Proposed Bill Would Legally Allow Cyber Crime Victims to Hack Back

By: sikur

By Mohit Kumar

hacking-back-hackersIs it wrong to hack back in order to counter hacking attack when you have become a victim? — this has been a long time debate.

While many countries, including the United States, consider hacking back practices as illegal, many security firms and experts believe it as “a terrible idea” and officially “cautions” victims against it, even if they use it as a part of an active defense strategy.

Accessing a system that does not belong to you or distributing code designed to enable unauthorized access to anyone’s system is an illegal practice.

However, this doesn’t mean that this practice is not at all performed. In some cases, retribution is part of current defense offerings, and many security firms do occasionally hack the infrastructure of threat groups to unmask several high-profile malware campaigns.

MORE: https://goo.gl/6Nse2r

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Secure Messaging App ‘Confide’ Used by White House Staffers Found Vulnerable

By: sikur

By Mohit Kumar

confide-secure-encrypted-messengerThe secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims.

Confide, the secure messaging app reportedly employed by President Donald Trump’s aides to speak to each other in secret, promises “military-grade end-to-end encryption” to its users and claims that nobody can intercept and read chats that disappear after they are read.

However, two separate research have raised a red flag about the claims made by the company.

Security researchers at Seattle-based IOActive discovered multiple critical vulnerabilities in Confide after a recent audit of the version 1.4.2 of the app for Windows, Mac OS X, and Android.

MORE: http://thehackernews.com/2017/03/confide-secure-messenger.html

 

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation

By: sikur

By Swati Khandelwal

blackBerry-pgp-encrypted-emailThe Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation.

PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to protect them from being spied on.

You’ll be surprised to know how the police actually decrypted those PGP messages.

MORE: http://thehackernews.com/2017/03/decrypt-pgp-encryption.html?m=1

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

WikiLeaks’ claim that WhatsApp and Signal are open to CIA hacking rubbished by security experts

By: sikur

By Jason Murdock

Ultra-secure messaging apps including Signal and WhatsApp, used by millions of people around the world, use strong end-to-end encryption to keep communications of users safe from spying. This week, WikiLeaks claimed the Central Intelligence Agency (CIA) had cracked it.
The truth, however, was slightly different. In fact, far from breaking directing through the protections offered by these measures, the reality indicates US state-backed hackers are having to resort to increasingly extreme measures to circumvent such technology.

MORE: http://www.ibtimes.co.uk/wikileaks-claim-that-whatsapp-signal-are-open-cia-hacking-rubbished-by-security-experts-1610405

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets

By: sikur

ON TUESDAY MORNING, WikiLeaks published a data trove that appears to contain extensive documentation of secret Central Intelligence Agency spying operations and hacking tools. Codenamed “Vault 7,” the file contains 8,761 documents, and WikiLeaks claims that it represents “the majority of [the CIA] hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”

More: https://www.wired.com/2017/03/wikileaks-cia-hacks-dump/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

By: sikur

By Swati Khandelwal

Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet.

Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace.

The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it.

MORE: http://thehackernews.com/2017/03/gmail-yahoo-password-hack.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

New Cybersecurity Regulations Begin Today For NY Banks

By: sikur

By Steve Zurier

New York’s new security regulations for financial industry viewed as potential model for other states.

Today’s the day the much-anticipated new cybersecurity regulations for the financial industry go into effect in the state of New York.
Security experts say the new regulations by the state’s Department of Financial Services (DFS) set a minimum baseline for security best practices, and acknowledge that small- to midsized businesses with fewer resources and smaller IT staffs may find compliance more challenging.
The regulations require that banks, insurance companies, and other financial institutions establish and maintain a cybersecurity program. The new rules are widely viewed as the first of their kind and potentially a baseline model for other states.
Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Yahoo Issues Another Warning in Fallout from Hacking Attacks

By: sikur

By Raphael Satter

Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest development in the internet company’s investigation of a mega-breach that exposed 1 billion users’ data several years ago.

Yahoo confirmed Wednesday that it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.

In a statement, Yahoo tied some of the potential compromises to what it has described as the “state-sponsored actor” responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014. The stolen data included email addresses, birth dates and answers to security questions.

The catastrophic breach raised questions about Yahoo’s security and destabilized the company’s deal to sell its email service, websites and mobile applications to Verizon Communications.

The malicious activity that was the subject of the user warnings revolved around the use of “forged cookies” — strings of data which are used across the web and can sometimes allow people to access online accounts without re-entering their passwords.

A warning message sent to Yahoo users Wednesday read: “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.” Some users posted the ones they received to Twitter.

MORE: http://www.toptechnews.com/article/index.php?story_id=103003JXO8FZ

© 2017 Associated Press syndicated under contract with NewsEdge/Acquire Media. All rights reserved.
Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

FCC to halt rule that protects your private data from security breaches

By: sikur

FCC chair plans to halt security rule and set up vote to kill privacy regime.

By
The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers’ personal information.

The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC’s new Republican majority. The privacy order’s data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.

The data security rule requires ISPs and phone companies to take “reasonable” steps to protect customers’ information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.

“Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2,” an FCC spokesperson said in a statement to Ars.

MORE: https://arstechnica.com/tech-policy/2017/02/isps-wont-have-to-follow-new-rule-that-protects-your-data-from-theft/

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist