Breaking News »

Latest Hacking News

63 Universities and US Government agencies breached by hacker

A “Russian-speaking and notorious financially-motivated” hacker, Rasputin has reportedly hacked the computer systems of various universities and government agencies of US and sold the stolen data on the dark web.

According to the cyber security research firm,  Recorded Future, the hackers gained access to computer systems of more than 63 universities and federal, state, and local U.S. government agencies. The prominent universities include Cornell and New York University.

The firm claimed that the victims are “intentional targets of choice based on the organization’s perceived investment in security controls and the respective compromised data value. Additionally, these databases are likely to contain significant quantities of users and potentially associated personally identifiable information (PII).”

The list of the Rasputin's targets are quite long and it does extend to the 10 U.K university and one Indian University in Delhi as well. All the hacked agencies and universities have been informed about the hack by the Recorded Future's researchers.

The victims include 16 U.S state government, 6 U.S. cities and four federal agencies, Child Welfare Information Gateway, which is operated by the U.S. Department of Health and Human Services, and   Fermi National Accelerator Laboratory, America’s premier particle physics lab. The severity of the breaches are unclear

The List of U.S University victims: Cornell University, University of the Cumberlands, VirginiaTech, Oregon College of Oriental Medicine, University of Maryland, Baltimore County, Humboldt State University, University of Pittsburgh, The University of North Carolina at Greensboro, New York University, University of Mount Olive, Rice University, Michigan State University, University of California, Los Angeles, Rochester Institute of Technology, Eden Theological Seminary, University of Tennessee, Arizona State University, St. Cloud State University, NC State University, University of Arizona, Purdue University, University at Buffalo, Atlantic Cape Community College, University of Washington.

The list of U.K University Victims: University of Cambridge, Coleg Gwent, University of Oxford, University of the Highlands and Islands, Architectural Association School of Architecture, University of Glasglow, University of Chester, the University of the West of England, University of Leeds, The University of Edinburgh.

And one Indian University: Delhi University. 

F5 SECURITY FLAW REMOVES HTTPS ENCRYPTION

(pc-Google Images)
A security researcher has discovered a critical security bug in multiple F5 firewalls and load balancers that causes HTTPS encrypted connections to leak sensitive data.

The security flaw, known as Ticklebleed, was discovered by Cloudflare cryptography engineer Filippo Valsorda.

The bug affects almost 1,000 popular websites and website owners are advised to check for the vulnerability urgently.

The bug resides in a wide range of firewalls and load balancers marketed under the F5 BIG-IP name. By sending specially crafted packets to vulnerable sites, an attacker can obtain small chunks of data residing in the memory of connected Web servers. The risk is that by stringing together enough requests, an attacker could obtain cryptographic keys or other secrets used to secure HTTPS sessions end users have established with the sites.

Valsorda has observed the bug returning other users' session IDs, which by themselves aren't particularly sensitive.

Although he has deliberately not attempted to do so, he said he wouldn't be surprised if the flaw exposed the same types of sensitive information that were exposed by Heartbleed, an extremely high-severity bug in the OpenSSL cryptographic library that came to light in 2014. As a Cloudflare community challenge quickly demonstrated, Heartbleed could be exploited to reveal the secret cryptographic key attackers needed to impersonate a vulnerable website.

Throw away Cayla dolls as they are prone to hacking

A watchdog in Germany has instructed every parent to throw away a talking doll called Cayla as it has some critical flaws in their Bluetooth device which can expose you to the hacking of personal data.

Researchers at the Federal Network Agency (Bundesnetzagentur) says that there is an insecure Bluetooth device installed to listen and talk to the child while playing with it.

However, there is no response from the manufacturer, Genesis Toys, on the German warning.

While the distributor of the Cayla, Vivid Toy group,  has said that  "examples of hacking were isolated and carried out by specialists." And they said that they will take this issue on boards and would recommend to upgrade the app used in the doll.

But according to the experts, the vulnerability has not been fixed. This vulnerability was first reported back in  January 2015.

Even complaints have been filed against the company by US and EU consumer groups.

WhatsApp Two-Step Verification Will Improve Security

(pc-Google Images)
WhatsApp is implementing a new two-step verification process to boost security for users. While it’s an optional security feature, it’ll make it significantly more difficult for a hacker or any other third party to break into your account.

WhatsApp has been testing its two-step verification process since November, and is now beginning its rollout in phases. In order to turn on the feature, you’ll need to log into the app, find your way to the Settings page, then go to Account, where you can enable the security measure.

If activated, users will need to enter a six-digit security code in addition to their phone number and text message or voice call verification. They will also be asked to enter their security code once every seven days. Should users forget their security code, they can register an email address with WhatsApp and use it to turn off two-step verification.

WhatsApp said : “We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you’re not locked out of your account if you forget your passcode.”

The messaging service also notes, “If you receive an email to disable two-step verification, but did not request this, do not click on the link. Someone could be attempting to verify your phone number on WhatsApp.”

The roll out of the improved security comes weeks after the revelation of a vulnerability in the implementation of WhatsApp’s encryption protocols.

Vulnerability »

Malware Report »

Defacements »

Spam Report »