HP is in the news again. If you missed the initial story, earlier in the year, it was reported that an audio driver that came pre-installed on a number of HP laptops contained keylogging code that stored every keystroke made by the person using the machine to a human-readable file. Once discovered, HP issued a patch that removed the keylogging function and deleted the data file. Now, an independent security researcher going by the name "ZwClose" has discovered more built-in keyloggers in 460 … Read more
New Facebook Messenger App For Kids Raises Privacy Questions
On the surface, the new Facebook For Kids messenger app looks like a solid win that should put the minds of parents all over the world at ease. The company conducted extensive interviews and assembled a Blue-Ribbon panel of experts to help them craft the new tool, aimed at children ages 6-12. The app itself is user-friendly and filled with bright, cheerful primary colors that appeal to kids, but there are problems, or, at the very least, valid concerns. For one thing, Facebook has made no … Read more
Files Containing Nearly 1.5 Billion Passwords Leaked On The Internet
Researchers from the security firm 4iQ have made a disturbing discovery on the dark web. A massive repository has been discovered that contains a staggering 1.4 billion usernames and passwords in plain text. The repository is well organized, with each letter of the alphabet having its own directory to facilitate rapid search, and 4iQ has tested a subset of the data it contains and found an alarming percentage of the usernames and passwords to be viable. It should be noted that this data … Read more
New “MailSploit” Allows Email Spoofing
Phishing attacks just got a whole lot easier. A German security researcher named Sabri Haddouche has recently discovered a set of email vulnerabilities that have been collectively dubbed "Mailsploit." At the root, these vulnerabilities stem from the way most email systems interpret addresses encoded with a 1992 standard called RFC-1342. The standard is that all information in an email header must be an ASCII character. If a non-ASCII character is encountered, it gets converted. … Read more
Some Websites Can Force Your Computer To Mine Cryptocurrency
Researchers at Malwarebytes have discovered a new exploit that allows malicious website owners to use your PC to mine various forms of cryptocurrency, even if you exit the browser window the malicious site was displayed on. The exploit relies on a smart pop-under trick. A code on the website determines your monitor's resolution and places a ghost browser session sitting behind the clock on the MS Windows task bar, where it continues to mine cryptocurrency, utilizing a portion of your CPU's … Read more
Some Computer Manufacturers Are Disabling Intel Chip Firmware
Intel is catching some flak for releasing CPU technology that's filled with security flaws. At issue is Intel's Management Engine (ME), which is designed for Enterprise use and is of no real value on equipment designed for personal or home use. Although many popular PC and laptop manufacturers, including Acer, Panasonic, Lenovo, Fujitsu, HP, and others are selling equipment with Intel ME enabled, so far, three hardware vendors have opted to disable the firmware. These three vendors are … Read more
Paypal-Owned Company Sees Breach Of 1.6 Million Customers
TIO Networks, a cloud-based, multi-channel bill payment platform purchased by Paypal for $233 million in 2017, was breached earlier this year, exposing PII (Personally Identifiable Information) for an estimated 1.6 million of the service's users. TIO Networks primarily does payment processing and accounts receivables for cable, utility, wireless and telecom companies in North America. If you do business with TIO, it's possible that your company or personal information may have been … Read more
Former Employees Pose Serious Risk To Security
The Department of Health and Human Services' Office for Civil Rights (OCR) has reminded those who deal with PHI and PII of the dangers that terminated employees can pose to system security in their monthly cyber security newsletter. Their advice is as timely as it is excellent, and includes the following: "Making sure that user accounts are terminated so that former workforce members don't have access to data is one important way Identity and Access Management can help reduce risks posed by … Read more
Many Consumers Would Withdraw Business From Companies If Data Breached
You've probably heard the phrase "the customer is always right" a thousand times. It's a truism in the business world, except when it isn't. A recent survey released by Gemalto reveals a dismaying dichotomy that's costing businesses around the world big money. Only 27 percent of consumers surveyed feel that businesses do enough to protect customer data, and an overwhelming 70 percent of them say that they'd take their business elsewhere if a company suffered a data breach. Unfortunately, … Read more
Windows 10 Now Installed On Over 600M Machines
When Microsoft first released Windows 10, the company boasted that it would try to get its new OS running on a billion devices by 2018. Time and circumstance have conspired to make that lofty goal unlikely, and the company has since retreated from it. However, according to statistics released at a recent shareholder's meeting, there are now more than 600 million devices utilizing it, including PCs, tablets, HoloLens headsets, Surface Hubs and Xbox One consoles. It's an impressive number, … Read more
