All Posts Tagged Tag: ‘Security’
In my mind, there are only three good reasons to use a passcode lock on your smartphone. The first is obviously security – you don’t want your dumb friends peeking at your private texts. The second is to prevent butt dialing or any other unknown activities that could stem from accidentally unlocking your phone in a traditional way. And lastly, …
White House workers were reportedly targeted in recent attacks against Google’s Gmail service, said to come from hackers in China. The White House has not indicated who exactly was targeted, but has said that there were no official messages compromised. A report from Devlin Barrett and Siobhan Gorman at the Wall Street Journal says: The hackers likely were hoping the …
The folks over at Hidden must be pretty excited right about now. The Watford, England based company has become the focal point of a story out of Oakland, California about a guy who successfully retrieved his stolen MacBook by using their tracking software. On March 21st, Joshua Kaufman’s MacBook was stolen from his apartment. He reported the crime to the …
Defense contractor Lockheed Martin was recently hit with a cyber attack, but is downplaying the notion of any major threat, as is the U.S. Department of Defense. While little has been revealed in the way of details surrounding the attack, the company says it was able to act quickly and protect critical data. Lockheed Martin released the following statement: On …
MacDefender, MacProtector ,and MacSecurity are the names for a fraudulent “anti-virus software” that is the subject of recent phishing campaigns targeting Mac users. It affects users of Mac OS X 10.4, Mac OS X 10.6, and Mac OS X 10.5. Apple will be putting out a Mac OS X update that will automatically find and remove the malware and its …
Google has been touting the security features of its Chrome OS operating system since it was unveiled last year. Google hopes that both consumers and businesses will go for web-based computing model the operating system offers, which includes instant updates from Google as they are available. Some people are talking about what this means for the online security industry – …
As smartphone and tablet use rises steadily, people may not be fully aware of the security risks for those devices. Enterprise and consumer devices are confronted with a record number of security threats, according to a new study by Juniper Networks. For years, the main focus on protection has been the computer. But according to the study, hackers and malware …
Ever since the PSN went down, and Sony admitted that the cause was an “external intrusion,” the biggest fear for PS3 owners was the issue of compromised information. If someone had breached the PSN, then their personal info and passwords were at risk – god forbid their credit card information was stolen. In official blog posts, Sony eventually told users …
Cyber criminals are exploiting the world’s fascination with the British Royal Wedding, which is taking place on Friday. They’re using the attention the event is getting to bolster spam campaigns and push rogue antivirus software through black hat search tactics, according to security firm Symantec. “As with any major event, criminals have been quick to take advantage of the online …
The Online Trust Alliance (OTA) has announced what it is calling the “Security by design” framework and related guidelines in response to recent data breaches of email marketing firms Epsilon, Cheetah Mail, Silverpop, Return Path, and others who had customer data compromised. “The OTA is reaching out to the email marketing community directly, to commit to updating now their security …
A vulnerability in Skype and Skype Video for Android has been discovered, which can leave sensitive information at the mercy of other, malicious apps. The detective work came from Justin Case at Android Police, who explains, “On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it. My first impressions …
Automattic and WordPress founder Matt Mullenweg announced today that their servers have been hacked, and source code compromised. Specifically, Automattic had a “low-level (root) break-in” to several servers. He said that “potentially anything on those servers could have been revealed.” “We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and …
The Epsilon security breach continues to have people on edge and irritated. Meanwhile, the companies’ with email databases that were compromised continue to send out emails to customers alerting them of the situation. Some are going further, and providing advice on how to procede. For example, Citi customers received an email this morning, warning them of potentail phishing attacks as …
The messages continue to flood inboxes, as a result of the Epsilon security breach, which put consumers’ email addresses into the hands of…someone. I’ve seen my share of messages from the companies that used Epsilon, warning me of the breach, but I can’t say that I’ve noticed an increase in spam so far. I’m getting more emails from these companies …
Hackers have gained the names and email addresses of millions of people who do business with a variety of companies, by way of third-party email marketing provider Epsilon. Epsilon claims to be the world’s largest permission-based email marketing provider, sending over 40 billion emails annually. It works with more than 2,500 clients, including 7 of the Fortune 10. Among company’s …
