Items tagged with security

The National Security Agency (NSA) has a program in place called Upstream that taps directly into the Internet backbone to search traffic. The agency has claimed in the past that the warrantless searches of email are allowed under Section 702 enacted as part of the FISA Amendments Act. The agency made changes in 2017 to stop collecting communications of U.S. persons who aren't in direct contact with a foreign intelligence target. However, a pair of House lawmakers are pushing for an amendment that would defund the massive data collection operation run by the NSA unless the government promises not to collect data on Americans. The bipartisan amendment is very short spanning just 15 lines. It would... Read more...
You may have only recently updated your Firefox browser to build 67.0, but guess what? You should mash the update button once gain. The latest version, build 67.0.3, contains a fix for a major security vulnerability that is being actively exploited in the wild, according to Mozilla. Leaving Firefox unpatched is not a good idea. Listed as "CVE-2019-11707: Type confusion in Array.pop," Mozilla considers the vulnerability to be a critical one. It was discovered by a member of Google's Project Zero team and Coinbase Security, and promptly addressed with an update. "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable... Read more...
With good intentions, Samsung took to Twitter to remind smart TV owners to scan their televisions for malware, and the Internet reacted about as you would expect. Snarky and indignant replies followed, and of course so did the jokes. And with good reason—after all, Samsung just made one heck of an argument to avoid buying a smart TV. We understand that periodically scanning our PCs for viruses and other malware comes with the territory. To a lesser extent, this can be true of smartphones and tablets, particularly if you venture away from reputable store fronts to grab your apps. But have we really reached a point where we must also scan our TVs? Apparently so, according to Samsung, which... Read more...
Security researchers at Bitdefender have updated a decryption tool to deal with the latest version of GandCrab, a popular form of ransomware that its authors sold to clients on the dark web for a supposedly enormous profit. The decryption tool is free, and could potentially save a GandCrab victim from a major headache Bitdefender estimates that GandCrab has claimed more than 1.5 million victims around the globe in more than a year of operation. That includes both home users and corporations. In a recent farewell post, the ransomware's authors said GandCrab netted its nefarious clients around $2 billion, earning the hacking group "more than $150 million per year." "We have proven that be doing... Read more...
When it comes to disclosing vulnerabilities, the Project Zero team at Google generally sticks to a hard-and-fast deadline, giving companies 90 days to issue a patch before going public with its findings. There are some rare exceptions, but for the most part, Project Zero sticks to that time frame. As such, Project Zero is making some noise about a Windows bug that could allow an attacker to "take down an entire Windows fleet relatively easily." The issue lies in the SymCrypt core cryptographic library of Windows. A bug exists in SymCrypt's multi-precision arithmetic routines for implementing symmetric cryptographic algorithms in Windows 8, and asymmetric ones in Windows 10. By leveraging the... Read more...
Sometimes it feels as though nary a day goes by without someone sounding the alarm on a new security vulnerability. More recently, there has been a lot of hoopla over side-channel exploits, such as Spectre and Meltdown, and various other variants. Here is another one to add to your mental catalog of exploits—RAMBleed. A team of researchers has given the name RAMBleed to yet another new side-channel attack based on Rowhammer, which itself is a set of vulnerabilities that allows unprivileged attackers to exploit design flaws in DRAM and memory cards. Around this same time last year, a Rowhammer-style exploit called RAMpage reared its ugly head on Android phones. Now security researchers from... Read more...
Netgear on Tuesday announced its new Cybersecurity AC2300 Wi-Fi Router (RS400) with special software baked inside to keep networks safe from online threats. Called Netgear Armor, it is essentially an implementation of Bitdefender Total Security 2019, though there are some key differences between what's integrated in the router versus the off-the-shelf version. For one, Netgear Armor protects an 'unlimited' number of devices (subject to Netgear's fair use policy), including every PC, smartphone, tablet, IoT, and smart gadget in your home network. It also ups the ante with an entire network scan, rather than running on individual devices, and provides real-time updates remotely with Netgear's Nighthawk... Read more...
Earlier this week, the United States National Security Agency (NSA) urged Windows administrators to patch older versions of Windows to protect against BlueKeep, a vulnerability in the Remote Desktop (RDP) protocol that an attacker could exploit to conduct a denial of service (DoS) attack. Now just a couple of days later, security researchers are warning of another RDP bug affecting more recent versions of Windows, but it doesn't appear that Microsoft will be issuing a patch. Whereas BlueKeep affects Windows 7, Windows XP, Windows Server 2008, and Windows Server 2003, this newly discovered bug affects Windows 10 and Windows Server 2019. According to Joe Tammariello at the CERT Coordination Center... Read more...
When we think of the National Security Agency (NSA) and cybersecurity, we think of the intelligence agency’s grab bag of security exploits that it uses to enhance its own spying efforts. But one particular remote code execution exploit, which has been dubbed BlueKeep, has the NSA actually warning Windows users to patch their systems immediately. "This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," writes the NSA. "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against... Read more...
It is said that no good deed goes unpunished, but on the flips side, there are bad deeds that get rewarded. So it goes for the hackers responsible for GandCrab, a popular form of ransomware that was sold to clients on the dark web, who are now retiring and going legitimate with their earnings. The hackers claim that GandCrab netted its clients around $2 billion, all extracted from victims who opted to pay for a decryption key after falling prey to the ransomware. Whether that figure is accurate or not is up for debate. However, the hacking group also claims it "earned more than $150 million per year" from GandCrab and is now "leaving for a well-deserved retirement." "We have proven that be doing... Read more...
Several technology firms have written an open letter to the GCHQ (Government Communications Headquarters), a UK intelligence and security organization, in response to the agency's proposed eavesdropping measure. If implemented, law enforcement would be able to spy on encrypted messages, such as those that are sent with WhatsApp, a secure instant messaging platform. WhatsApp is one of nearly four dozen signature on the open letter. Others include Apple, Google, and Microsoft. At issue is a "ghost" protocol that would effectively allow law enforcement or some other entity to silently observe encrypted chats in plain text, both without the knowledge of the parties participating in the chat, and... Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The... Read more...
Flipboard is a news aggregator app, and the company has announced that it fell victim to hacks. The hacks potentially exposed user account information and left that information where it could be copied for nine months. The exposed user details included Flipboard user names, encrypted passwords, and email addresses. Flipboard was clear that no social security numbers, credit card details, or other financial data was lost in the breach because the app doesn't collect any of that information. The company published a FAQ about the hack that noted as a precaution it has reset all user passwords, despite the fact that passwords stored in the database hackers had access to were cryptographically protected.... Read more...
An auction for a netbook model from 2008 that is running Windows XP SP3 has fetched more than $1.3 million from its final bid, with the buyer owning quite possibly the most expensive laptop in the world. Why did it sell for so much? It contains half a dozen malware samples that have collectively caused over $95 billion in financial damages. The laptop is appropriately called "The Persistence of Chaos" and, according to the seller, it is an art piece. Guo O Dong, a "contemporary Internet artist whose work critiques modern day extremely-online culture," collaborated with Deep Instinct, a cybersecurity company, which provided the malware. Normally, a Samsung NC10 netbook would be an innocuous piece... Read more...
1 2 3 4 5 Next ... Last