Items tagged with security

The parade of banks, insurance companies and retailers that have suffered data breaches has caused many people to store their passwords with sites like LastPass. The security company creates a unique password for each of the user’s logins and provides access to those passwords via a single, master password.Now, LastPass is admitting that at least some of its data has been comprised. The company believes that its customers are not vulnerable, but it concedes that email addresses and authentication hashes are among the data affected. Password reminders and server per user salts were also comprised.... Read more...
Google is putting up some serious cash in hopes that security researchers and Android dissectors in general will root out security vulnerabilities in exchange for monetary rewards. The expansion of its bug bounty program over to Android represents the first time the mobile operating system has been included, though at the outset it only applies to vulnerabilities discovered on Nexus phone and tablets currently available to purchase in the Google Play Store.That limits the program to the Nexus 6 and Nexus 9, at least for now -- Google says the set of devices that qualify for monetary rewards will... Read more...
Remember when skirmishes were fought on land, air, and sea? They still are, though in today's world, you can add cyberspace to the list. Cyber warfare has become a point of focus, and lest anyone doubt it, consider that that the U.S. Navy is looking to buy zero-day exploits, particularly those used on commercial software that foreign threats might be using. Dave Maass, a researcher for the Electronic Frontier Foundation, stumbled upon the zero-day request on FedBizOpps, a site that government agencies use to post contracting requests. On the site, the U.S. Navy posted a listing saying that the... Read more...
Federal Communications Commission (FCC) chairman Tom Wheeler has asked the wireless industry to voluntarily support the addition of features that would make it more difficult and/or less desirable for for thieves to steal mobile phones. A couple of the measures the FCC would like to see smartphone makers and wireless carriers adopt include remote lock and remote wiping."If implemented, these features will result in more consumers using these powerful features which, in turn, will mark a key milestone in combating smartphone theft," Wheeler said in a statement.It's also being recommended that the... Read more...
Jan Souček, a security researcher from Prague, has uncovered a vulnerability in the security of the iOS Mail application that nefarious types can deploy against users of the app to gain access to their iCloud passwords.    The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information. Specifically,... Read more...
If you've been itching to give your Nest smart thermostat a security camera sibling, your oddly specific desire can soon become a reality. It appears that Nest will be unveiling a security camera next week that shows off its Dropcam lineage, but has been given an aesthetics overhaul to look great wherever you want to put it. While it appears that this camera has been in its testing phase for a while, concrete details on its features is slim. What is said is that it will be able to stream at 1080p, and we'd imagine record at that resolution, too. It'll also have Bluetooth, which will probably be... Read more...
Leading antivirus firm Kaspersky Lab said that it recently suffered a security breach involving at least three techniques that it had never seen before. The AV company described the attack as "one of the most sophisticated campaigns ever seen," though it believes it was able to detect the intrusion at an early stage, thereby mitigating the damage."This highly sophisticated attack used up to three zero-day exploits, which is very impressive -- the costs must have been very high," Costin Raiu, director of Kaspersky's global research and analysis team, said in a statement.The sneaky malware used... Read more...
It's been a full two years since Edward Snowden blew the whistle on the massive spying efforts of the NSA, and despite the sheer amount of information and revelations that have come out since then, there still seems to be a lot more to come. The latest reveal involves the NSA running an intrusion detection system on the Internet's backbone, something it was granted permission for behind-the-scenes. It's reported that in 2012, the Justice Department wrote secret memos to grant the agency the ability to monitor addresses that exhibited security risk behavior. It's important to note that this permission... Read more...
Like something out of a sci-fi movie, researchers from Binghamton University just published a study on the use of brain signals to replace traditional means of logging into secure accounts, such passwords, fingerprint reading, and even fancy retina scans. What the researchers found is that your brain responds to certain words in unique ways. The team focused on 45 volunteers who each read a list of 75 acronyms, like FBI and DVD. Researchers looked at the part of the brain that's responsible for reading and recognizing words, and surprisingly enough, there's enough of a difference to the way each... Read more...
After mainboard vendors began adopting EFI en masse in recent years, security researchers all over have dissected the many different implementations out there to find that elusive crippling bug. Sometimes, though, such bugs are not actually elusive at all, like one just discovered by reverse engineering enthusiast fG. fG starts off his report by pointing out two excellent presentations revolving around EFI exploitation, and how this new one relates to one of those. At any point while using your PC, your EFI should never become exposed to write commands, but fG notes that this isn't the case on... Read more...
As more and more of our daily lives shift online, there's an increased need to take control of privacy and security settings. That's not always easy to do, depending on the service. With that in mind, Google today unveiled a new hub for managing your Google settings called My Account, which gives you quick access to the settings and tools needed to safeguard your data. It's also the place to go to tweak your privacy settings and decide what information Google should have access to for its services to work better. So that you're not overwhelmed by it all, you'll find a Privacy Checkup tool and a... Read more...
Given their importance, it'd be easy to believe that an institution such as the IRS would have sufficient security measures in place to protect our data - the tax information of everyone in the United States. As we discovered last week though, that's not at all the case. We learned on Wednesday that at least 100,000 personal tax records were snatched illegally from the IRS, not with the intent of making a statement, but instead to steal identities. It didn't take long before someone got the blame, and that someone, or country, was Russia. In case it hasn't been evident enough lately, Russia really... Read more...
It's now believed that a crime syndicate in Russia is responsible for a security breach resulting in the theft of IRS records containing personally identifiable information for over 100,000 taxpayers. The sole purpose of the theft was to engage in identity theft for the purposes of tax fraud, a scheme that was used to file some $50 million in fraudulent tax returns. Peter Roskam, an Illinois Republican and chairman of a House subcommittee with IRS oversight, told CNN that he heard from IRS Commissioner John Koskinen via telephone that the hack originated from Russia. It's concerning in part because... Read more...
Consider it an unfortunate sign of the times we live in that companies have to set aside enormous funds to contend with the cost of cyber related crimes. We're not talking chump change here -- according to a study by security firm Ponemon Institute that was funded by International Business Machines, the average cost of a data breach is now $3.8 million. That's up from $3.5 million a year ago and includes fees for investigating the breach, hiring experts to fix whatever security issue the hackers exploited, offering credit monitoring services for affected customers, and so forth. It adds up fast... Read more...
Prev 1 2 3 4 5 Next ... Last