Security researchers at UpGuard recently made a terrifying discovery in finding an unprotected Amazon S3 server containing several databases belonging to a data analytics provider called Alteryx. While the server contained a variety of databases, the two that are of biggest concern belonged to Alteryx's business partners, Experian and the US Census Bureau. Of these, far and away the most damaging database was the one belonging to Experian. As a credit reporting agency, Experian has access … Read more
Archives for December 2017
USB Drives Could Be Huge Factor In Data Loss, Theft
Most people agree that the use of USB drives increases efficiency and boosts productivity, which goes a long way toward explaining their popularity, but these handy little drives can also be problematic. According to a recently published survey by Apricorn, 87 percent of employees surveyed report that they have lost or had a USB drive stolen and failed to notify their employer. Worse, 80 percent of employees surveyed reported using non-encrypted USB drives that they've often acquired for free … Read more
Popular Android Keyboard App Collected Private Information, Has Been Breached
How many apps do you have on your smartphone? Do you know how much data they're collecting about you? Most people have scores of apps installed (and often hundreds), even if they only use a few on a regular basis, and shockingly, most users have no idea just how much information those apps are collecting about them. However much you imagine, the answer is probably "more." This point was driven home painfully, courtesy of a recent discovery by a team of researchers at the Kromtech … Read more
Large Number Of HP Models May Have Keyloggers
HP is in the news again. If you missed the initial story, earlier in the year, it was reported that an audio driver that came pre-installed on a number of HP laptops contained keylogging code that stored every keystroke made by the person using the machine to a human-readable file. Once discovered, HP issued a patch that removed the keylogging function and deleted the data file. Now, an independent security researcher going by the name "ZwClose" has discovered more built-in keyloggers in 460 … Read more
New Facebook Messenger App For Kids Raises Privacy Questions
On the surface, the new Facebook For Kids messenger app looks like a solid win that should put the minds of parents all over the world at ease. The company conducted extensive interviews and assembled a Blue-Ribbon panel of experts to help them craft the new tool, aimed at children ages 6-12. The app itself is user-friendly and filled with bright, cheerful primary colors that appeal to kids, but there are problems, or, at the very least, valid concerns. For one thing, Facebook has made no … Read more
Files Containing Nearly 1.5 Billion Passwords Leaked On The Internet
Researchers from the security firm 4iQ have made a disturbing discovery on the dark web. A massive repository has been discovered that contains a staggering 1.4 billion usernames and passwords in plain text. The repository is well organized, with each letter of the alphabet having its own directory to facilitate rapid search, and 4iQ has tested a subset of the data it contains and found an alarming percentage of the usernames and passwords to be viable. It should be noted that this data … Read more
New “MailSploit” Allows Email Spoofing
Phishing attacks just got a whole lot easier. A German security researcher named Sabri Haddouche has recently discovered a set of email vulnerabilities that have been collectively dubbed "Mailsploit." At the root, these vulnerabilities stem from the way most email systems interpret addresses encoded with a 1992 standard called RFC-1342. The standard is that all information in an email header must be an ASCII character. If a non-ASCII character is encountered, it gets converted. … Read more
Some Websites Can Force Your Computer To Mine Cryptocurrency
Researchers at Malwarebytes have discovered a new exploit that allows malicious website owners to use your PC to mine various forms of cryptocurrency, even if you exit the browser window the malicious site was displayed on. The exploit relies on a smart pop-under trick. A code on the website determines your monitor's resolution and places a ghost browser session sitting behind the clock on the MS Windows task bar, where it continues to mine cryptocurrency, utilizing a portion of your CPU's … Read more
Some Computer Manufacturers Are Disabling Intel Chip Firmware
Intel is catching some flak for releasing CPU technology that's filled with security flaws. At issue is Intel's Management Engine (ME), which is designed for Enterprise use and is of no real value on equipment designed for personal or home use. Although many popular PC and laptop manufacturers, including Acer, Panasonic, Lenovo, Fujitsu, HP, and others are selling equipment with Intel ME enabled, so far, three hardware vendors have opted to disable the firmware. These three vendors are … Read more
Ransomware Attackers Are Increasing Their Attacks On Businesses
The ransomware ecosystem is maturing. Strains are divided into "families" and the number of new families that have been discovered in 2017 is half what it was in 2016. Even so, the total number of attacks targeting businesses have risen by 26 percent over last year's totals, according to the latest statistics released by Kaspersky Lab. Rather than inventing wholly new software strains, hackers around the world seem content to modify existing strains, with the number of modifications growing … Read more
