Items tagged with cybersecurity

On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC. Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around... Read more...
Facebook must once again deal with the repercussions of a major security blunder. An exposed server recently published more than 419 million phone numbers and Facebook IDs. At least 133 million of those phone numbers were based in the United States. Anyone could have accessed the information before the server was finally taken down. Security researcher Sanyam Jain was the first to find the exposed server. The server was not owned by Facebook, but still contained users’ Facebook IDs and phone numbers. A Facebook ID is a public number that is associated with an account. The number often contains portions of a person’s Facebook name and it is not difficult to determine the owner of the... Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The... Read more...
It feels like we hear about a new cybersecurity attack nearly everyday. Hackers use phishing, keylogging, and targeted attacks to gain access to sensitive information. Is there anything we can do to prevent what appears to be the inevitable? According to a recent study by Google, basic account hygiene can greatly reduce hijacking. Google conducted a year-long study alongside researchers from New York University and the University of California, San Diego. They studied wide-scale attacks and presented their findings at the Web Conference in San Francisco. The purpose of the study was to determine whether basic security measures could truly decrease the success rate of hackers. The study determined... Read more...
The United States and People’s Republic of China have been engaged in a trade war for the last few years. The US is reportedly about to take this battle to the next level. President Trump will likely sign an executive order this week that would prohibit telecommunications companies from using equipment from companies such as Huawei. Three anonymous officials insisted that an upcoming executive order would ban telecommunications providers from using products from other companies that have been deemed a threat to national security. It is no secret that the United States believes that Chinese telecommunications company Huawei is a threat. The Central Intelligence Agency (CIA) recently confirmed... Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent... Read more...
Typically when we talk about malware, we are talking about malicious code that is hidden inside software to try and take advantage of end users. An example is a malware that was hiding aboard a fake Adobe Flash update that was designed to install cryptocurrency mining software or other nefarious payloads. Earlier this month, another malware making the rounds was able to steal PayPal account balances despite users having two-factor authentication enabled. Today, a new malware has been identified and this one isn't attacking end users, it's attacking major newspapers around the U.S., underscoring new areas of concern with respect to IT security. The Los Angles Times has confirmed a malware attack... Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”... Read more...
The United States is currently trying to persuade its allies to ban all Huawei devices. Government officials are concerned that Huawei and other Chinese telecommunication companies are a cybersecurity threat. The United States fears that the devices could be used to spy on users and could be easily controlled by the Chinese intelligence agencies. This past August, President Trump attempted to prohibit government use of devices from Huawei and fellow Chinese telecommunications company ZTE. Australia quickly followed in the United States’ footsteps and banned both companies from supplying 5G technology. The United States is now particularly concerned that these devices could be used against... Read more...
There have been many concerns over the last few years that foreign entities have been interfering in elections. Microsoft is launching its AccountGuard initiative to protect elections and political campaigns from cyberattacks. AccountGuard is a free program for candidates, campaign offices, and other political institutions that already use Office 365, and it covers both personal and organizational accounts. Microsoft will notify the person or organizations if their accounts are threatened, will offer security advice and training, and will allow their customers to adopt previews of new programs. Microsoft believes that AccountGuard is particularly relevant in light of their recent entanglement... Read more...
Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well. The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its normal activities. However, in August 2017, the SEC noticed that the prior EDGAR infiltration might... Read more...
This could be the mother of all cyberattacks; Equifax just announced that it experienced a "cybersecurity incident" that occurred between mid-May of this year through late July. During that time, malicious parties were able to gain access to some of its online databases courtesy of a website vulnerability. As a result, over 143 million -- yes, MILLION -- U.S. consumers are affected by the data breach. We're not just talking about names and birth dates (yes, those were included), but also Social Security numbers. In some cases, even driver license numbers were obtained by the hackers. And that's not all; dispute documents with "personal identifying information" of 182,000 customers was accessed... Read more...
  The United Kingdom is basking in the glory of its latest warship: the HMS Queen Elizabeth. The 65,000-ton aircraft carrier cost nearly $4 billion to construct and began its first sea trials on Monday. But the carrier’s big budget price tag isn’t the only thing that is raising eyebrows; it is the British Royal Navy’s decision to allow critical systems on the ship to be powered by Microsoft’s ancient Windows XP operating system. Windows XP was first released to the public in 2001, and commercial support for the operating system ended in 2014. However, many businesses and militaries around the globe still use Windows XP to this day even though newer operating systems like Windows 7, Windows... Read more...
