Items tagged with security

Here we go again. In 2016, authorities tried to legally compel Apple to unlock an iPhone model that belonged to one of the terrorists in the San Bernardino shooting that left more than a dozen people dead. Apple resisted, and the Federal Bureau of Investigation dropped its lawsuit before the legal matter had a chance to fully play out in court. That may still happen, as authorities in Texas have searched Apple with a search warrant for various data contained on an iPhone belonging to Devin Patrick Kelley, the person behind the mass shooting in Sutherland Springs. Kelley slaughtered 26 people in... Read more...
OnePlus is catching heat from its customers yet again, this time for the discovery of a pre-installed application found on several of its handsets that could allow an attacker to gain root access. The application is a diagnostics tool called "EngineerMode" that Qualcomm developed and distributes to OEMs like OnePlus so they can test the hardware components of a device. However, it is not intended to stay on handsets once they ship to consumers. The presence of Qualcomm's app was discovered by Twitter user Elliot Anderson. After bringing it to attention, security outfit NowSecure reverse engineered... Read more...
As part of a recent case study, Google teamed up with the University of California, Berkeley, to better understand how hijackers attempt to take over email and social networking accounts. As any thirty-something who grew up watching G.I. Joe cartoons can attest, knowing is half the battle. So, after learning the most common methods for hijacking, Google has some tips on how Gmail users can protect their accounts from outside threats. Hijacking is a common problem, with more 15 percent of Internet users having reported experiencing the takeover of an email or social networking account. From March... Read more...
Most people have probably never been to Cloudflare's San Francisco office, but those who have been there would have noticed a large wall of lava lamps in the lobby. It is hard to miss—after all, it is not everyday that you come across dozens of lava lamps arranged on a set of shelves, not even in Spencer's where these groovy items are commonly found. What is not immediately obvious, however, is that the wall of lava lamps is not for decoration. Cloudfare is using them for encryption. It sounds wild, but for all that computers are capable of doing, the are not that great at picking random numbers.... Read more...
The Federal Bureau of Investigation (FBI) has been unable to access data on a locked smartphone that belonged to Devin Patrick Kelly, the individual who opened fire in a church in Sutherland Springs, Texas, leaving 26 people dead and several others injured. In a subsequent press release, the FBI identified the handset as an iPhone and said it had not been able to access the data on it. Unfortunately, it might be too late to do anything about it. "They're in the process of looking at the phone," Christopher Combs, the special agent leading the investigation, told reporters earlier this week. "Unfortunately,... Read more...
Microsoft has published a new and official set of standards for consumers who want to ensure they have a "highly secure Windows 10" device. The new standards are for general purpose desktops, laptops, tablets, 2-in-1s, mobile workstations, and good old fashioned desktops. They are broken up into two categories—hardware and firmware—and apply to devices running the Fall Creators Update. The hardware section consist of half a dozen sub-categories that read almost like a list of recommended requirements for a game. At the top of the list is the processor. In order to have a highly security Windows... Read more...
Google is working hard to make the web a more secure place and with its Chrome browser being the most popular browser on the market by most accounts, that was a good place to start. Google says that security has always been one of the core principles of Chrome and points out that it was found to be the most secure browser in two recent studies when looking at multiple aspects of security. Google promised about a year back that it would start marking all websites that aren't encrypted with HTTPS security as "not secure" in Chrome. Google's Emily Schechter, Chrome Security Manager, wrote, "We wanted... Read more...
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai. Whereas Mirai was able to spread by cracking weak passwords on... Read more...
Google knows that exploits make it through the app development process and could be lurking in some of the most popular apps on the Google Play Store, waiting for a nefarious hacker to take advantage. To help weed out these vulnerabilities, Google has launched the Google Play Security Reward Program. Developers of popular apps are invited to opt-in to the program and if they do, Google will pay out  up to$1,000 for bugs found in those apps. Google writes, "Developers of popular Android apps are invited to opt-in to the program, which will incentivize security research in a bug bounty model.... Read more...
Google has announced a new program for those who are most vulnerable to targeted attacks on via its services. Google says that the Advanced Protection Program is aimed directly at journalists, business leaders, and political campaign teams. Advanced Protection Program gives these users a physical Security Key promising the strongest possible phishing protection. The program limits access to emails and files from non-Google services and blocks fraudulent account access with extra steps needed to prove you are the one accessing your account. Protection against phishing attacks sees the physical Security... Read more...
Hacking happens all the time, and when it affects a large number of people, companies typically disclose the breach. Not always, of course, sometimes not even in a timely manner. As it pertains to Microsoft, something a little different occurred several years ago. Several former employees say a sophisticated hacking group busted into a secret internal database, which Microsoft never made public. Five ex-employees each told Rueters the same thing in separate interviews. All of them claim the breach happened in 2013, with Microsoft responding in private rather than disclosing the extent of the attack... Read more...
This morning we talked about a researcher from KU Leuven University in Belgium who had discovered a major security vulnerability in the WiFi Protected Access II (WPA2) protocol that is used to secure wireless internet traffic. That vulnerability could be used to allow a nefarious attacker to glean confidential details sent over WiFi such as usernames and passwords for secure websites. At least one software company didn't waste any time with an update, with Microsoft confirming that it released an update on October 10th that addressed the exploit. Microsoft has released a patch that will fix the... Read more...
Cybercriminals have developed a new form of Android ransomware that gives victims added incentive to pay up. In addition to scrambling the user's data with an AES encryption algorithm, the new ransomware replaces an infected device's personal identification number (PIN) with one that is randomly generated, effectively locking the rightful owner out. One the ransom is paid, the attacker can remotely reset the PIN and unlock the device. ESET, a security firm that offers antivirus solutions for both desktop and mobile devices, discovered the new ransomware and dubbed it DoubleLocker, since it locks... Read more...
A security expert at Belgian university KU Leuven has discovered a major vulnerability in the Wi-Fi Protected Access II (WPA2) protocol that could a expose a user's wireless Internet traffic, including usernames and passwords that are entered into secure websites. The vulnerability affects most devices and several operating systems, including Android, iOS, Windows, Linux, and OpenBSD. "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Marthy Vanhoef, a security expert at Belgian university KU Leuven, wrote in a detailed report... Read more...
1 2 3 4 5 Next ... Last