Less than a month ago, a security incident involving SSL certificates and at least one Iranian hacker took place, startling more than a few experts in the process. Now, demonstrating its technical expertise and general goodwill (along with a sense of self-preservation), Google’s stepped forward with some thoughts. Researchers at the search giant are apparently working on two projects, the …
Google, Yahoo, and Skype users in Iran should be extra cautious online from now on. Evidence suggests that the Iranian government organized an attack focused on obtaining nine secure digital certificates related to major sites. Note that this episode hasn’t quite escalated to the levels we saw when a Chinese attack was the subject of discussion; Google hasn’t made any …
While Firefox 4 could be obtained yesterday, today marks the official release of the Firefox 4 (RC) download. For those who are keen towards browser advancements, these past couple of weeks must feel like heaven. We’ve taken a couple of steps towards the implementation of HTML 5 with the release of Google Chrome 10, Internet Explorer 9, and Firefox 4. …
Yesterday, Verifone posted an open letter, attacking competing credit card reader company Square, showing how criminals could use it to steal credit card info. “The issue is that Square’s hardware is poorly constructed and lacks all ability to encrypt consumers’ data, creating a window for criminals to turn the device into a skimming machine in a matter of minutes,” wrote …
There has been a lot of buzz around Square, the credit card reader service co-founded by Twitter co-founder Jack Dorsey. The service makes it easy for anyone to accept credit card payments, via a card reader that plugs into mobile devices. The company may have a PR disaster on its hands now, however. Douglas G. Bergeron, CEO of VeriFone, which …
Google has released updates to its Chrome browser it says will make complex web apps run more quickly and be more responsive. Chrome has a new settings interface aimed at helping users get to the right settings quickly. A new search box displays settings users are looking for as they type. Users can also copy and paste a link into …
Google announced that it has taken several new steps to keep Android users out of harm’s way with regards to malicious applications. The announcement came a few days after a few such apps were discovered in the market. Google says the apps in question were removed “within minutes” after discovery, but they would have allowed the attackers to access other …
Last summer, Intel announced its intention to acquire McAfee for about $7.68 billion at $48 per share in cash. Today, the company announced the completion of that acquisition.
McAfee will maintain its own brand, and the first "fruits" of the partnership will hit the market later this year, the companies said.
Symantec’s MessageLabs Intelligence recently tracked a new pharmaceutical spam campaign that promotes an online pharmacy, claiming that it is "Google-accredited".
"This is obvious brand hijacking: Google does not host or approve any pharmacy sites," a representative for the security firm tells WebProNews.
Norton has introduced a cybercrime index, which tracks and warns computer users of daily threats.
The Norton Cybercrime Index alerts people to online risks, including the day’s most dangerous websites, the most hijacked search terms by cybercriminals, as well as scams identity theft and spam.
Any hackers who think they know a thing or two about Chrome should strongly consider booking a flight to Vancouver, British Columbia. At the Pwn2Own competition in early March, the first person who can exploit the browser will get $20,000 (and a Cr-48 notebook, if it matters) from Google itself.
We’re not quite sure how the average individual is supposed to celebrate this – don a tinfoil hat and watch a few episodes of The X-Files, perhaps? – but Data Privacy Day is here, and Google’s attempted to acknowledge the occasion in several different ways.
Method of support number one: as you can see from the screenshot below, Google (along with Microsoft) is a sponsor of Data Privacy Day. That means the search giant officially supports The Privacy Projects, which is the nonprofit think tank behind the unusual holiday.
As previously reported, the White House is working on a "National Strategy for Trusted Identities in Cyberspace" or NSTIC, in which it has placed the Commerce Department in charge of an "Identity Ecosystem". The initiative has drawn a mixture of praise and criticism, and judging by our own readers’ comments, there is a whole lot of criticism. More on this here.
Two men have reportedly been charged after allegedly hacking into AT&T’s servers and accessing email addresses and other information from 120,000 iPad users last June. The two, Daniel Spitler and Andrew Auernheimer, have been brought up on fraud and conspiracy charges, according to Reuters, which reports:
Yesterday, Google announced that it would stop supporting the H.264 video codec in Chrome, and in the process, praised the concept of openness. That approach isn’t always popular, however, and a Trend Micro exec cited it when stating that Android devices are less secure than the iPhone.
