The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securing the operating systems running on their instances, as well as the applications running on those operating systems. On the other hand, physical security and security of the hypervisor is Amazon's responsibility. When it comes to the network, security of that layer is a shared responsibility between the user and Amazon. Implications of the Shared Security Model Huge operational efficiencies can be gained in a shared security model, however this comes at the cost of the flexibility to have total control over an environment. In the past, significant security issues have occurred as organizations move to the shared model. During this transition, it's key that organizations under

Google is reportedly going to launch a new online photo-sharing service and storage option at its developer conference later this month, which Bloomberg says , will not be a part of its Google+ social network. At the moment, Google offers a photo sharing service known as " Google+ Photos ," which comes pre-installed with every Android device. Google+ Photos automatically backs up photos in the device to Google cloud storage. However, the new photo service will not be a part of Google+ network . It seems like the company's attempts to bolster its product lineup and compete with the increasingly popular rivals like Facebook or Twitter to grow its user base. Just the way like Facebook, who acquired the popular mobile photo-sharing service Instagram in 2012 and increased its user base to more than 300 Million users in one shot. There aren't many details about How the new Google photo service will work? Whether the online photo storage part of the service

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

After HeartBleed , POODLE and FREAK  encryption flaws, a new encryption attack has been emerged over the Internet that allows attackers to read and modify the sensitive data passing through encrypted connections, potentially affecting hundreds of thousands of HTTPS-protected sites, mail servers, and other widely used Internet services. A team of security researchers has discovered a new attack, dubbed Logjam , that allows a man-in-the-middle (MitM) to downgrade encrypted connections between a user and a Web or email server to use extremely weaker 512-bit keys which can be easily decrypted. Johns Hopkins crypto researcher Matthew Green along with security experts from the University of Michigan and the French research institute Inria has discovered LogJam a few months ago and published a technical report that details the flaw. Logjam — Cousin of FREAK Logjam encryption flaw sounds just like FREAK vulnerability disclosed at the beginning of March.  The FREA

A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036 , is a remotely exploitable kernel stack buffer overflow flaw resides in Taiwan-based KCodes NetUSB . NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network. NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet. The security flaw, reported by Stefan Viehbock of Austria-based SEC Consult Vulnerability Lab, can be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) in order to establish a connection. However, if a connecting comp

Good news for Gamers! Users of Facebook Messenger may soon be able to play games on the messaging platform . Nearly two months ago, Facebook launched its Messenger platform , inviting developers to create apps that allow you to send and receive GIFs, sound clips, and other artistic creations within Messenger, but the social network giant don't want the fun for users to end here. Facebook has confirmed that the company is actively discussing plans with several game developers to create games that work on its Messenger platform, to make its users' experience a lot more fun and potentially more lucrative. More user engagement, More Revenue: First reported on Monday by The Information , Facebook's plan for gamification is a way to get more user engagement and more revenue. Although there are not many details about Facebook's gaming initiative, the idea sounds really interesting, as we already have our social network established over Messenger that could make