According to the Kremlin, Russia prevented almost twenty five million cyber-attacks during the World Cup this year. President Vladimir Putin praised the nation's digital security forces by saying the following: "I expect that your close and constructive interaction will continue and will contribute to ensuring the security of our states and our citizens in the future." Given the high-profile nature of the event, it was hardly a surprise that it would be a tempting target. In a survey … Read more
Clinic Employee Learns That Traveling Increases Data Theft Risk
On May 14th, the Billings Clinic in Montana issued a breach notification statement, which explained that they detected unusual activity within one of its employee's email accounts. The employee in question was traveling overseas on a medical mission when the email account was compromised. "As a result of the forensics investigation, we learned that an unauthorized individual had access to emails and attachments within that one account, some of which included patient information." As for … Read more
Thermal Imaging Could Help Thieves Steal Your Passwords
As if there weren't enough ways for hackers to steal your passwords, now, there's thermal imaging. If that sounds like something straight out of a science fiction movie, think again. Researchers from the University of California at Irvine recently discovered and demonstrated a technique that involves the use of a thermal imaging camera to capture heat traces left by human fingertips as they type passwords into a keyboard. In fact, their technique is effective for up to thirty seconds after … Read more
Massive Breach Affects 21 Million Users Of Timehop App
Do you use Timehop? If you're not sure what that is, it's a popular, clever little app that reminds social media users about posts they've made in the past. It can be quite handy, especially if you're active on numerous social media accounts. Unfortunately, the bloom is off the rose for Timehop. Recently, the company announced that it had suffered a breach on the Fourth of July, which gave the hackers virtually unfettered access to the company's cloud servers for more than two hours. … Read more
Malware Created Using Stolen Legitimate Security Certificate From D-Link
Researchers from the digital security firm ESET have recently spotted a new malware campaign with a nasty twist. It was created using a legitimate security certificate stolen from D-Link. The malware appears to be the work of an Advanced Persistent Threat group known as BlackTech, which primarily targets high profile users and firms in Asia, with a particular emphasis on Japan, Hong Kong and Taiwan. BlackTech is responsible for two different malware families, PLEAD and the DRIGO … Read more
Open Database Exposes Info Of 340 Million People
Internet security researcher Vinny Trola recently made a huge and disturbing discovery. A marketing firm called Exactis had left a massive database unsecured, allowing anyone who stumbled across it to access it. As a marketing firm, Exactis collects simply mind-boggling amounts of data on consumers all over the globe. The database in question was a staggering two terabytes in size, and contained more than 150 data fields. Social security numbers were not included in the exposed data. A … Read more
Watch Out For Rise In Microsoft Office Attacks
Menlo Security has recently published a new report that will probably dismay you if you're a business owner. Microsoft Office has been named as the attack vector of choice for hackers around the world. The most common form of the attack is a malicious Word document or other office document attached to an innocent looking email. There are, of course, plenty of other ways to take advantage of various security weaknesses in MS Office and Office 365. These include the use of remotely hosted … Read more
Vulnerability In Mac OS Went Unnoticed For Years
Researchers at Okta Security have stumbled across something big. Recently, they discovered a flaw in Apple's OS that would have allowed hackers to completely undermine Apple's code signing process. While at first glance that doesn't sound so bad, the implications are terrifying. In a nutshell, code signing uses cryptographic "signatures" to verify and validate code. If code bears the digital signature, it is considered trusted. If it's trusted, then it's given an automatic free pass, … Read more
Google Cracking Down On 3rd Party Browser Extension Installs
Malicious code can wind up on your PC or phone by any number of roads. Companies do their best to guard the digital passes, but invariably, things get missed and the hackers find a way in. It's a constant battle, and sadly, one that the good guys are losing. Recently Google has stepped up its efforts, this time by focusing on Chrome browser extensions installed by third parties. By the end of the year, no extensions will be allowed on Chrome except for those acquired via the Web … Read more
Another Vulnerability Found In Intel CPU’s
More bad news for Intel. Yet another security flaw has been identified in the processors the company makes. This one is so newly discovered that the full technical details have yet to be released. Here's what we know so far, from a recent Intel announcement: "System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch...Lazy restored states are potentially vulnerable to exploits where one process may infer register values of … Read more
