By Mohit Kumar
Is it wrong to hack back in order to counter hacking attack when you have become a victim? — this has been a long time debate.
While many countries, including the United States, consider hacking back practices as illegal, many security firms and experts believe it as “a terrible idea” and officially “cautions” victims against it, even if they use it as a part of an active defense strategy.
Accessing a system that does not belong to you or distributing code designed to enable unauthorized access to anyone’s system is an illegal practice.
However, this doesn’t mean that this practice is not at all performed. In some cases, retribution is part of current defense offerings, and many security firms do occasionally hack the infrastructure of threat groups to unmask several high-profile malware campaigns.
By Mohit Kumar
The secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims.
Confide, the secure messaging app reportedly employed by President Donald Trump’s aides to speak to each other in secret, promises “military-grade end-to-end encryption” to its users and claims that nobody can intercept and read chats that disappear after they are read.
However, two separate research have raised a red flag about the claims made by the company.
Security researchers at Seattle-based IOActive discovered multiple critical vulnerabilities in Confide after a recent audit of the version 1.4.2 of the app for Windows, Mac OS X, and Android.
By Jason Murdock
Ultra-secure messaging apps including Signal and WhatsApp, used by millions of people around the world, use strong end-to-end encryption to keep communications of users safe from spying. This week, WikiLeaks claimed the Central Intelligence Agency (CIA) had cracked it.
The truth, however, was slightly different. In fact, far from breaking directing through the protections offered by these measures, the reality indicates US state-backed hackers are having to resort to increasingly extreme measures to circumvent such technology.
ON TUESDAY MORNING, WikiLeaks published a data trove that appears to contain extensive documentation of secret Central Intelligence Agency spying operations and hacking tools. Codenamed “Vault 7,” the file contains 8,761 documents, and WikiLeaks claims that it represents “the majority of [the CIA] hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”
By Swati Khandelwal
Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet.
Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace.
The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it.
New York’s new security regulations for financial industry viewed as potential model for other states.
Today’s the day the much-anticipated new cybersecurity regulations for the financial industry go into effect in the state of New York.
Security experts say the new regulations by the state’s Department of Financial Services (DFS) set a minimum baseline for security best practices, and acknowledge that small- to midsized businesses with fewer resources and smaller IT staffs may find compliance more challenging.
The regulations require that banks, insurance companies, and other financial institutions establish and maintain a cybersecurity program. The new rules are widely viewed as the first of their kind and potentially a baseline model for other states.
By Raphael Satter
Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest development in the internet company’s investigation of a mega-breach that exposed 1 billion users’ data several years ago.
Yahoo confirmed Wednesday that it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.
In a statement, Yahoo tied some of the potential compromises to what it has described as the “state-sponsored actor” responsible for the theft of private data from more than 1 billion user accounts in 2013 and 2014. The stolen data included email addresses, birth dates and answers to security questions.
The catastrophic breach raised questions about Yahoo’s security and destabilized the company’s deal to sell its email service, websites and mobile applications to Verizon Communications.
The malicious activity that was the subject of the user warnings revolved around the use of “forged cookies” — strings of data which are used across the web and can sometimes allow people to access online accounts without re-entering their passwords.
A warning message sent to Yahoo users Wednesday read: “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.” Some users posted the ones they received to Twitter.
© 2017 Associated Press syndicated under contract with NewsEdge/Acquire Media. All rights reserved.
FCC chair plans to halt security rule and set up vote to kill privacy regime.
The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers’ personal information.
The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC’s new Republican majority. The privacy order’s data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.
The data security rule requires ISPs and phone companies to take “reasonable” steps to protect customers’ information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.
“Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2,” an FCC spokesperson said in a statement to Ars.