Items tagged with security

More details about a previously disclosed security breach at cloud storage provider Dropbox have come to light. The hack itself is old news—it occurred back in 2012—but what's new is how many users were affected by it. Hackers made off with details belonging to north of 68 million Dropbox users, prompting a mass password reset. The folks at Motherboard got their mitts on a sample of files containing email addresses and hashed passwords of users affected by the Dropbox hack. The information is contained in four files totaling about 5GB, with details of 68,680,741 accounts. Apparently a senior Dropbox... Read more...
Here's a reminder to always check the URL of a website before entering in your login details, folks. That bit of safe computing advice applies to all online services, both big and small. Lest anyone doubt that, security researcher Aiden Woods recently notified Google of a potential security flaw in the way it handles user logins that, if exploited, could allow an attacker to steal the user's login credentials and/or distribute malware. Google has chosen not to address it. When you login into a Google service such as Gmail, the login page accepts what Woods says is a "vulnerable GET parameter."... Read more...
If you operate a Web server that runs on Linux, we're here to give you a bit of a prod in case you haven't updated it in a while. A piece of ransomware called FairWare is floating around, and as you'll soon see, its name is ironic as it's anything but "fair". Reports are coming in of users who have been struck with this awful type of malware, although it doesn't seem clear at this point exactly how the infection takes place. It's also not clear if this is some sort of automated attack -- one that simply scans the internet at large and infects where it can -- or if the attacks are focused. Either... Read more...
Data breaches happen all too frequently to companies both big and small. The latest victim is Opera Software, the Scandinavian outfit behind the Opera browser that's especially popular on mobile devices. Opera's security team said it detected signs of a attack on its sync system, and though the hack was quickly blocked, it believes the culprit(s) still made off with some stolen data. Users who take advantage of Opera's sync feature had their account details compromised in the attack, including their passwords and login names. Though Opera only stores encrypted (for synchronized passwords) or hashed... Read more...
Apple has filed a patent application with the United States Patent & Trademark Office (USPTO) that could flip the script on iPhone and iPad thieves looking for a fast payday. What they'll get instead is a visit from local law enforcement—the patent involves taking a snapshot and capturing the fingerprint of the thief without the sticky fingered culprit knowing. This is really a means of taking biometric security to the next level. Traditionally biometric security measures have been used to help verify a person's identity in place of (or in addition to) inputting a user password. But in this... Read more...
Russian hackers are thought to be targeting reporters and major news outlets, including The New York Times, which confirmed that its Moscow bureau was the target of an attempted cyberattack this month. The news agency hasn't found any evidence to suggest that the hackers were successful in their attempt, though an investigation is ongoing. "We are constantly monitoring our systems with the latest available intelligence and tools," said Eileen Murphy, a spokeswoman for The Times. "We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached... Read more...
We hear about hacks and attacks on web services all of the time, and often, there's a big reason behind it. The attackers either want to fetch information for their financial gain, or just to simply cause havoc. In this latest case involving Epic Games' forums, it appears to be the latter. In a new blog post, Epic says that it believes its Unreal Engine and Unreal Tournament forums have been compromised, with the attackers gaining access to email addresses and other information. Fortunately, no passwords were included, whether salted or not. This points to a smart design: while the bulk of the... Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits... Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back... Read more...
Today's a bad day security. First it was discovered that Microsoft accidentally leaked what amounts to a golden key for Secure Boot system, and now we find out there's a rather serious vulnerability in the TCP implementation in all Linux systems since version 3.6 of the Linux kernel was deployed four years ago. Is anyone safe? As it pertains to Linux, if exploited the vulnerability could allow attackers to sniff out hosts that are communicating over the protocol and hijack the traffic. And according to the researchers at the University of California, Riverside and the U.S. Army Research Laboratory... Read more...
Someone at Microsoft is having one of those Southwest moments where the airlines asks, "Want to get away?" That's because someone at the Redmond outfit leaked a security key that could allow attackers to bypass the protections in Windows devices that are put in place through Secure Boot. Worse yet, now that the genie's out of the bottle, there's no putting it back in. Security researchers MY123 and Slipstream discovered the so-called golden key that they say allows someone with admin rights or with physical access to a system to bypass Secure Boot to install and run their operating system of choice,... Read more...
Go ahead and cue up Cartman's "No kitty, that's a bad kitty!" soundbite, only this time it's not in reference to stealing those delicious Cheesy Poofs. McAfee's mobile malware research division found a sample of ransomware for Android that it's calling "ElGato," and once infected, it can steal a user's SMS messages, among wreaking other kinds of havoc. ElGato has botnet capabilities and a web-based control panel service, McAfee says. It's an ornery piece of software that reveals itself as a humorous image of a cat on infected devices. In addition to silently swiping potentially sensitive SMS messages,... Read more...
MICROS, one of the largest point-of-sale payment systems in the world, has been hacked by a Russian organized cybercrime group with a history of hacking into banks and retailers. The full extent of the security breach is still being evaluated, but given the size and scope of MICROS, this could turn out to be another lucrative payday for the Russian cyber thieves.Oracle purchased MICROS in 2014. At the time, Oracle said its point-of-sale systems were being used at more than 330,000 cash registers around the world, including more than 200,000 in the food and beverage industry, over 100,000 deployed... Read more...
Check Point, the company that's perhaps best known for its ZoneAlarm security software, found four vulnerabilities that put at risk most Android smartphones tablets. Collectively called QuadRooter, Check Point's mobile research team says the set of vulnerabilities affects Android devices that use Qualcomm chipsets, of which there are about 900 million in the wild. Qualcomm is the world's biggest provider of LTE chipsets with a dominating 65 percent share of the LTE modem baseband market. That leaves hundreds of millions of people susceptible to QuadRooter, including owners of the BlackBerry Priv,... Read more...
1 2 3 4 5 Next ... Last