Items tagged with security

We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously. This particular family of NSA exploits are being dubbed "DoublePulsar", and they're severe enough to warrant immediate attention to your Windows PCs. Last... Read more...
In 2013, security research firm DefenseCode revealed a major issue that plagued a large number of wireless routers, and because the number of affected devices was in the millions, the company held off on revealing the specifics. Fast-forward four years to the present day, and those details have finally been revealed. The vulnerability was originally found in a Cisco Linksys router, but it was quickly discovered that the same issue could be found on others - not just other Cisco models, but other vendor models as well. That led the researcher to discover that the issue ultimately related to the... Read more...
If you're using Google's Chrome browser as your primary vehicle to surf the web, you may want to think about temporarily parking it and puttering around in something else. That's because the most recent version of Chrome is vulnerable to a devious phishing attack, one that is capable of spoofing a legitimate website in the address bar so that you could be tricked into forking over your login credentials and other sensitive data. This particular variant uses unicode to register domains that look exactly the same as real domains. However, these fake domains can be used for malicious purposes, such... Read more...
In less than a month from now Microsoft will stop dishing out security updates for the original version of Windows 10 (build 1507) that was released back in July 2015. Microsoft had actually planned to stop supporting Windows 10 Version 1507 on March 26, 2017, but later decided to push back its end of servicing date to May 9, 2017, giving users some additional time to update. That date happens to be the second Tuesday of May, otherwise known as Patch Tuesday, which is when Microsoft rolls up a bunch of security fixes and patches into a single update. It will be the last Patch Tuesday available... Read more...
Microsoft made headlines early last year when it announced that users of Intel Skylake (and newer) processors, would need to run Windows 10, as support would be dropped on older versions of Windows. After that initial announcement, there wasn't much additional news related to the story. That is until last fall, when Redmond's most notable company told us that it was backtracking on the idea. That was a relief to many users, but unfortunately, it was only a temporary one. It didn't take long for another issue to arise, when it was revealed that those restrictions would go into effect with Intel's... Read more...
As always, be wary of opening email attachments, especially from untrusted sources. Security outfits FireEye and McAfee have both observed malicious Microsoft Office RTF documents in the wild that are exploiting a zero-day vulnerability in Microsoft Windows and Office that has not yet been patched. The samples observed are organized as RTF files with the .doc extension and appear as Word files. The vulnerability allows an attacker to execute a malicious Visual Basic script when the user opens the document containing an embedded exploit. FireEye says it has seen several Office documents exploiting... Read more...
As our world becomes increasingly connected, the risk of exploitation continues to rise. Last October, we wrote of an issue that could become an all-too-common occurrence in the future: exploitation of our emergency systems. A hot topic in recent years has been exploiting mobile emergency alert systems, which, while likely annoying to many, can prove useful in capturing kidnap victims or finding other missing persons. At the same time, security that's truly bulletproof is very rare, which means that very little in our connected world is completely safe from vulnerabilities. In the aforementioned... Read more...
New and used games retailer GameStop has found itself in a bit of a rough patch these days. The company recently reported less-than-stellar fourth quarter results and is planning to close at least 150 brick-and-mortar locations, and perhaps as many as 225. That is on top of the store locations it closed just a few years ago. While it deals with ways to increase revenue and profits, it now finds itself investigating a potential security breach that may have compromised credit card and customer data. Security hound KrebsOnSecurity heard from two unnamed sources in the financial industry that they... Read more...
There are lots of obvious examples of how IoT (Internet of Things) connected and smart devices can enrich our lives. However, as we've noted numerous times over the past year, there are a number of caveats that can also come with them. The glaring issue of course has to do with security, or the lack of it really. And perhaps the absolute lack of ownership certain manufacturers take with it and their products. Research firm Radware once helps underscore the glaring need for better IoT security with some hard proof about what we're dealing with. Employing a "honeypot" approach... Read more...
Intel has sold more than half of its stake in McAfee, the security outfit it acquired in 2010 for $7.68 billion, and will not support the brand as a standalone company. The deal makes McAfee one of the largest pure-play cybersecurity firms in the world. Upon closing the transaction, McAfee CEO Christopher D. Young wrote an open letter to Intel Security's stakeholders expressing optimism for the company's future. "Today, a new McAfee is born," Young wrote. "One that promises customers cybersecurity outcomes, not fragmented products. One that vows to move this industry forward by working with competitors,... Read more...
A terrorist attack in the UK has sparked a debate over whether encrypted services should provide backdoor access to law enforcement. The terrorist, Khalid Masood, killed four people in Westminster. It is believed that Masood used the encrypted communication service WhatsApp just minutes before the attack. That prompted UK's house secretary Amber Rudd to pressure WhatsApp and other services to rethink their approach to encryption."It is completely unacceptable, there should be no place for terrorists to hide. We need to make sure that organizations like WhatsApp, and there are plenty of others like... Read more...
Apple is not going to play ball with a group of hackers that is threatening to remotely wipe hundreds of millions of iPhone devices if the Cupertino outfit refuses to pay a ransom. While the hackers claim to have a large cache of iCloud and other Apple email account data at their disposal, Apple insists that its systems and servers remain secure and have not been infiltrated."There have not been any breaches in any of Apple's systems including iCloud and Apple ID," an Apple spokesperson told multiple media outlets. "The alleged list of email addresses and passwords appears to have been obtained... Read more...
Security researchers at Cybellum, a PC security firm in Tel Aviv, Israel, have discovered a rather nasty new zero-day attack that allows remote attackers to hijack popular antivirus programs and turn them into malicious agents. The technique is called DoubleAgent, named after the fact that a compromised antivirus agent might give the illusion that it's protecting a PC when it's actually installing malware. "DoubleAgent exploits a 15 year old vulnerability which works on all versions of Microsoft Windows, starting from Windows XP right up to the latest release of Windows 10. The sad, but plain fact... Read more...
Bitcoin seems to be the currency of choice when it comes to demanding ransoms, and that is because culprits demanding payment can hide behind a pseudonym (Bitcoin itself is not actually anonymous). So it is no surprise that a hacking organization has instructed Apple to fork over a Bitcoin ransom in exchange for not leaking a cache of iCloud and other Apple email accounts belonging to hundreds of millions of iPhone owners.The hackers call themselves the "Turkish Crime Family." In addition to accepting Bitcoin, the group has told Apple it would also be fine with being paid in Ethereum, which is... Read more...
1 2 3 4 5 Next ... Last