Welcome Guest | Sign In
ECommerceTimes.com
Flaw in Intel Chips Could Open Door to Botnet Armies
May 9, 2017
A 7-year-old flaw in Intel chips could enable hijackers to gain total control of business computers and use them for malicious purposes. The Intel AMT vulnerability is the first of its kind, according to Embedi, which released technical details about it last week. Attackers could exploit the flaw to get full control over business computers, even those turned off but plugged into an outlet.
Surviving the Security 'Skills Desert'
May 8, 2017
If you've ever spent time in a desert, it may seem inconceivable to you that creatures actually can live there. The fact that animals not only survive, but also thrive in those conditions seems counterintuitive. In fact, a number of animals do so -- in many cases, they are aided by an array of specialized adaptations that allow them to leverage the environment to their advantage.
Google Neutralizes Docs Phishing Scam
May 5, 2017
A phishing scam that surfaced earlier this week used Google Docs in an attack against at least 1 million Gmail users. However, that amounted to fewer than 0.1 percent of Gmail users were affected, according to the company. Google last year put the number of active monthly Gmail users at more than 1 billion. Google shut down the phishing scam within an hour, it said.
The Grim Upward Trajectory of Mobile Fraud Risks
May 1, 2017
More than 8,600 retail locations will shut down this year, following the 5,077 that closed last year, based on data from Credit Suisse. Moreover, 2017 could surpass 2008 -- the worst year for retail closures on record -- when 6,163 stores shut down operations. However, unlike 2008, when overall consumer spending declined with the onset of a global recession.
Millions May Have Picked Up FalseGuide Malware at Google Play Store
April 26, 2017
As many as 2 million Android users might have downloaded apps that were infected with the FalseGuide malware, security research firm Check Point warned on Monday. The oldest of the infected apps could have been uploaded to Google Play as long ago as last November, having successfully remained hidden for five months, while the newest may have been uploaded as recently as the beginning of April.
New Strain of Linux Malware Could Get Serious
April 25, 2017
A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat. Eset disclosed the threat, which represents a new Lua family unrelated to previously seen LuaBot malware. Linux/Shishiga uses four protocols -- SSH, Telnet, HTTP and BitTorrent -- and Lua scripts for modularity, wrote Detection Engineer Michal Malik and Eset researchers.
Microsoft Inches Toward a World Without Passwords
April 20, 2017
Microsoft has announced the general availability of its phone sign-in for customers with Microsoft accounts -- a system that could be the beginning of the end for passwords. The new system requires that customers add their accounts to the Microsoft Authenticator app, which comes in both iOS and Android versions, noted Alex Simons, director of program management of the Microsoft Identity Division.
Report: Commercial Software Riddled With Open Source Code Flaws
April 19, 2017
Black Duck Software has released its 2017 Open Source Security and Risk Analysis, detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges. Black Duck conducted audits of more than 1,071 open source applications for the study. There are widespread weaknesses in addressing open source security vulnerability risks across key industries.
Microsoft's Timely Response to Shadow Brokers Threat Raises Questions
April 18, 2017
Just as the Shadow Brokers hacker group started crowing about a dump of never-seen-before flaws in Windows, Microsoft announced it already had fixed most of the exploits. "Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers," said Microsoft Principal Security Group Manager Phillip Misner. "Most of the exploits are already patched."
Burger King Ad Creates Whopper of a Mess for Google Home
April 13, 2017
Burger King in essence hijacked the voice-activated Google Home speakers in some consumers' homes. In a 15-second television ad, the camera zooms in on a young man wearing the company uniform who says, "OK Google, what is the Whopper burger?" The trigger phrase for Google's AI Assistant activated Home speakers situated nearby, prompting them to read Wikipedia's description of the Whopper.