Earlier this week, a company called Trusteer determined that mobile users are three times more vulnerable to phishing attacks compared to people sitting in front of desktops. Now, in a move that’ll perhaps help address that problem (and others), Trend Micro has released its first security app for the Android platform.
Criminals have a long history of targeting what people like most, and judging from the new 2011 Threat Predictions Report from McAfee, cybercriminals will continue to be no different. McAfee predicted that many of the technologies that gained popularity in the past 12 months may be exploited or attacked by online crooks next year.
One of the wonderful things about the web is that most of the world’s information is accessible online. Better still, a large portion of the world has access to all of that information. Search engines play a huge role in making it easy to sift through that information and find the stuff you are looking for. Problems arise, however, when people who are less scrupulous decide to publish content and decide that the best way to do that is to steal it. Unfortunately, the web makes stealing of your content quite easy, and enforcement of your rights somewhat difficult.
Last week, reports began to circulate that the Nexus S had been rooted. Concerns about Android’s (lack of) security ensued. Android fans shouldn’t worry, however, as this appears to be an authentic "it’s a feature, not a bug" situation.
Non-news along these lines may be a little anticlimactic, but Google has been pretty firm on the matter. The company explained its stance last week and hasn’t tried to go back on that position since.
Update 3. MasterCard is back, and Anonymous (those behind Operation Payback) have issues a press release.
Update 2: The group (Operation Payback) credited with bringing down both MasterCard.com and Visa.com has had its Facebook Page removed for violating terms of service. It’s Twitter account was also suspended.
Update: Visa.com is now down as well. MasterCard.com is still down. (As of 4:30pm Eastern)
Nearly two-thirds (64%) of Americans have not made an online purchase because of security concerns, according to a new poll by the National Cyber Security Alliance (NCSA).
Chalk up another victory for Google in terms of edging out its competitors. Today, well-known security company AVG announced that the Google will replace Yahoo as the search foundation of its antivirus and security products.
This is development supposed to "broaden the search functionality of AVG’s Security Toolbar product and real-time Internet security solution, AVG LinkScanner," AVG explained in a statement.
Generally speaking, Google does well when it comes to lists. It’s often labeled a favorite employer, most trusted brand, or dominant competitor. Unfortunately for the company, Chrome earned the number one spot on a list titled "Top Vulnerable Applications – 2010" today.
Perhaps the best possible thing, from Google’s point of view, would have been if it had announced its vulnerability reward program and then heard nothing at all. But a short while after the program’s launch, Google’s seen a response that it still characterized as "fantastic" as people have been quick to bring problems to light.
In honor of National Cyber Security Awareness Month – and perhaps the holiday when millions of kids give adults 50-50 odds on being tricked – Google’s counseling users to play it safe. The company highlighted guidelines for "protecting your data in the cloud" today.
Federal and state authorities have reportedly charged over 60 people in connection with a global cybercrime scheme using the Zeus Trojan to steal millions of dollars from U.S. bank accounts. Trusteer, a secure browsing service, which claims to be in use by over 12 million online banking customers and protects over 70 banks, shared some commentary on the news with WebProNews. The company says it has deep visibility into criminal activity and the Zeus trojan.
Deloitte and the National Association of State CIOs (NASCIO) are sharing the results of a joint Cyber Security Survey, finding that State Chief Information Security Officers (CISOs) lack the funding, programs, resources and tools to adequately protect their citizens’ data, especially when compared to their counterparts who serve private sector enterprises.
Phishing gangs have been increasing their tactics against brands, social networks, online classifieds and online gaming, according to a new report from the Anti-Phishing Working Group (APWG).
Google has introduced a more secure sign-in capability for Google Apps accounts with two-step verification. The company says this "significantly increases the security of the cloud."
The American Civil Liberties Union and other groups filed a lawsuit today challenging the Department of Homeland Security’s (DHS) policy allowing border agents to search laptops or other electronic devices at the border without reasonable suspicion.
