Items tagged with security

Security firm Cellebrite made headlines earlier this year when its services were employed by the FBI to help break into the phone of the San Bernardino shooter. Cellebrite recently invited a bunch of UK press to an event to show off what it's capable of.Equipped with an outdated smartphone, BBC reporter Rory Cellan-Jones went off for a half an hour, password-protected the device, and took pictures -- basically using the phone normally. You can see where this is going. Despite the password, Cellebrite plugged the phone into a bulky tablet, and after a few taps, the phone's security was disabled.... Read more...
The web is becoming the wild, wild west all over again it seems. You could argue the Internet's always been a potentially dangerous place, but with the proliferation of smart devices becoming increasingly commonplace, cybercriminals now have more points of entry into home networks than ever before. Smart home automation gadgets collectively comprise much of what's referred to as the Internet of Things (IoT), and just like your PC, they can be silently hijacked and enlisted into a botnet, a malicious network of systems under the control of a foreign party. Individually, all these smart lighting,... Read more...
The latest version of iOS brings a lot of interesting (and perhaps fun) things to the table, but as it turns out, It had one sloppy regression that was quickly pointed out. Apple shipped iOS 10 with a severe security vulnerability that affects iTunes backups. As we reported on Friday, Russian security research firm Elcomsoft revealed that gaining access to an iOS 10 backup password via iTunes, is "2,500 times faster" than before. While that speed boost is likely only going to be useful to those who have physical access to a device, it's an alarming statistic nonetheless. And if there's... Read more...
Yahoo is the latest major US corporation dealing with the fallout of a data breach that happened two years ago. Some might say that Yahoo's heartburn is well-deserved, though, as the company could have handled things better back in the day, which would have led to a better outcome right now. As we covered on Thursday, Yahoo suffered a major breach back in 2014 that resulted in some 500 million user accounts having their information compromised. However, it's only just recently that users have learned of this, so that's the first major criticism of Yahoo but it goes deeper. Yahoo has said that... Read more...
Today the bad guys have won. Not the war, mind you, but a skirmish with renowned security journalist Brian Krebs, author of The New York Times bestseller "Spam Nation," a former writer for the The Washington Post, and owner of KrebsOnSecurity, a popular security blog that's no longer live after cloud service provider Akamai gave Krebs just 2 hours to pack his things and leave. Of course, there's more to the story than that. Akamai isn't some evil company secretly working for the bad guys (we hope not, anyway). But it was providing free service to Krebs for his blog. You get what you pay for. In... Read more...
Yahoo is getting ready to disclose a data breach that exposed account details for at least 200 million users. While nothing is yet official on Yahoo's part, the forthcoming disclosure is likely related to a security breach earlier this summer that Yahoo previously said it was investigating. Since then, a cybercriminal who goes by the name "Peace" has been selling the data on the dark web for $1,800.Peace, who has been linked to other high profile security breaches, claims the data includes usernames, passwords that are easy to decrypt, and personally information such as birth dates, email addresses,... Read more...
Researchers from Keen Security Lab in China discovered and demonstrated a vulnerability in Tesla's Model S vehicles that could allow a remote hacker to fiddle with various controls, everything from opening the moon roof and adjusting the power seats to even applying the brakes. The security outfit shared its findings with Tesla, which issued an over-the-air update to plug the security hole. The researchers said they spent several months looking for vulnerabilities in Tesla's connected vehicles and were able to find several security holes. What's particularly alarming about the flaws they found... Read more...
If you're trying to removing malware from your system, it's a good idea to boot your Windows system in Safe Mode, or so conventional wisdom has taught us. That's still true, but in an ironic turn of events, security researchers at CyberArk Labs warn that remote attackers who've infiltrated a system can use Safe Mode to more easily maneuver your network and do more harm while remaining undetected. Safe Mode loads only the bare necessities to boot and run Windows. It's primarily used to troubleshoot issues that arise in a normal Windows environment, be it a buggy driver, conflicting hardware or software,... Read more...
Mark Zuckerberg, the billionaire whiz kid who created the most popular social networking site on the planet, puts tape on his system's webcams. While that might sound paranoid to some, it's a common privacy measure against hackers who might be trying to spy on you or your company. Zuckerberg is far from alone—James Comey, the director of the Federal Bureau of Investigation (FBI), uses a piece of tape on his personal laptop's webcam and recommends that everyone else does as well. "There's some sensible things you should be doing, and that's one of them," Comey said during a recent conference at... Read more...
When most people buy a sex toy, they're usually not too overt about it. In fact, the mere thought of someone intercepting that package on your doorstep and noting what might be inside is something that could cause serious embarrassment. Sex is unquestionably one of the most private things to most people, so when one customer found out that a vibrator company was fetching a bit more information than anyone would want exposed, she decided to pursue legal action. The company in question is Canada-based Standard Innovation, and despite its name, its practices seem anything but "standard." The user,... Read more...
Researchers from the Negev Cyber-Security Research Center at Ben-Gurion University recently released a terrifying piece of news. It explains that if a malicious entity decided to craft malware that infected only a few thousand mobile phones, it would be possible to cripple an entire 911 system. That means legitimate calls couldn't make it through, and staffers manning the lines would be inundated with fake calls. The research published last week reveals that in most states, if as few as 6,000 mobile phones were infected with malware that serves no other purpose but... Read more...
Two 18-year-olds from Israel find themselves in hot water with the United States Federal Bureau of Investigation (FBI) for their alleged roles in running a lucrative attack service called vDOS. They're said to have earned over $600,000 in the past two years by helping customers coordinate over 150,000 Distributed Denial of Service (DDoS) attacks.Israeli authorities arrested the two teenagers, Itay Huri and Yarden Bidani, on Thursday as part of an investigation by the FBI. They were questioned and released the next day for what amounts to around $10,000 bond each. Authorities also seized their passports... Read more...
The USB port is one of the most influential and important inventions of the modern computing era, but like just about anything that's innovative and pervasive, there's usually potential to do harm as well. Need proof of that? Check out the USB Kill, a sly little USB stick that's capable of frying just about any consumer or commercial device with a USB port in a matter of seconds. There's no complex coding required or anything of that nature—you just plug the USB Kill into a USB port and moments later, ZAP!, the system is dead. The latest version of this device, USB Kill 2.0, purports... Read more...
The last thing you want to do is broadcast your bank or other sensitive login credentials for any Nosy Nellie to see. That's why a properly secured website asking for your confidential information uses encryption. Starting soon, Google's Chrome browser will tattle on websites that fail to secure your passwords and credit card details. There will be a warning when a website using insecure HTTP connections asks for your sensitive data. As it stands, the current version of Chrome (Chrome 53) doesn't explicitly label HTTP connections as non-secure. But beginning in January of next year, Chrome 56 will... Read more...
1 2 3 4 5 Next ... Last