Items tagged with security

If you thought putting Homer Simpson in charge of a nuclear power plant seemed like a scary proposition, well, you would be right. But sometimes truth is stranger (and in this case, scarier) than fiction. Such is the case with security outfit Symantec reporting that hackers have been targeting the energy sector in Europe and North America since at least 2011. And if that's not frightening enough, they have kicked up their efforts in the past couple of years and even managed to breach companies that manage nuclear facilities in the United States. The group behind these attacks is known as Dragonfly.... Read more...
There is a good chance that your Android device is insecure from the get-go. In examining smartphone bootloader firmware, security researchers from the University of California, Santa Barbara found vulnerabilities in bootloader components from five major chipset vendors. In each case, these flaws break what is called the CoT (Chain of Trust) during the boot-up process, ultimately leaving devices susceptible to attack. The researchers built a tool called BootStomp to automatically sniff out security vulnerabilities that are related the misuse of compromised non-volatile memory, trusted by the bootloader's... Read more...
Because there clearly haven't been enough ISP router vulnerabilities popping up this past year, another one helps usher in the new month. This one is being dubbed "SharknAT&To" (because every vulnerability needs a catchy name!), a portmanteau involving the cult classic in-the-making, Sharknado, and leading internet service provider, AT&T. SharknAT&To was outed by security researcher J Hutchins, whose team discovered a handful of vulnerabilities on AT&T's U-verse modems. At this point, it's not clear just how many devices are affected, but if you are a U-verse subscriber and are... Read more...
Instagram users have something to worry about after hackers breached the database of the social network and photo sharing websites. The hackers were able to gain access to the phone numbers and email addresses of six million Instagram account using a bug that Instagram CTO Mike Krieger has now confirmed exists. Krieger wrote, "We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other... Read more...
Andy Rubin, co-founder of Android and CEO of Essential, issued an apology after his smartphone company accidentally leaked out private data from dozens of customers to other customers. What happened was sort of akin to mass emailing a large group and forgetting to BCC everyone, leaving their email addresses in plain site to one another. Only in this case, it involved more than email addresses.Image Source: Flickr (Joi Ito) "Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers.... Read more...
Would you trust your life to a hacker? No, of course not, and neither does the US Food and Drug Administration. The FDA issued a recall of nearly half a million pacemakers after the organization discovered a vulnerability that makes several models susceptible to hacking. Once exploited, a hacker would be able to control the device's pacing and deplete the batteries. "Many medical devices - including St. Jude Medical's implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly... Read more...
A team of researchers from Positive Technologies have dug into the innards of Intel Management Engine (ME) 11 and have found a way to turn the feature off. If you aren't familiar with ME, it's a separate processor that is tucked away inside Intel CPUs that allows companies to manage the computers on their networks. Essentially, it allows the IT team to get into your machine to fix issues or apply updates among other things. The catch is that ME 11 is essentially a backdoor leaving some concerned about potential security exploits and privacy concerns. That fact has left many people who use Intel... Read more...
We all know we should be changing our passwords on a frequent basis, at probably every quarter in general (and more or less often depending on the type of account and what information is accessible). It is easy to overlook, however, at least until something serves as a reminder. Well, let a recent leak hundreds of millions of email accounts by a spambot serve as that reminder. A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email... Read more...
It's been an unfortunately busy few weeks for Android vulnerabilities. Earlier in the month, we wrote about SonicSpy, a grandiose piece of malware that could gain an incredible amount of control over your device - including, of course, being able to record your audio. Just last week, we followed-up with another story talking about the 500 apps Google obliterated from the Play Store that bundled an exploited ad network. Today, WireX is the name of the game, a piece of malware whose sole purpose is to turn our innocent mobile devices into a DDoSing bot network. On August 17, WireX hit many content... Read more...
There is good money to be earned from being an software exterminator. Several companies have so-called bug bounty programs in place in which they pay out rewards for rooting out certain software flaws and vulnerabilities. DJI, a major player in consumer and professinal drones and aerial imaging technology, is the latest to the join the fray. Through its Threat Identification Reward Program, researchers can earn up to five figures per bug. "Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products... Read more...
The Internet of Things (IoT) sounded like a great idea at first glance when it first began picking up steam. However, the problem with giving every single gadget that we come in contact with access to the internet is that no one really thought much about security, leaving many these things vulnerable to viruses and malware. The Mirai DDoS attack taught us a valuable lesson about IoT devices with poor security practices: they can be a huge threat to networks, with attacks involving nearly a million bots. The big rub here is that many of those devices are still a threat, leaving security researchers... Read more...
Just last weekend, we wrote about SonicSpy, a grossly robust piece of malware that infected hundreds of apps on the Play Store. Google is always quick to remove this awful junk when it is detected, but the fact that we keep talking about the issue means it's not going away. It was security research firm Lookout that informed us of SonicSpy, and apparently, the company has been working overtime, as it now introduces us to yet another piece of Android maliciousness, an ad network called lgexin. This issue has impacted many apps on the Play Store, although it's not guaranteed that all of them unleashed... Read more...
If there's one thing that's been made abundantly clear over the past couple of years, it's that if you dabble in cryptocurrency, you really need to do your homework and due diligence to make sure you don't wind up on the opposite end of an attack, or scam. Some Ethereum owners are learning this lesson the hard way this week. Enigma is a service that allows people to invest in cryptocurrency-related projects with cryptocurrency, which clearly lures in many hoping to maximize their money. Well, it also lures those who'd like a piece of that money, and are willing to get it through any means necessary.... Read more...
Antivirus maker Kaspersky Lab may have kissed and made up with Microsoft over a dispute in how Windows 10 handles third-party AV software, but even so companies are reportedly being warned not to use the security software. The warning comes from the United States Federal Bureau of Investigation (FBI), according to CyberScoop, which says it spoke with both current and former senior US officials who are familiar with the matter. The perceived threat is a familiar one in the software industry—government spying. In this case, Kaspersky Lab is headquartered in Moscow, Russia. Apparently US intelligence... Read more...
Prev 1 2 3 4 5 Next ... Last