The lawsuit was filed by the ACLU, the New York Civil Liberties Union and the National Association of Criminal Defense Lawyers.
According to a new report from IBM, vulnerability exposures reached record levels in the first half of the year. This info comes courtesy of IBM’s X-Force 2-1- Mid-Year Trend and Risk Report.
Over 4,300 new vulnerabilities were documented by IBM’s R&D team during this time period. This is a 36% increase from the same period last year. 55% of the disclosed vulnerabilities had now vendor-supplied patch at the end of the period.
Some iTunes users are finding that scammers are stealing their money through PayPal. Numerous people have been claiming as much on Twitter and Facebook.
The Chinese search company that is more or less the Google of its home market has sued another organization over its security software. Baidu said in its lawsuit that Qihoo 360’s Safe PC software unfairly identifies its toolbar and address bar as malware.
Symantec detected a trojan within an Android game, which is secretly uploading GPS user location information. A representative for the company tells WebProNews that while the particular instance doesn’t really represent a major security threat, "it does demonstrate how new mobile threats are emerging and evolving."
Rupert Murdoch is excited about tablets. The Guardian has a piece quoting him as calling them "a perfect platform" for cheap and convenient, up-to-date News Corp. content. He says the company has "tens of thousands of readers" through apps for the Wall Street Journal, the Times and the Australian.
Android device owners can perhaps stop frantically deleting apps from their phones. An app that appeared to represent a serious security risk – supposedly transmitting users’ passwords, browsing histories, and text messages to someone in China – has been found to mine much less data than early reports indicated.
Google has introduced a new Government Edition of Google Apps. It includes all of the features of other Google Apps editions, but adds policy and security features. Google says it was designed with guidance from the federal government, as well as the Cities of Los Angeles and Orlando.
Google Apps for Government stores Gmail and Calendar data in a segregated system located in the continental United States, exclusively for government customers.
A new report from Symantec’s MessageLabs finds that short URLs in spam have reached a "historical peak". This type of spam has increased significantly over the past year.
Spam containing shortened links hit a one day peak of 18%, or 23.4 billion spam emails, on April 30, 2010, doubling last year’s peak levels when spam with shortened links accounted for 9.3% of spam (more than 10 billion spam emails) on July 28, 2009.
The United States continues to be the top country for spam, accounting for 15.2 percent of all global spam, an increase from 13.1 percent in the first quarter of 2010, according to a new report by Sophos.
India trails the U.S., accounting for 7.7 percent of worldwide spam, followed by Brazil (5.5%), the UK (4.6%) and South Korea (4.2%).
Symantec has released its annual MessageLabs Intelligence Special Report, ranking the most spammed U.S. states and territories.
According to the report, Idaho receives the most spam (for the second year in a row), at a rate of 95.2%. The top spammed states are Idaho, Alabama, and South Carolina, with spam rates above 93%. The national average is only 89.3%. Indiana, Tennessee, Illinois, Utah, Washington, New Hampshire and North Carolina are next in line.
Research in Motion (RIM) has unveiled a new security application for BlackBerry called BlackBerry Protect. The product allows users to wirelessly backup, restore, and locate their BlackBerry smartphones.
BlackBerry Protect comes equipped with remote device wipe, remote device lock, a "lost and found" screen, the ability to locate the device on a map, remote activation of the loud ringer.
The U.S. National Security Agency is launching a program called "Perfect Citizen" aimed at detecting cyberattacks on private companies and government agencies running critical infrastructure such as the electricity grid and nuclear power plants.
Perfect Citizen would rely on a set of sensors deployed in computer networks for critical infrastructure that would flag "unusual activity" signaling an impending cyberattack, according to the Wall Street Journal.
Yesterday a questionable report from SMobile Systems was released talking about Android security and how a fifth of Android apps pose security risks. The methodology behind this report has pretty much been ridiculed throughout the Blogosphere, though quite a few publications covered it. CNET even went so far as to retract the report.
Everyone would do well to show a little caution when browsing the Android Market, according to a new report. SMobile Systems – which specializes in security issues pertaining to mobile phones and the wireless infrastructure – believes 20 percent of the available applications allow third parties access to info better left unshared.