In what is being billed as one of the largest data leaks recorded in the United States, an analytics firm contracted by the Republican National Committee (RNC) was found to have exposed the personal details and political biases of nearly 200 million Americans. According to Chris Vickery, a risk analyst for cybersecurity firm UpGuard, the information was left exposed on the internet due to a “misconfigured database” using Amazon Web Services for server storage. The firm responsible for this serious lapse in security was Deep Root Analytics. Over 1.1 terabytes of data was made publicly available via the internet for twelve whole days (it wasn’t password protected). During that time, anyone could... Read more...
Do we need a “digital” Geneva Convention? Microsoft certainly thinks so. The corporation’s Chief Legal Officer Brad Smith recently argued that a digital Geneva Convention would potentially be able to protect civilians from state-sponsored cyber-warfare. First, what is the Geneva Convention? The Geneva Convention is comprised of four treaties and three protocols that outline the international law for humanitarian treatment in war. One of the main purposes of the Geneva Convention is to protect civilians, soldiers incapable of fighting, and prisoners of war.Smith noted that 74 percent of businesses expect to be hacked this year, and the estimated loss from cybercrime will be $3 trillion USD by... Read more...
What do you collect? Rare stamps? Falcons fans’ tears? How about classified national defense documents? Former National Security Agency (NSA) contractor Harold Thomas Martin III was recently indicted by a federal grand jury on the charge that he purposely collected classified information regarding national defense. He faces twenty criminal accounts, each punishable by up to 10 years in prison. Rod J. Rosenstein, the United States attorney for Maryland, remarked, “The indictment alleges that for as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government by stealing documents containing highly classified information.”Martin spent over twenty years hoarding... Read more...
The White House recently appointed Gregory Touhill, a retired U.S. Air Force brigadier general, as the government’s first federal cyber security chief. The position was announced eight months ago as an attempt prevent and defend against hackers. The position is part of a $19 billion “cyber security national action plan”. Touhill will be responsible for creating and implementing new cyber security plans as well as conducting audits. He will report to Tony Scott, the federal chief information officer and former executive at business software company VMware. Touhill could potentially be replaced when the next president is sworn it, because the position is a political one. President Obama at a cybersecurity... Read more...
If you have an iPhone, there's a chance that nefarious parties not affiliated with Apple could be tracking you. However, Apple’s latest update, iOS 9.3.5, eliminates several critical security and privacy exploits and should [hopefully] keep you safe. NSO Group, an Israeli startup that sells software that can track mobile phones, was responsible for the intrusion. Its software can read text messages and emails, track calls and contacts, record sounds, collect passwords, and physically locate the mobile phone user. NSO Group executives have boasted that its spyware functions like a “ghost” and is untraceable. The company was founded five years ago by entrepreneurs Omri Lavie and Shalev Hulio.... Read more...
Azure customers are getting a welcomed safety upgrade. Microsoft announced Azure Information Protection, a service that works to secure a company’s data, particularly employee identities. This service was made possible through Microsoft's acquisition in November of Secure Islands, an “innovator in advanced information protection solutions”. Microsoft CEO Satya Nadella in Washington D.C. announcing cybersecurity plans in November 2015 In November, Microsoft demonstrated how Windows 10, Office 365, Microsoft Azure, and Microsoft Enterprise Mobility Suite work in tandem to protect against password related attacks, accidental or intentional data loss, malware, and to help detect and respond to successful... Read more...
Last month, US and Chinese governments agreed to a "digital truce", where neither country would knowingly support cyberattacks against each other to steal commercial secrets. While the agreement is solid overall, it does have a number of caveats, including the lack of protection where government secrets are concerned. Nonetheless, based on the findings of security research firm CrowdStrike, it seems like this agreement could be considered pointless. Since the agreement took place, CrowdStrike monitored seven different instances where Chinese-based hackers tried to penetrate U.S. businesses. Five of these were technology companies, while the other two were pharmaceuticals. The important thing... Read more...
As the years pass, our lives continue to become intertwined even more with the Internet. Today, the Internet acts as a backbone to critical infrastructure, and much like the risk of someone exploiting a flaw to break into our home PC, a real risk exists that enemies of the government could break into and cause harm to utilities. It's for that reason that all governments are overdue on penning up agreements with friendly countries to lessen the chance of a cyberattack. Nonetheless, it's being reported that President Obama is going to be taking some important steps in this when he meets with Chinese resident Xi Jinping during a state visit. These are going to be early discussions,... Read more...
In line with a HotHardware report published last October, officials yesterday confirmed to CNN that the White House was hacked last year and that the alleged culprit is the Russian government. The hackers — believed to be the same group that managed to gain entry to State Department computer system last October — were able to access sensitive information regarding President Barack Obama, including his private schedule. White House officials say although these cyber-attacks are among the most advanced to ever hit the US government, no classified systems were in breach. “This report is not referring to a new incident — it is speculating on the attribution of the activity of concern on the... Read more...
First ... Prev 3 4 5 6 7 Next