Items tagged with security

It used to be that Macs were thought to be nearly immune to malware, viruses, and serious security issues. That certainly isn't the case with modern Macs because as the user base has grown, the amount of malware and viruses targeting the platform has also grown. Back in June, we talked about malware-as-a-service attacks targeting Macs. This week Apple launched a new and free update to the macOS called High Sierra. Only a few days after the release of that software, Apple has acknowledged a security flaw in the update. Reports indicate that programs not approved by Apple might be... Read more...
Researchers have still been working their way through the hack that resulted in the very popular CCleaner security app being used as a host for malware. The initial attack was thought by many to have caused minimal harm to computer systems that were infected, but it looks like there was a secondary attack that may be more nefarious. According to the researchers, the hackers were able to piggyback on that initial malware wave and install a second piece of malicious software on the computers working daily in some of the biggest tech firms around the world. The real target of this attack is now thought... Read more...
Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well. The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its... Read more...
Companies the world over give IT admins access to some of their most sensitive information. This is the kind of information that if lost, damaged, or stolen would lead to lost money and business for the company. An Arizona man name Tavis Tso has entered into a plea deal resulting from his actions where he took the domain name of a company and redirected it to a teen porn site. The incident went something like this. Tso was a contract IT admin for an unnamed company and had done some work for the company at some point. The client company asked Tso for their GoDaddy login information so that it could... Read more...
If you have a normal security system at your home or office, you know what a hassle they can sometimes be. If you are the sort who never seems to remember the passcode or feels rushed when you arm the system and then have only 30 seconds or so to get out, you know a normal security system isn't ideal. Nest has a new home security product called Nest Secure that wants to make home security easy and convenient for families. Nest Secure is an alarm system that has three different parts to it including the Nest Guard, Nest Detect, and Nest Tag. Guard is the all-in-one security base with an alarm, keypad,... Read more...
TrendMicro has published a report that claims that a "sizable" spam campaign is underway and other than just having a bunch of unwanted email to contend with, the spam campaign is also pushing ransomware. The spam campaign is said to be distributing the latest variant of Locky, which is the ransomware that invaded LinkedIn back in November of last year via bogus leads.  The security firm says that it has looked at samples of these recent spam campaigns and has found that criminals are using some sophisticated distribution methods to affect users in over 70 countries. Along... Read more...
Users of the popular CCleaner program by Piriform are being advised to update the application after researchers at Cisco's Talos division discovered hackers had hidden malware inside. The contaminated utility served as a beacon call for additional forms of malware—using a backdoor, an attacker could run code from a remote IP address. The threat was discovered in CCleaner 5.33 released on August 15, and CCleaner Cloud 1.07 released on August 24. According to Piriform, which is owned by security outfit Avast, the affected version of CCleaner may have been used by up to 3 percent of its userbase.... Read more...
There are some things you just should not do. Stick your tongue out and lick a metal pole during a freezing day in winter (or anytime, really), is one of them. Putting ketchup on eggs is another (oh you sick puppies!). But perhaps most of all, you should not use lax security practices, especially when in possession of millions of Social Security numbers. Oops, it looks like Equifax may have failed that last one by using an easy-to-guess password. Equifax last week disclosed what some are considering to be the worst security breach ever, not because of the sheer number of people affected—143 million... Read more...
A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices. Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its... Read more...
Equifax is still trying to dig its way out from under the bad press and an angry public after a hack of its database gave access to personal information on 143 million Americans. Equifax offered those affected by the security breach the ability to lock their credit reports to prevent the stolen information leaked in the hack from being used to open new credit in their names. However, things just keep going from bad to worse for Equifax (and everyone in general). Equifax used a PIN that "protected" each user's credit report to prevent the information from being used, but the PINs were reportedly... Read more...
It's not uncommon for us to write about security issues, but it's pretty rare when we write about one that's not going to be fixed, per the guilty party. In this case, that guilty party is Microsoft, and the bug is one that has been around ever since the launch of Windows 2000. Whether or not it's truly severe, we'll really have to wait and see. Or, at least we suppose, since it's existed for 17 years already.  The bug is related to a Windows API hook called PsSetLoadImageNotifyRoutine, which lets the kernel know that a new module has been loaded. The problem, allegedly, is that invalid module... Read more...
Unless you’ve been living under a rock, you know that Equifax was hacked surfaced and 143 million Americans have potentially had their personal information stolen. What many have been wondering is what exactly do the hackers plan to do with all that stolen data. A report making the rounds claims that the hackers want a massive ransom from Equifax to return the data. Hackers made the ransom demand on an unnamed Darkweb site stating that they would delete the data if they receive a ransom payment of 600 BTC, which would be worth about $2.6 million at current valuation. The value of Bitcoin is... Read more...
If you thought putting Homer Simpson in charge of a nuclear power plant seemed like a scary proposition, well, you would be right. But sometimes truth is stranger (and in this case, scarier) than fiction. Such is the case with security outfit Symantec reporting that hackers have been targeting the energy sector in Europe and North America since at least 2011. And if that's not frightening enough, they have kicked up their efforts in the past couple of years and even managed to breach companies that manage nuclear facilities in the United States. The group behind these attacks is known as Dragonfly.... Read more...
There is a good chance that your Android device is insecure from the get-go. In examining smartphone bootloader firmware, security researchers from the University of California, Santa Barbara found vulnerabilities in bootloader components from five major chipset vendors. In each case, these flaws break what is called the CoT (Chain of Trust) during the boot-up process, ultimately leaving devices susceptible to attack. The researchers built a tool called BootStomp to automatically sniff out security vulnerabilities that are related the misuse of compromised non-volatile memory, trusted by the bootloader's... Read more...
Prev 1 2 3 4 5 Next ... Last