Security researchers at UpGuard recently made a terrifying discovery in finding an unprotected Amazon S3 server containing several databases belonging to a data analytics provider called Alteryx. While the server contained a variety of databases, the two that are of biggest concern belonged to Alteryx's business partners, Experian and the US Census Bureau. Of these, far and away the most damaging database was the one belonging to Experian. As a credit reporting agency, Experian has access … Read more
Popular Android Keyboard App Collected Private Information, Has Been Breached
How many apps do you have on your smartphone? Do you know how much data they're collecting about you? Most people have scores of apps installed (and often hundreds), even if they only use a few on a regular basis, and shockingly, most users have no idea just how much information those apps are collecting about them. However much you imagine, the answer is probably "more." This point was driven home painfully, courtesy of a recent discovery by a team of researchers at the Kromtech … Read more
Large Number Of HP Models May Have Keyloggers
HP is in the news again. If you missed the initial story, earlier in the year, it was reported that an audio driver that came pre-installed on a number of HP laptops contained keylogging code that stored every keystroke made by the person using the machine to a human-readable file. Once discovered, HP issued a patch that removed the keylogging function and deleted the data file. Now, an independent security researcher going by the name "ZwClose" has discovered more built-in keyloggers in 460 … Read more
Files Containing Nearly 1.5 Billion Passwords Leaked On The Internet
Researchers from the security firm 4iQ have made a disturbing discovery on the dark web. A massive repository has been discovered that contains a staggering 1.4 billion usernames and passwords in plain text. The repository is well organized, with each letter of the alphabet having its own directory to facilitate rapid search, and 4iQ has tested a subset of the data it contains and found an alarming percentage of the usernames and passwords to be viable. It should be noted that this data … Read more
New “MailSploit” Allows Email Spoofing
Phishing attacks just got a whole lot easier. A German security researcher named Sabri Haddouche has recently discovered a set of email vulnerabilities that have been collectively dubbed "Mailsploit." At the root, these vulnerabilities stem from the way most email systems interpret addresses encoded with a 1992 standard called RFC-1342. The standard is that all information in an email header must be an ASCII character. If a non-ASCII character is encountered, it gets converted. … Read more
Some Websites Can Force Your Computer To Mine Cryptocurrency
Researchers at Malwarebytes have discovered a new exploit that allows malicious website owners to use your PC to mine various forms of cryptocurrency, even if you exit the browser window the malicious site was displayed on. The exploit relies on a smart pop-under trick. A code on the website determines your monitor's resolution and places a ghost browser session sitting behind the clock on the MS Windows task bar, where it continues to mine cryptocurrency, utilizing a portion of your CPU's … Read more
Ransomware Attackers Are Increasing Their Attacks On Businesses
The ransomware ecosystem is maturing. Strains are divided into "families" and the number of new families that have been discovered in 2017 is half what it was in 2016. Even so, the total number of attacks targeting businesses have risen by 26 percent over last year's totals, according to the latest statistics released by Kaspersky Lab. Rather than inventing wholly new software strains, hackers around the world seem content to modify existing strains, with the number of modifications growing … Read more
Paypal-Owned Company Sees Breach Of 1.6 Million Customers
TIO Networks, a cloud-based, multi-channel bill payment platform purchased by Paypal for $233 million in 2017, was breached earlier this year, exposing PII (Personally Identifiable Information) for an estimated 1.6 million of the service's users. TIO Networks primarily does payment processing and accounts receivables for cable, utility, wireless and telecom companies in North America. If you do business with TIO, it's possible that your company or personal information may have been … Read more
Many Consumers Would Withdraw Business From Companies If Data Breached
You've probably heard the phrase "the customer is always right" a thousand times. It's a truism in the business world, except when it isn't. A recent survey released by Gemalto reveals a dismaying dichotomy that's costing businesses around the world big money. Only 27 percent of consumers surveyed feel that businesses do enough to protect customer data, and an overwhelming 70 percent of them say that they'd take their business elsewhere if a company suffered a data breach. Unfortunately, … Read more
Fake Symantec Blog Post Is Spreading Mac Malware
Sometimes hackers opt for a stealthy approach. Other times, their attempts are downright brazen. That's definitely the case with a newly launched malware campaign that seeks to spread "Proton Mac," a strain of malware designed to steal passwords from Mac users. The hackers registered a domain very similar to Symantec's blog, mirrored its content and then created a fake post about a new version of CoinThief, which was moderately successful back in 2014. After going into a bit of faux … Read more
