Items tagged with security

Data breaches happen all too frequently to companies both big and small. The latest victim is Opera Software, the Scandinavian outfit behind the Opera browser that's especially popular on mobile devices. Opera's security team said it detected signs of a attack on its sync system, and though the hack was quickly blocked, it believes the culprit(s) still made off with some stolen data. Users who take advantage of Opera's sync feature had their account details compromised in the attack, including their passwords and login names. Though Opera only stores encrypted (for synchronized passwords) or hashed... Read more...
Apple has filed a patent application with the United States Patent & Trademark Office (USPTO) that could flip the script on iPhone and iPad thieves looking for a fast payday. What they'll get instead is a visit from local law enforcement—the patent involves taking a snapshot and capturing the fingerprint of the thief without the sticky fingered culprit knowing. This is really a means of taking biometric security to the next level. Traditionally biometric security measures have been used to help verify a person's identity in place of (or in addition to) inputting a user password. But in this... Read more...
Russian hackers are thought to be targeting reporters and major news outlets, including The New York Times, which confirmed that its Moscow bureau was the target of an attempted cyberattack this month. The news agency hasn't found any evidence to suggest that the hackers were successful in their attempt, though an investigation is ongoing. "We are constantly monitoring our systems with the latest available intelligence and tools," said Eileen Murphy, a spokeswoman for The Times. "We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached... Read more...
We hear about hacks and attacks on web services all of the time, and often, there's a big reason behind it. The attackers either want to fetch information for their financial gain, or just to simply cause havoc. In this latest case involving Epic Games' forums, it appears to be the latter. In a new blog post, Epic says that it believes its Unreal Engine and Unreal Tournament forums have been compromised, with the attackers gaining access to email addresses and other information. Fortunately, no passwords were included, whether salted or not. This points to a smart design: while the bulk of the... Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits... Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back... Read more...
Today's a bad day security. First it was discovered that Microsoft accidentally leaked what amounts to a golden key for Secure Boot system, and now we find out there's a rather serious vulnerability in the TCP implementation in all Linux systems since version 3.6 of the Linux kernel was deployed four years ago. Is anyone safe? As it pertains to Linux, if exploited the vulnerability could allow attackers to sniff out hosts that are communicating over the protocol and hijack the traffic. And according to the researchers at the University of California, Riverside and the U.S. Army Research Laboratory... Read more...
Someone at Microsoft is having one of those Southwest moments where the airlines asks, "Want to get away?" That's because someone at the Redmond outfit leaked a security key that could allow attackers to bypass the protections in Windows devices that are put in place through Secure Boot. Worse yet, now that the genie's out of the bottle, there's no putting it back in. Security researchers MY123 and Slipstream discovered the so-called golden key that they say allows someone with admin rights or with physical access to a system to bypass Secure Boot to install and run their operating system of choice,... Read more...
Go ahead and cue up Cartman's "No kitty, that's a bad kitty!" soundbite, only this time it's not in reference to stealing those delicious Cheesy Poofs. McAfee's mobile malware research division found a sample of ransomware for Android that it's calling "ElGato," and once infected, it can steal a user's SMS messages, among wreaking other kinds of havoc. ElGato has botnet capabilities and a web-based control panel service, McAfee says. It's an ornery piece of software that reveals itself as a humorous image of a cat on infected devices. In addition to silently swiping potentially sensitive SMS messages,... Read more...
MICROS, one of the largest point-of-sale payment systems in the world, has been hacked by a Russian organized cybercrime group with a history of hacking into banks and retailers. The full extent of the security breach is still being evaluated, but given the size and scope of MICROS, this could turn out to be another lucrative payday for the Russian cyber thieves.Oracle purchased MICROS in 2014. At the time, Oracle said its point-of-sale systems were being used at more than 330,000 cash registers around the world, including more than 200,000 in the food and beverage industry, over 100,000 deployed... Read more...
Check Point, the company that's perhaps best known for its ZoneAlarm security software, found four vulnerabilities that put at risk most Android smartphones tablets. Collectively called QuadRooter, Check Point's mobile research team says the set of vulnerabilities affects Android devices that use Qualcomm chipsets, of which there are about 900 million in the wild. Qualcomm is the world's biggest provider of LTE chipsets with a dominating 65 percent share of the LTE modem baseband market. That leaves hundreds of millions of people susceptible to QuadRooter, including owners of the BlackBerry Priv,... Read more...
Some people take Grand Theft Auto V a little too seriously, either that or just live that sort of life for real. Houston police officers have just announced that they have arrested two men accused of stealing at least thirty Dodge and Jeep vehicles with a laptop computer and a simple software hack.  Michael Arce has been charged with with felon in possession of a weapon, possession with intent to deliver a controlled substance and unauthorized use of a motor vehicle. His partner in crime Jesse Zelaya has been charged with unauthorized use of a motor vehicle. The police have been watching them... Read more...
It's no surprise that a number of exploitable security holes still exist in the operating systems we use each and every day. It's just the nature of the beast; we're talking about software that has hundreds of millions of lines of code. Despite a developer's best efforts, it's virtually impossible to release bulletproof software - with all the moving pieces it's just far too complex. What is a bit of a surprise, though, is knowing that a vulnerability exists and that a major corporation (seemingly) has no interest in patching it up. That's the only conclusion we can draw from a bug that still exists... Read more...
Even Apple's software isn't immune to security holes and vulnerabilities. An admission of such by Tim Cook and the gang comes in the form of a new bug bounty program Apple announced at the Black Hat conference today in Las Vegas, Nevada. The program kicks off in September and will offer cash rewards for certain exploits. Apple's interested in vulnerabilities that affect iOS, it's mobile operating system, as well as any that might be present on its latest hardware devices. This is the first time Apple's offered a public bug bounty program with cash rewards, and those who participate stand to earn... Read more...
1 2 3 4 5 Next ... Last