Items tagged with cybersecurity

On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC. Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around... Read more...
Facebook must once again deal with the repercussions of a major security blunder. An exposed server recently published more than 419 million phone numbers and Facebook IDs. At least 133 million of those phone numbers were based in the United States. Anyone could have accessed the information before the server was finally taken down. Security researcher Sanyam Jain was the first to find the exposed server. The server was not owned by Facebook, but still contained users’ Facebook IDs and phone numbers. A Facebook ID is a public number that is associated with an account. The number often contains portions of a person’s Facebook name and it is not difficult to determine the owner of the... Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The... Read more...
It feels like we hear about a new cybersecurity attack nearly everyday. Hackers use phishing, keylogging, and targeted attacks to gain access to sensitive information. Is there anything we can do to prevent what appears to be the inevitable? According to a recent study by Google, basic account hygiene can greatly reduce hijacking. Google conducted a year-long study alongside researchers from New York University and the University of California, San Diego. They studied wide-scale attacks and presented their findings at the Web Conference in San Francisco. The purpose of the study was to determine whether basic security measures could truly decrease the success rate of hackers. The study determined... Read more...
The United States and People’s Republic of China have been engaged in a trade war for the last few years. The US is reportedly about to take this battle to the next level. President Trump will likely sign an executive order this week that would prohibit telecommunications companies from using equipment from companies such as Huawei. Three anonymous officials insisted that an upcoming executive order would ban telecommunications providers from using products from other companies that have been deemed a threat to national security. It is no secret that the United States believes that Chinese telecommunications company Huawei is a threat. The Central Intelligence Agency (CIA) recently confirmed... Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent... Read more...
Typically when we talk about malware, we are talking about malicious code that is hidden inside software to try and take advantage of end users. An example is a malware that was hiding aboard a fake Adobe Flash update that was designed to install cryptocurrency mining software or other nefarious payloads. Earlier this month, another malware making the rounds was able to steal PayPal account balances despite users having two-factor authentication enabled. Today, a new malware has been identified and this one isn't attacking end users, it's attacking major newspapers around the U.S., underscoring new areas of concern with respect to IT security. The Los Angles Times has confirmed a malware attack... Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”... Read more...
The United States is currently trying to persuade its allies to ban all Huawei devices. Government officials are concerned that Huawei and other Chinese telecommunication companies are a cybersecurity threat. The United States fears that the devices could be used to spy on users and could be easily controlled by the Chinese intelligence agencies. This past August, President Trump attempted to prohibit government use of devices from Huawei and fellow Chinese telecommunications company ZTE. Australia quickly followed in the United States’ footsteps and banned both companies from supplying 5G technology. The United States is now particularly concerned that these devices could be used against... Read more...
There have been many concerns over the last few years that foreign entities have been interfering in elections. Microsoft is launching its AccountGuard initiative to protect elections and political campaigns from cyberattacks. AccountGuard is a free program for candidates, campaign offices, and other political institutions that already use Office 365, and it covers both personal and organizational accounts. Microsoft will notify the person or organizations if their accounts are threatened, will offer security advice and training, and will allow their customers to adopt previews of new programs. Microsoft believes that AccountGuard is particularly relevant in light of their recent entanglement... Read more...
Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well. The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its normal activities. However, in August 2017, the SEC noticed that the prior EDGAR infiltration might... Read more...
This could be the mother of all cyberattacks; Equifax just announced that it experienced a "cybersecurity incident" that occurred between mid-May of this year through late July. During that time, malicious parties were able to gain access to some of its online databases courtesy of a website vulnerability. As a result, over 143 million -- yes, MILLION -- U.S. consumers are affected by the data breach. We're not just talking about names and birth dates (yes, those were included), but also Social Security numbers. In some cases, even driver license numbers were obtained by the hackers. And that's not all; dispute documents with "personal identifying information" of 182,000 customers was accessed... Read more...
  The United Kingdom is basking in the glory of its latest warship: the HMS Queen Elizabeth. The 65,000-ton aircraft carrier cost nearly $4 billion to construct and began its first sea trials on Monday. But the carrier’s big budget price tag isn’t the only thing that is raising eyebrows; it is the British Royal Navy’s decision to allow critical systems on the ship to be powered by Microsoft’s ancient Windows XP operating system. Windows XP was first released to the public in 2001, and commercial support for the operating system ended in 2014. However, many businesses and militaries around the globe still use Windows XP to this day even though newer operating systems like Windows 7, Windows... Read more...
In what is being billed as one of the largest data leaks recorded in the United States, an analytics firm contracted by the Republican National Committee (RNC) was found to have exposed the personal details and political biases of nearly 200 million Americans. According to Chris Vickery, a risk analyst for cybersecurity firm UpGuard, the information was left exposed on the internet due to a “misconfigured database” using Amazon Web Services for server storage. The firm responsible for this serious lapse in security was Deep Root Analytics. Over 1.1 terabytes of data was made publicly available via the internet for twelve whole days (it wasn’t password protected). During that time, anyone could... Read more...
1 2 3 Next