Spam Czar Nabbed in Spain May Have Link to Election Tampering
April 12, 2017
An alleged spam kingpin with possible ties to election meddling in the U.S. was arrested in Spain last week under a U.S. international warrant. Pyotr Levashov had been vacationing in Barcelona with his family. Levashov was arrested for interfering with the 2016 U.S. presidential elections, the Russian news outlet RT reported, but the DoJ said the arrest was not connected to national security.
Samsung's Tizen OS Riddled With Security Holes
April 4, 2017
There are more than three dozen previously unknown flaws that pose a potential threat to consumers using some Samsung TVs, watches and phones, a security researcher has reported. Hackers could exploit the vulnerabilities found in Samsung's Tizen operating system to gain remote access and control of a variety of the company's products, according to Amihai Neiderman, head of research at Equus Software.
House Votes to Kill Privacy Rules Binding ISPs
March 30, 2017
The House of Representatives has approved the Congressional Review Act, undoing privacy restrictions imposed on ISPs during the Obama administration. The Senate passed the CRA last week in a 50-48 vote along party lines. The White House has expressed support for the CRA. "This is one time I believe the White House," remarked John Simpson, privacy project director at Consumer Watchdog.
Why Are Health Records So Valuable to Cybercriminals?
March 29, 2017
Protecting the data in electronic health records did not start with the advent of HIPAA, as many people think. Protecting health records has been a critical requirement in the healthcare space since the computers became a fixture in hospitals. However, HIPAA added public reports of fines issued for covered entities' failure to properly protect data contained within EHRs.
UK Home Secretary: Apps Shouldn't Serve as Terrorist Hiding Places
March 27, 2017
UK Home Secretary Amber Rudd on Sunday called for greater government access to encrypted content on mobile apps. Apps with end-to-end encryption, like Facebook's WhatsApp, should not be allowed to conceal terrorists' communications from law enforcement, Rudd said in a television interview. "There should be no place for terrorists to hide," she said.
Don't Let the Next Catastrophic Phishing Scandal End Your Career
March 27, 2017
What I think is amazing about all of the massive data breaches we hear about is that we know most are not reported. For every email, customer record, or financial theft in the news, there likely are hundreds that remain in the shadows. Yet another incident came to light last week. A clever Lithuanian individual was able to pull a whopping $100 million from a bunch of unnamed Internet companies.
Consumer Advocates Bemoan Senate Vote to Lift ISP Privacy Restrictions
March 25, 2017
Privacy advocates and consumer groups are fighting back against the U.S. Senate's Thursday vote to undo privacy restrictions on Internet service providers. In a 50-48 party line vote, the Senate approved the Congressional Review Act, S.J. Res. 34. If the House of Representatives gives it the green light, it then will go to the president to be signed into law.
Group Demands Apple Pay Ransom for iCloud Credentials
March 24, 2017
Apple has received a ransom threat from a hacking group claiming to have access to data for up to 800 million iCloud accounts. The hackers, said to be a group called the "Turkish Crime Family," have threatened to reset passwords and remotely wipe the iPhones of millions of iCloud users if Apple fails to hand over a total of $700,000. They have given the company an ultimatum to respond by April 7.
WikiLeaks Exposes CIA's Device Surveillance Tricks
March 23, 2017
WikiLeaks has released more Vault 7 documentation online, including details about several CIA projects to infect Apple's Mac computer firmware and operating system. The site unloaded its first batch of stolen Vault 7 data earlier this month. The CIA's Embedded Development Branch developed malware that could persist even if the targeted computer were reformatted and its OS were reinstalled.
IBM Launches Enterprise-Strength Blockchain as a Service
March 20, 2017
IBM has unveiled the first enterprise-ready Blockchain as a Service offering based on The Linux Foundation's open source Hyperledger Fabric. IBM Blockchain, which lets developers quickly establish highly secure blockchain networks on the IBM cloud, is a transformative step in being able to deploy high-speed, secure business transactions through the network on a large scale, the company said.
