Western Digital has a big problem, and if you use the company's "My Cloud" network-attached storage (NAS) storage devices, you've got one too. The WD My Cloud service is enormously popular because it's so convenient, allowing both business owners and individuals to store their files, perform periodic backups, and of course, access their data from anywhere in the world. Recently, security researchers have discovered an authentication bypass vulnerability that could allow an attacker to gain … Read more
Malware Reports Continue To Rise
We've known for some time now that the next big crisis the internet will have to come to grips with is the dramatic rise of the Internet of Things (IOT). The problem isn't with the devices themselves, which are enormously helpful and rapidly growing in their popularity. Rather, it lies in the fact that the overwhelming majority of IoT manufacturers have been notoriously lax when it comes to building even basic security protocols into the goods they make and sell. The lack of security and … Read more
SmartHome Users Aren’t Keeping Up With Security Updates
The Internet on devices continues to be a major problem when it comes to security. Unfortunately, a big part of the reason why comes down to end users. Recently, Bitdefender released a new report entitled "The IoT Threat Landscape And Top Smart Home Vulnerabilities in 2018," and it paints a grim picture indeed. The average home now contains twenty smart devices, and most of them contain security vulnerabilities. 95 percent of those vulnerabilities reside in the firmware. While the majority … Read more
Another Chrome Extension Is Stealing Passwords
Do you use the Chrome browser extension for the MEGA file storage service? If you do, please read this article carefully. The official extension for that service has been compromised. It has been replaced with a malware version that has the capability to steal user login data for a number of popular websites, including Github, Google, Amazon, Microsoft and more. The extension was compromised on September 4th, when an unknown attacker breached MEGA's Chrome Web Store account and uploaded the … Read more
Name Of Utility Company That Leaked Information Just Released
In 2016, an unnamed US energy company left some 30,000 records (containing information about its security assets) exposed for more than two months (a total of 70 days), in violation of energy sector cyber security regulations. When the incident was initially reported, the name of the company was withheld. That company has now agreed to a $2.7 million-dollar settlement, and its name has now been made public, along with some additional details about the incident. Initially, the company … Read more
Tech Support Scammers Are Advertising Online
Tech Support scams are nothing new, but they are getting increasingly sophisticated. Worse, tech giants like Google are finding it notoriously difficult to detect them. A report recently released by the venerable data security firm, Symantec, indicates that tech support scammers are increasingly integrating call optimization into their schemes, which allows them to insert phone numbers into web pages dynamically. Among other things, this allows the scammers to display the phone number of … Read more
New Versions Of Ransomware Continue To Wreak Havoc
2017 was "The Year of Ransomware." It saw an incredible number of ransomware attacks and infections, paired with a tremendous number of innovations. Although 2018 hasn't seen quite the same level of ransomware activity, it's still a major threat with one company coming under attack about every ten minutes. Although there haven't been as many innovations so far this year, that doesn't mean they're not occurring, and some of the new ransomware strains are particularly nasty. Of interest, … Read more
Most Small Businesses Can’t Recover From Cyber Breaches
A new study recently published by Sitchfast Technologies paints a grim picture of the threat landscape for small and medium-sized business. Their key finding? A staggering 60 percent of small businesses that suffer a data breach of any magnitude go out of business within six months. Worse, one business owner in three does not have a plan or safeguards in place to prevent a breach. The single biggest weak link in the small business landscape is the fact that most employees who work for smaller … Read more
Vulnerability Found In Major Manufacturers Of Android Phones
Researchers operating out of the University of Florida, Stony Brook University and Samsung Research America have made a disturbing discovery. Millions of Android smartphones manufactured by eleven different OEMs (Original Equipment Manufacturers) were found to be vulnerable to attack via AT Commands. If you're not sure what an "AT Command" is, you're not alone. Part of the Hayes Command Set, ATtention Commands were developed in the early 1980s and designed to be transmitted via phone lines to … Read more
Hackers Now Targeting Point Of Sale Systems
There's a new threat to point of sale (POS) systems coming out of Russia, according to security researchers from Booz Allen Hamilton. The malware, which they're calling "RtPOS" isn't bleeding edge technology, and does not approach the level of sophistication of other recently discovered strains, but that doesn't mean it should be taken lightly. These strains include RawPOS, MajikPOS, UDPOS, and Treasure hunter. In its current incarnation, it has a limited feature set and is basically a RAM … Read more
