operations overnight, most belonging to the healthcare sector. According to the country's privacy commissioner, " a cyber security incident involving a ransomware attack " in late November upended the daily operations of New Zealand's health ministry when it prevented the staff from accessing thousands of medical records. The Ministry of Justice, six health regulatory authorities, a health insurer, and a handful of other businesses also number among those affected by second-hand damage from the attack. There are ways to  recover from a ransomware attack , but the damage often extends into that attacked organization's customers and vendors.  The targeted MSP in this incident is Mercury IT, a business based in Australia. Te Whatu Ora, the New Zealand health ministry, was unable to access at least 14,000 medical records because of the outage at

ICANN Hires Def Con Founder Jeff Moss as Security Chief ! Jeff Moss, the hacker better known as " The Dark Tangent ," has been named Vice President and Chief Security Officer of ICANN, the non-profit corporation that manages the Internet's names and numbering infrastructure. He is the founder of DEF CON, the world's largest conference for hackers, as well as the Black Hat security conference. A phone phreaker in his youth, Moss has recently worked as a white hat hacker, working to secure networks from attack. "He has the in-depth insider's knowledge that can only come from fighting in the trenches of the on-going war against cyber threats," said ICANN president Rod Beckstrom in a statement. Moss is well known for having created the game "Spot the Fed" in which a hacker who thinks he's identified an undercover federal agent in the crowd at DEF CON can point him out, make his case, and if the crowd agrees, take home a coveted "I Spotted The Fed at DEF CON" t-shirt. D

As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance. However, a new report: "Better Together: SASE and Enterprise Browser Extension for the SaaS-First Enterprise" ( Download here ), challenges SASE's ability to deliver comprehensive security against web-borne cyber threats on its own. From phishing attacks to malicious extensions and account takeovers, traditional network traffic analysis and security falls short. The report sheds light on these limitations and introduces the role of secure browser extensions as an essential component in a comprehensive security strategy. SASE Advantages and Limitations SASE takes on a dual role in addressing both infrastructure and security. However, while SASE offers clear advantages in security, it may not e

Apple on Monday released  security patches  for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for  12 security vulnerabilities  in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit.  macOS Sonoma 14.2 , for its part, resolves 39 shortcomings, counting six bugs impacting the  ncurses library . Notable among the flaws is  CVE-2023-45866 , a critical security issue in Bluetooth that could allow an attacker in a privileged network position to inject keystrokes by spoofing a keyboard. The vulnerability was disclosed by SkySafe security researcher Marc Newlin last week. It has been remediated in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 with improved checks, the iPhone maker said. Also released by Apple is  Safari 17.2 , containing fixes for two WebKit flaws – C

Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting companies. Just one variation, the CEO Fraud email scam, cost UK businesses alone £14.8m in 2018. Working From Home Staff working from home are outside the direct oversight of IT support teams and often struggle to deal with cyber threats and appropriately protect company information. Failing to update software and operating systems, sending data over insecure networks, and increasing reliance on email and online messaging has made employees far more susceptible to threats ranging from malware to phishing. Human Error While technical solutions like spam filters and mobile device management syste

Facebook " Trusted friends " Security Feature Easily  Exploitable Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 " Trusted friends ". Facebook will be adding two new security features that will allow users to regain control of their account if it gets hijacked. In Facebook's case, the keys are codes, and the user can choose from three to five " Trusted friends " who are then provided with a code. If you ever get locked out of your account (and you can't access your email to follow the link after resetting your Facebook password), you gather all the codes and use them to gain access to it again. Yet This method is used by hackers to hack most of the Facebook account using little bit of Social Engineering from last 5-6 Months according to me. Let us know, how this works... How its Exploitable: This Exploit is 90% Successful on