According to local media, Uber executives responded to the data breach of 57 million customers’ data by paying USD 100,000 to the two hackers responsible for the cyber attacks. In exchange, the hackers will conceal the data breach from the public and delete the information.

Apparently, the breach occurred back in October 2016, where information like names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers were stolen.

The two hackers were believed to access to these sensitives information through third party server, GitHub where proprietary information were stored. Then, the two hackers downloaded driver and rider data from a separate cloud-services provider.

“We do not believe any individual rider needs to take any action.” said the Uber spokesman on the data breach. “We have seen no evidence of fraud or misuse tied to the incident.”

In the meantime, Dara Khosrowshahi, CEO of Uber, has immediately responded to the incident by shoring up cyber-security defenses.

“I’ve asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward.” said Khosrowshahi.

To be fair, Khosrowshahi was the newly appointed CEO of Uber from his predecessor, Travis Kalanick and claimed that he did not know of the breach till recently.

“None of this should have happened, and I will not make excuses for it.”  concluded Khosrowshahi.

Upon knowledge of the breach, Uber’s chief security officer, Joe Sullivan and a deputy, Craig Clark was sacked and the company pledged to work closer with the regulators for investigation on the breach.

Uber was not alone in the data breach that seemingly more prevalent in the commercial world. Equifax, FOREVER 21, Deloitte and even the nation of Malaysia were victims of cyber attacks as well with sensitive information being revealed.

The post Uber pays ransom to cover up cyberattack appeared first on Hack Ware News.

There is a famous Chinese general Sun Tzu saying about planning, attacking and winning several battles as “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

Why is footprinting important? A few reasons are outlined as below.

1. Understand Security Posture
2. Minimize Focus Area
3. Identify Vulnerabilities
4. Draw Network Diagram

The primary objectives of footprinting include gathering information about the target’s network and system, even the organization information.

The quickest reconnaissance is using a search engine to extract information about the target such as types of system, login pages, and employee details.

This method is known as passive footprinting in which an attacker never makes contact with the target system.

Discovery of target’s IP address

We are here to find out the IP address of the target system by means of using the PING utility. Let us pretend the hackwarenews.com as a target.

From the above experiment, the target domain’s IP address is 5.189.142.154. We also get other information on Ping Statistics, such as packets sent, packets received and approximate round-trip time.

Location of web server

We could also find out where the web server has been hosted. In order to do that, it does require to key in the target domain name in https://www.site24x7.com/find-website-location.html and https://check-host.net/ as shown below.

In order to get better and reliable information, we have to gather data from several sources. Based on the findings above, we will know that the target web’s server has been hosted in Munich, Germany.

Revealing of name server and mail address

There are numerous ways of finding the primary name server and responsible mail address as below.

Our target system would work with the primary name server called ns1.contabo.net and the mail system being hosted contabo.de

The above information is essential for an attacker. Last but not least, there are various tools and technologies to get and hack the whole system.

The post Fundamentals of Ethical Hacking appeared first on Hack Ware News.

In cybersecurity or rather cyber-warfare, funds are needed to upgrade hardware, technology and communications before assembling trained men dedicated to defend or attack. Recently, the United States (US) government has put this strategy to broad uses much like the military rearmament for any foreseeable future cyber-warfare.

Cyber-warfare policy worth USD700 billion

On Monday, 18 Sep 2017, the US Senate has passed a bill worth a “whoppy” USD700 billion war chest to create the country’s first ever cyber warfare policy. The draft was dubbed as a defense authorization bill and involved the use of offensive digital weapons as well as spending USD500 million in the modernization of federal information technology.

The modernization and technological software upgrade will come as handy as previously the US government sector was ranked lowly, at the bottom two places or 16th out of 18 industries compiled by the SecurityScorecard, a security risk rating agency.

Protection of strategic resources.

After the pumping many greenbacks into development of offensives cyber-weapons, US has also developed battle plans in protecting strategic resources of raw materials like oil and natural gases.

As such, the US Department of Energy (DOE) had introduced 20 cybersecurity projects to protect the American electric grid, and oil and natural gas infrastructure. Award up to USD50 million will be granted by DOE to support early stage research and development of next-generation tools and technologies in protection of strategic energy resources.

So far, the department has invested more than USD270 million over the past seven years in cybersecurity research development, and demonstration projects that are led by industry, universities and DOE’s National Laboratories.

Australia joins the rearmament race

US is not alone in the rearmament race of cybersecurity, the Australian government has pledged AUD50 million (USD39.7 million) over the seven years to build up its cyber security capability through a new cybersecurity cooperative research centre (CRC).

Additional funding of AUD89 million or USD70.8 million for the CRC will come from other channels such as from around 25 industry players, research and government partners. All these funds are part of the grander Australia’s AUD 240 million Cyber Security Strategy which formed the defensive shield in preventing attacks from any state-sponsored attackers or from any organized crime syndicates. Furthermore, the country has branched out to liaise with its “cyber-allies” in the region such as Singapore for a “joint cybersecurity exercise.”

Small is beautiful

Cybersecurity funds for Australia may seem like a dwarf as compared to more holistic “defense and attack” strategy adopted by US. But the notion is clear, each country should do its part and set aside resources for cybersecurity.

As a city-state, Singapore plays its part in cybersecurity with an upfront injection of USD12 million under its National Cyber Security R&D Program. The funding will go to finance around 9 public-private research projects in data protection and encryption as well as analysis report on malware attacks. The island-nation has recently prioritized cybersecurity in its borders and the topic even make it ways into its National Budget 2017.

Small it may be, but cybersecurity in Singapore is armed to its teeth. The city-state is ranked high and always placed among the top ten attacking countries by Threatmap, a web agency that tracks malicious cyber-attacks across the globe. In 18^th to 19^th September 2017, Singapore was even crowned as “numero uno” consecutively for being the top cyber attacker of the world.

The post Rearming for Cyber-warfare appeared first on Hack Ware News.