Items tagged with security

Google has announced a new program for those who are most vulnerable to targeted attacks on via its services. Google says that the Advanced Protection Program is aimed directly at journalists, business leaders, and political campaign teams. Advanced Protection Program gives these users a physical Security Key promising the strongest possible phishing protection. The program limits access to emails and files from non-Google services and blocks fraudulent account access with extra steps needed to prove you are the one accessing your account. Protection against phishing attacks sees the physical Security... Read more...
Hacking happens all the time, and when it affects a large number of people, companies typically disclose the breach. Not always, of course, sometimes not even in a timely manner. As it pertains to Microsoft, something a little different occurred several years ago. Several former employees say a sophisticated hacking group busted into a secret internal database, which Microsoft never made public. Five ex-employees each told Rueters the same thing in separate interviews. All of them claim the breach happened in 2013, with Microsoft responding in private rather than disclosing the extent of the attack... Read more...
This morning we talked about a researcher from KU Leuven University in Belgium who had discovered a major security vulnerability in the WiFi Protected Access II (WPA2) protocol that is used to secure wireless internet traffic. That vulnerability could be used to allow a nefarious attacker to glean confidential details sent over WiFi such as usernames and passwords for secure websites. At least one software company didn't waste any time with an update, with Microsoft confirming that it released an update on October 10th that addressed the exploit. Microsoft has released a patch that will fix the... Read more...
Cybercriminals have developed a new form of Android ransomware that gives victims added incentive to pay up. In addition to scrambling the user's data with an AES encryption algorithm, the new ransomware replaces an infected device's personal identification number (PIN) with one that is randomly generated, effectively locking the rightful owner out. One the ransom is paid, the attacker can remotely reset the PIN and unlock the device. ESET, a security firm that offers antivirus solutions for both desktop and mobile devices, discovered the new ransomware and dubbed it DoubleLocker, since it locks... Read more...
A security expert at Belgian university KU Leuven has discovered a major vulnerability in the Wi-Fi Protected Access II (WPA2) protocol that could a expose a user's wireless Internet traffic, including usernames and passwords that are entered into secure websites. The vulnerability affects most devices and several operating systems, including Android, iOS, Windows, Linux, and OpenBSD. "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Marthy Vanhoef, a security expert at Belgian university KU Leuven, wrote in a detailed report... Read more...
All statistics are notable in their own right, but once in a while, one comes along that seems downright mind-boggling. Take this one: 500 million people are currently affected by unauthorized cryptocurrency mining. Remember when pop-up ads were the biggest offense? That's child's play. If you run into a website running a mining script, you'll be paying real money by way of a higher power bill. AdGuard, a company specializing in blocking unwanted scripts from websites, has just released a report on its research which includes the 500 million stat above. That's far from being the only interesting... Read more...
After an almost mind-boggling number of security and privacy issues that have deluged into our lives over the past handful of years, you'd think that companies would begin to take their customers' private data seriously. Still, there are some who just don't seem to "get it", and apparently, OnePlus has proven to be one of these late bloomers. Earlier this week, we wrote of security researcher Chris Moore, who discovered data that was being sent to OnePlus' Amazon AWS instances without permission, and without an option to turn it off. While much (or perhaps all) of the data that was transmitted... Read more...
Late last year a hack was perpetrated on what is called a "partner organization" that worked with the Australian Signals Directorate (ASD). The unnamed organization notified the ASD that it was hacked in November of 2016, and that outside parties gained access to its network. The small organization has only 50 employees and is a subcontractor to the Department of Defense, providing aerospace engineering assistance. The data that was stolen in the hack contained information that is protected under the International Traffic in Arms Regulations (ITAR) and included details on the F-35 Lightning II... Read more...
A software engineer has discovered that OnePlus is actively collecting certain data on its users without their knowledge or permission. Chris Moore, owner of a UK-based security and tech blog and a finalist at Cyber Security Challenge UK, published an article detailing the Chinese electronic company's data collection and how there does not appear to be a setting to turn it off. Moore noticed the curious activity while participating in a security event. What he found was that his OnePlus 2 was feeding specific data to open.oneplus.net, which after a DNS lookup was revealed to be an Amazon AWS instance.... Read more...
Do you know what hackers were doing around this time five years ago? They were breaking into a database at Disqus, the popular blog comment hosting service supported by scores of websites, in many cases in place of traditional web forums (remember those?). Disqus only found out about it this past Thursday and began alerting users a day later, rather than waiting like many companies often do. "On October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now," Disqus stated... Read more...
Back in 2013, Yahoo's database was breached by hackers and it wasn't discovered or reported until 2016. When that reporting happened last year, Yahoo thought that detials on 1 billion of its user accounts had been stolen. As it turns out, things are much worse than Yahoo (now owned by Verizon and part of Oath) originally thought. Yahoo reports that after its acquisition by Verizon and during the integration of the two companies, new intelligence on the breach was found and that it now believes all 3 billion accounts existing in 2013 were stolen in the hack. Yahoo reminds users that this isn't a... Read more...
Around two years ago, researchers discovered serious firmware vulnerabilities in Mac laptops and desktops, and then developed a proof-of-concept worm to demonstrate how potentially damaging they could be. Since then, Apple has been pretty good about including EFI (extensible firmware interface) updates with its macOS security and software updates, though new evidence suggests it is not nearly enough. This time around, researchers at Duo Security took a detailed look at the firmware used in Mac systems, and found them to be lacking. This is the part of the system that makes a series of checks and... Read more...
Well this is unsettling news—a security researcher has discovered a bug in Microsoft's Internet Explorer browser that allows remote hackers to view anything and everything you type in the address bar, including web addresses, search terms, and any other text. If you are still using IE as your browser of choice, be advised that the vulnerability exists on the latest version. This is a potentially big deal as nearly a third of all desktop users still surf the web with IE, according to data by Net Applications. Stat Counter reports a much lower usage at 8.61 percent, but either way, IE is still in... Read more...
It used to be that Macs were thought to be nearly immune to malware, viruses, and serious security issues. That certainly isn't the case with modern Macs because as the user base has grown, the amount of malware and viruses targeting the platform has also grown. Back in June, we talked about malware-as-a-service attacks targeting Macs. This week Apple launched a new and free update to the macOS called High Sierra. Only a few days after the release of that software, Apple has acknowledged a security flaw in the update. Reports indicate that programs not approved by Apple might be... Read more...
1 2 3 4 5 Next ... Last