Dropbox prompts certain users to change their passwords

Dropbox is asking users who signed up before mid-2012 to change their passwords if they haven’t done so since then.The cloud storage service said it was asking users to change their passwords as a preventive measure, and not because there is any indication that their accounts were improperly accessed.Dropbox said it was taking the measure because its security teams learned about an old set of Dropbox user credentials, consisting of email addresses and hashed and salted passwords, which it believes were obtained in 2012 and could be linked to an incident the company reported around the time.In July 2012, Dropbox said its investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of of Dropbox accounts. It said it had contacted the users affected to help them protect their accounts.To read this article in full or to leave a comment, please click here

Dropbox prompts certain users to change their passwords

Dropbox is asking users who signed up before mid-2012 to change their passwords if they haven’t done so since then. The cloud storage service said it was asking users to change their passwords as a preventive measure, and not because there is any indication that their accounts were improperly accessed. Dropbox said it was taking the measure because its security teams learned about an old set of Dropbox user credentials, consisting of email addresses and hashed and salted passwords, which it believes were obtained in 2012 and could be linked to an incident the company reported around the time. In July 2012, Dropbox said its investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of of Dropbox accounts. It said it had contacted the users affected to help them protect their accounts.To read this article in full or to leave a comment, please click here

U.S. convicts Russian hacker in credit card theft scheme

Jurors in a U.S. federal court have convicted a Russian hacker of stealing and selling more than 2 million credit card numbers.On Thursday, the jury in Seattle found Roman Valerevich Seleznev guilty of charges related to his hacking of point-of-sale systems.Seleznev was arrested in 2014 after U.S. authorities accused him of installing malicious software on point-of-sale systems in U.S. restaurants .From 2009 to 2013, Seleznev used this scheme to steal credit card data from businesses and send it back to his servers in Ukraine and McLean, Virginia. The stolen data was then sold on the black market, with Seleznev promising that buyers could make fraudulent purchases with them.To read this article in full or to leave a comment, please click here

U.S. convicts Russian hacker in credit card theft scheme

Jurors in a U.S. federal court have convicted a Russian hacker of stealing and selling more than 2 million credit card numbers.On Thursday, the jury in Seattle found Roman Valerevich Seleznev guilty of charges related to his hacking of point-of-sale systems.Seleznev was arrested in 2014 after U.S. authorities accused him of installing malicious software on point-of-sale systems in U.S. restaurants .From 2009 to 2013, Seleznev used this scheme to steal credit card data from businesses and send it back to his servers in Ukraine and McLean, Virginia. The stolen data was then sold on the black market, with Seleznev promising that buyers could make fraudulent purchases with them.To read this article in full or to leave a comment, please click here

Notes on the Apple/NSO Trident 0days

I thought I'd write up some comments on today's news of the NSO malware using 0days to infect human rights activist phones. For full reference, you want to read the Citizen's Lab report and the Lookout report.


Press: it's news to you, it's not news to us

I'm seeing breathless news articles appear. I dread the next time that I talk to my mom that she's going to ask about it (including "were you involved"). I suppose it is new to those outside the cybersec community, but for those of us insiders, it's not particularly newsworthy. It's just more government malware going after activists. It's just one more set of 0days.

I point this out in case press wants to contact for some awesome sounding quote about how exciting/important this is. I'll have the opposite quote.


Don't panic: all patches fix 0days

We should pay attention to context: all patches (for iPhone, Windows, etc.) fix 0days that hackers can use to break into devices. Normally these 0days are discovered by the company itself or by outside researchers intending to fix (and not exploit) the problem. What's different here is that where most 0days are just a theoretical danger, these Continue reading

12 tips to help SMBs select and manage vendors

Picking good suppliers and partners is critical to your company’s success, especially a smaller, growing business. Pick a vendor that is difficult to work with, doesn’t provide a service as promised, isn’t there when you need help and/or hits you with hidden fees, and your company could be in serious trouble. So what steps can you take to help ensure you don’t wind up in a bad business relationship? Here are 12 strategies for selecting the right business partners and suppliers. 1. Make a list of your requirements and expectations. “One of the most important parts of creating and maintaining vendor/partner relationships is to have very clearly spelled out expectations at the onset,” says Diane Helbig of Seize This Day. “Establish an understanding of what each party will bring to the relationship, when and how. That gives you something to measure the relationship against and let’s your partner/vendor know not only what you want from them, but what you will be bringing to the relationship.”To read this article in full or to leave a comment, please click here

Windows 10 troubleshooting and fixes revisited

Long before the Windows 10 Anniversary Update appeared, it was obvious that Microsoft was putting more energy and effort into its troubleshooting tools. These are readily available by typing "trouble" into Cortana (or the search box, if you prefer) and then selecting the Troubleshooting (Control panel) result. What I didn't know at the time was that the future of Windows 10 didn't include fix-its.To read this article in full or to leave a comment, please click here(Insider Story)

Apple patches iOS security flaws found in spyware targeting activist

To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here

Apple patches iOS security flaws found in spyware targeting activist

To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here

Apple patches iOS against potent zero-day spyware attack

Apple is issuing patches for three iOS zero-day vulnerabilities known as Trident that have been exploited for years by an Israel-based spyware vendor against a human rights activist, an investigative journalist and others.The attack, called Pegasus, is flexible, letting attackers steal a broad range of data from iPhones and iPads, according to the firms that discovered it.“In this case, the software is highly configurable: depending on the country of use and feature sets purchased by the user, the spyware capabilities include accessing messages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and others,” according to a blog post by Lookout Security, which, along with Citizen Lab, unearthed the vulnerabilities and Pegasus.To read this article in full or to leave a comment, please click here

Apple patches iOS against potent zero-day spyware attack

Apple is issuing patches for three iOS zero-day vulnerabilities known as Trident that have been exploited for years by an Israel-based spyware vendor against a human rights activist, an investigative journalist and others.The attack, called Pegasus, is flexible, letting attackers steal a broad range of data from iPhones and iPads, according to the firms that discovered it.“In this case, the software is highly configurable: depending on the country of use and feature sets purchased by the user, the spyware capabilities include accessing messages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and others,” according to a blog post by Lookout Security, which, along with Citizen Lab, unearthed the vulnerabilities and Pegasus.To read this article in full or to leave a comment, please click here

Informatica CEO: ‘Data security is an unsolved problem’

Companies today are awash in data, but current tools and processes are not enabling them to keep it secure.That's according to Informatica CEO Anil Chakravarthy, whose says his company -- which has traditionally focused on data management and integration -- is embarking on a major push to go further into data security."You hear about breaches all the time -- just imagine all the ones you're not hearing about," Chakravarthy said in a recent interview. "Data security today is an unsolved problem for customers."Last year, Informatica launched a product called Secure@Source that promises a data-centric approach to information security by helping organizations identify and visualize sensitive data wherever it resides.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Survey: Kids now online at age 3

The Internet has changed young children’s lives and they now are as comfortable picking up an iPad as they are a coloring book.Kids now spend twice as much time on the Internet as they did 10 years ago, and it’s escalating, research from an age-verification software developer has discovered.UK-based Agechecked says that over a quarter of kids there (28 percent) are using the Internet before they attend their first school. The statutory school age there is from five years old.And “one in six children, or 16 percent, begin their online experience at age three or under” the report (PDF) claims. Parents need to get aware, the company believes, and they should be acquainting themselves with their kids’ habits.To read this article in full or to leave a comment, please click here

1 2,485 2,486 2,487 2,488 2,489 3,609