Intelligence-Driven Supply Chain Resilience
March 20, 2017
Information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex and externalized, the traditional "perimeter" loses meaning.
Dun & Bradstreet Marketing Database Exposed
March 17, 2017
A Dun & Bradstreet database, 52 GB in size and containing more than 33.6 million records with very specific details, has been exposed. Cybersecurity researcher Troy Hunt, who received it for study, on Wednesday confirmed that the records already were organized and developed as if intended for distribution to a potential client. The database apparently was compiled for the use of marketers.
Crafty Phishing Technique Can Trick Even Tech-Savvy Gmail Users
March 17, 2017
Gmail users recently have been targeted by a sophisticated series of phishing attacks that use emails from a known contact. The emails contain an image of an attachment that appears to be legitimate, according to Wordfence. The sophisticated attack displays "accounts.gmail.com" in the browser's location bar and leads users to what appears to be a legitimate Google sign-in page.
Pro-Turkey Hackers Hit Prominent Twitter Accounts
March 16, 2017
Hundreds, if not thousands, of Twitter users, many of them high-profile, were hacked Tuesday by someone who appeared to support Turkey in its diplomatic row with the Netherlands. Their accounts displayed a Swastika -- reversed to face to the right -- as well as the Turkish flag and hashtags to the Nazialmanya and Nazihollanda accounts, which displayed comments on the attack.
US Charges 2 Russian Intel Agents, 2 Hackers in Yahoo Case
March 16, 2017
The Justice Department has announced charges against four individuals, including two officers of Russia's FSB, for carrying out a massive cyberbreach that affected about 500 million Yahoo account holders. A federal grand jury in Northern California charged the defendants -- the FSB officials and two Russian cybercriminals -- with using stolen data to gain illegal access to numerous accounts.
Federal Agencies Mirror Commercial Websites for Encryption
March 15, 2017
Private and public sector organizations share a common goal in hosting Internet websites: making sure that connections with customers and citizens are secure. However, complete security is not yet universal in either sector. Google and Mozilla, for example, are among many entities promoting Internet security via the adoption of HTTPS versus the basic and less secure HTTP technology.
Facebook Gets Tough on Spy Apps
March 15, 2017
Facebook has updated its Facebook and Instagram policies to prohibit developers from using data obtained from those platforms in surveillance tools, according to Rob Sherman, deputy chief privacy officer. Facebook already has taken enforcement actions against devs who created and marketed surveillance tools in violation of the company's previous policy, he noted.
Malware Found Preinstalled on Dozens of Android Phones
March 13, 2017
Malware has been discovered preinstalled on 36 Android phones belonging to two companies, security software maker Check Point reported. "In all instances, the malware was not downloaded to the device as a result of the users' use -- it arrived with it," noted Oren Koriat, a member of Check Point's Mobile Research Team. The malicious apps were added somewhere along the supply chain.
Donald Trump Should Channel Steve Jobs on Security
March 13, 2017
We saw yet another government breach last week, and more secrets went out to WikiLeaks. I'm of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work. I don't know about you, but I really don't want any organization spying on me -- not even my own government.
Tech Companies Weigh Responses to WikiLeaks Exposure
March 11, 2017
Following WikiLeaks' publication earlier this week of classified documents stolen from the CIA, major technology companies, including Apple, Samsung, Microsoft and Cisco, have been scrambling to assess the risks posed to their customers by the revelations. The so-called "Vault 7" leak includes information about methods and tools the CIA crafted to hack into products produced by those companies.
See More Articles in Security Section >>
Facebook Twitter LinkedIn Google+ RSS
Flexera Software Webinar
How do you feel about flying on a pilotless plane?
No way -- if there's a screw-up, you can't just jump out.
I'd do it -- flights are pretty much entirely automated anyway.
I'm skeptical but open minded, especially if fares would be much less.
I would try it if there were *someone* on board to take over in a pinch.
It's the wave of the future -- I'm resigned to it.