Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.To read this article in full or to leave a comment, please click here
Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.
On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.
WikiLeaks has redacted the actual source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump -- if real -- still exposes some of the techniques that the CIA has allegedly been using.To read this article in full or to leave a comment, please click here
Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.
On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.
WikiLeaks has redacted the actual source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump -- if real -- still exposes some of the techniques that the CIA has allegedly been using.To read this article in full or to leave a comment, please click here
Chinese smartphone maker ZTE has agreed to pay US$892 million to the U.S. government for illegally selling networking technology to Iran.
ZTE entered a guilty plea over the charges, which include violating export controls meant to keep sensitive U.S. technology away from the Iranian government, the U.S Department of Justice said on Tuesday.
"They (ZTE) lied to federal investigators and even deceived their own counsel and internal investigators about their illegal acts," Attorney General Jeff Sessions said in a statement.To read this article in full or to leave a comment, please click here
Chinese smartphone maker ZTE has agreed to pay US$892 million to the U.S. government for illegally selling networking technology to Iran.
ZTE entered a guilty plea over the charges, which include violating export controls meant to keep sensitive U.S. technology away from the Iranian government, the U.S Department of Justice said on Tuesday.
"They (ZTE) lied to federal investigators and even deceived their own counsel and internal investigators about their illegal acts," Attorney General Jeff Sessions said in a statement.To read this article in full or to leave a comment, please click here
Consumer Reports, a major source for gadget and appliance reviews in the U.S., plans to start rating products on data security and privacy.On Monday, the non-profit publication unveiled a set of new testing standards it hopes will push the tech industry to create safer products."The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data," the publication said.Already, cybersecurity experts are constantly finding new tech products, whether they be cars or smart teddy bears, that are often poorly secured and easy to hack. To read this article in full or to leave a comment, please click here
Consumer Reports, a major source for gadget and appliance reviews in the U.S., plans to start rating products on data security and privacy.On Monday, the non-profit publication unveiled a set of new testing standards it hopes will push the tech industry to create safer products."The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data," the publication said.Already, cybersecurity experts are constantly finding new tech products, whether they be cars or smart teddy bears, that are often poorly secured and easy to hack. To read this article in full or to leave a comment, please click here
One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email. PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.To read this article in full or to leave a comment, please click here
One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email. PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.To read this article in full or to leave a comment, please click here
If your company has experienced a data breach, it's probably a good idea to thoroughly investigate it promptly.Unfortunately, Yahoo didn't, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.To read this article in full or to leave a comment, please click here
If your company has experienced a data breach, it's probably a good idea to thoroughly investigate it promptly.Unfortunately, Yahoo didn't, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.To read this article in full or to leave a comment, please click here
More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.Google has already removed the apps from its Play store. But what's interesting is the developers behind the apps probably aren't to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post.To read this article in full or to leave a comment, please click here
More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.Google has already removed the apps from its Play store. But what's interesting is the developers behind the apps probably aren't to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post.To read this article in full or to leave a comment, please click here
Did a toymaker ignore warnings about a data breach? That’s a key question swirling around Spiral Toys, a company behind a line of smart stuffed animals that security researchers worry can be easily hacked.On Tuesday, Spiral Toys said the breach, which affects 800,000 user accounts, only came to its attention last week on Feb. 22.The statement is raising eyebrows. One researcher named Victor Gevers began contacting the toymaker about the problem in late December, when he noticed that a company MongoDB database storing customer information was publicly exposed.To read this article in full or to leave a comment, please click here
Did a toymaker ignore warnings about a data breach? That’s a key question swirling around Spiral Toys, a company behind a line of smart stuffed animals that security researchers worry can be easily hacked.On Tuesday, Spiral Toys said the breach, which affects 800,000 user accounts, only came to its attention last week on Feb. 22.The statement is raising eyebrows. One researcher named Victor Gevers began contacting the toymaker about the problem in late December, when he noticed that a company MongoDB database storing customer information was publicly exposed.To read this article in full or to leave a comment, please click here
If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach dealing with more than 800,000 user accounts.The breach, which grabbed headlines on Monday, is drawing concerns from security researchers because it may have given hackers access to voice recordings from the toy's customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked. "Were voice recordings stolen? Absolutely not," said Mark Myers, CEO of the company.Security researcher Troy Hunt, who tracks data breaches, brought the incident to light on Monday. Hackers appear to have accessed an exposed CloudPets' database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January, he said in a blog post.To read this article in full or to leave a comment, please click here
If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach dealing with more than 800,000 user accounts.The breach, which grabbed headlines on Monday, is drawing concerns from security researchers because it may have given hackers access to voice recordings from the toy's customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked. "Were voice recordings stolen? Absolutely not," said Mark Myers, CEO of the company.Security researcher Troy Hunt, who tracks data breaches, brought the incident to light on Monday. Hackers appear to have accessed an exposed CloudPets' database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January, he said in a blog post.To read this article in full or to leave a comment, please click here
Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it'll ever become an official feature in the company’s browser.On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it's become a "full community-driven open source project," the company said in a blog post.To read this article in full or to leave a comment, please click here
Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it'll ever become an official feature in the company’s browser.On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it's become a "full community-driven open source project," the company said in a blog post.To read this article in full or to leave a comment, please click here
If your computer’s been hacked, Dale Drew might actually know something about that.He's CSO (chief security officer) at Level 3 Communications, a major internet backbone provider that's routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.Hackers have managed to hijack those computers to "cause harm to the internet," but the owners don't always know that, Drew said. To read this article in full or to leave a comment, please click here
Michael Kan