Items tagged with security

US Army recently banned the use of all drones built by drone maker DJI. The military warned that the drones might have unspecified "cyber vulnerabilities." The Army memo was published on August 2nd and read in part, "due to increased awareness of cyber vulnerabilities associated with DJI products, it is directed that the U.S. Army halt use of all DJI products." DJI is a Chinese company and the US government has long had fears of Chinese manufacturers installing spyware or backdoors into products, giving them access to classified and sensitive data. DJI for its part has announced that it is... Read more...
Here we go again. WikiLeaks, the international non-profit whistleblower that publishes secret information to the web, has been dumping classified documents outlining various hacking tools and malware used by the United States Central Intelligence Agency. These documents are part of what WikiLeaks calls Vault 7, the latest of which contains information on the CIA's "CouchPotato" tool. According to WikiLeaks, CouchPotato is a remote tool for intercepting video streams as either an AVI video file or capturing still images of frames from the stream as JPEGs, presumably to save space. In the latter... Read more...
A team of scientists from the University of Washington have figured out how to infect a computer using malicious code inside DNA. This attack vector isn't aimed at your everyday PC sitting on your desk at home or in the office; this hack aims directly at the infrastructure around the DNA transcription and analysis industry. The team behind the hack was concerned about the security with that infrastructure after finding basic vulnerabilities in some of the open-source software used in labs that analyze DNA all around the world. While the basic issues with the software could be vulnerable... Read more...
After putting legal pressure on Microsoft to provide antivirus vendors with additional time to test their software prior to new Windows 10 builds being rolled out, security outfit Kaspersky is getting its way. Microsoft announced in a blog post that it has agreed to certain changes in the way it handles third-party AV software, which will be implemented in the Windows 10 Fall Creators Update. "We work closely with AV partners like Kaspersky Lab, and at our Microsoft Virus Initiative forum last month, we made great progress in building upon our shared understanding of how we deliver Windows 10 updates... Read more...
Do you need a password manager to keep track of all your obscure, special character-filled and lengthy passwords necessary for various websites? It used to be that we would pick a simple, single password for multiple accounts and websites, until the rise of online exploits and hackers made such basic security practices seem ill-conceived. However, the recommendations of one man in particular, Bill Burr, led to the current situation that we’re in now where everything from our online banking accounts to our work email accounts require us to use a “strong” password. These are nearly impossible to... Read more...
Cyber crooks have found a new way to ruin a person's day with ransomware. Traditionally most ransomware encrypts a victim's storage device and then demands a ransom in order to unlock the files. Some of the nastier versions will put a time limit on receiving payment before the ransomware starts permanently deleting files. Now there is version making the rounds that not only encrypts a victim's files, it steals Bitcoin wallets as well.The new variant of the Cerber ransomware takes a dual approach to extracting fund from a victim. It searches for one of three Bitcoin wallet applications, those being... Read more...
The hackers behind the WannaCry ransomware that became an overnight global scare did not strike it rich over their nefarious deeds, though they did make around $143,000 after cashing out all of the Bitcoin payments made by victims. Had it not been for the quick response of security researchers, and one in particular who accidentally discovered a kill switch of sorts, they might have made much more. Elliptic, a London-based start-up that aids law enforcement with tracking down cybercriminals that use Bitcoin, confirmed that the WannaCry withdrew 52.2 BTC from online wallets this week. Bitcoin currency... Read more...
MWR Labs has been able to demonstrate a hack on older Amazon Echo speakers that turns the device into an always-on spy sitting right in your home. Detractors of the way Amazon crafted it's speakers to always listen for your voice will use this as an "I told you so" moment. According to the researchers, the Echo is vulnerable to a physical attack that lets the attacker gain root shell access to the Linux operating system the Echo speaker runs. The scary part is that the root access and installation of the malware could grant the attacker persistent remote access to the device's microphone among... Read more...
Election hacking is a real concern these days, and Microsoft recently helped cripple Russian hacking group called "Fancy Bear" after the group pulled off the DNC hack last year. A group of hackers at DEF CON 2017 had a bunch of voting machines to play with and they found some exploits that could allow potential tampering with the voting system. Word from the hackers looking for exploits is that it took less than 90 minutes for the first cracks on the "secure" voting hardware to turn up. According to participants in the so-called Voting Village, the security on the machines was low and... Read more...
Researchers from Exodus Intelligence discovered a zero-day attack that threatens most of the popular smartphones on the market today. The hack is called Broadpwn and it affects devices running iOS and Android. Specifically all Samsung Galaxy S3 through Galaxy S8 devices are susceptible as are the Note 3, 6, 6X, and 6P, and the Apple iPhone 5 and up. The vector for the attack is the Broadcom BCM43xx family of Wi-Fi chips used in all of those smartphones. Exodus writes in its research, "Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution... Read more...
Barring an unexpected change in strategy, Windows 10 is and will remain the last monolithic release of Windows. With that being the case, it is in Microsoft's best interest—as well as its customers—to ensure that it remains the most secure release. To help with that, Microsoft is upping the ante for bug hunters—certain exploits brought to Microsoft's attention are now worth as much as a quarter of a million dollars. Imagine finding a bug in Windows 10, reporting it to Microsoft, and then be paid $250,000 for your discovery. That is now a possibility with Microsoft making Windows a 10 a permanent... Read more...
For a long time, Apple's Mac line of computers were thought by some users to be immune to malware and viruses. Some of that was due to hackers and nefarious sorts aiming for the low hanging fruit of the much larger Windows user base. Things have changed with Macs growing in popularity over the years and there are many different viruses and malware out there that target Mac users today. MacRansom was one of the latest bits of malware aimed at Apple fans, and now, a malware called Fruitfly is ready to wreak havoc. The malware has reportedly been making the rounds for years (perhaps... Read more...
Ever since AMD launched its Ryzen processors for the desktop, many security conscious users have pleaded with the company to open source its PSP - no, not the portable console, but rather its "Platform Security Processor". This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does: it offers simple low-level access to the computer. Both AMD and Intel share the same message about these unique chips; they are there to keep us protected. Because the OS can't see what the PSP or IME is doing, though, the user will likewise be oblivious to the chip's... Read more...
When you spill a glass of milk or drop your car keys, you might say, "Oops!" But when you inadvertently leak personal information of millions of customers, well, other choice phrases might come to mind. That is the situation Verizon finds itself in—the nation's largest wireless carrier confirmed that certain information belonging to 6 million customers has leaked online.Cybersecurity firm UpGuard discovered the security issue, which traced back to a improperly configured security setting on a cloud server. The situation is being deemed as "human error," which probably will not make affected customers... Read more...
1 2 3 4 5 Next ... Last