After announcing that 300 million devices are running Windows 10, Microsoft said its free upgrade offer ends on July 29. If you want Windows 10 after that date, then you can purchase the $119 Windows 10 Home version or buy a new device running Windows 10.The free upgrade offer will not end, however, for Windows customers who have accessibility issues. The Microsoft Accessibility Blog wrote:To read this article in full or to leave a comment, please click here
Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all your passwords, a strong and unique password for every site where you login, and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.Intel/McAfee is again trying to convince people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.World Password Day is as good a day as any to talk about password sharing.To read this article in full or to leave a comment, please click here
Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all of your passwords—a strong and unique password for every site where you login—and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.Intel/McAfee is again trying to persuade people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.World Password Day is as good a day as any to talk about password sharing.To read this article in full or to leave a comment, please click here
Monday is still the busiest day of the week for DDoS attacks with Thursday replacing Tuesday as the second most active day.According to Kaspersky Lab’s DDoS intelligence report covering the first quarter of 2016, 74 countries were targeted by DDoS attacks, with China, South Korea and the USA as the top three most-targeted countries. There was slight drop in the percentage of attacks targeting resources in the USA.SYN, TCP and HTTP were the top three most popular DDoS attack methods in Q1. Kaspersky Lab's Q1 2016 DDoS Intelligence Report
Most botnet attacks are launched from Windows, 55.5% in Q1 2016, compared to 44.5% being Linux-based attacks. South Korea still has the most C&C servers, followed by China, “other,” USA, Russia, a tie by Great Britain and the Netherlands, followed by France.To read this article in full or to leave a comment, please click here
Monday is still the busiest day of the week for DDoS attacks, with Thursday replacing Tuesday as the second most-active day.According to Kaspersky Lab’s DDoS intelligence report covering the first quarter of 2016, 74 countries were targeted by DDoS attacks, with China, South Korea and the the United States as the top three most-targeted countries. There was slight drop in the percentage of attacks targeting resources in the U.S.SYN, TCP and HTTP were the top three most-popular DDoS attack methods in Q1.To read this article in full or to leave a comment, please click here
Monday is still the busiest day of the week for DDoS attacks, with Thursday replacing Tuesday as the second most-active day.According to Kaspersky Lab’s DDoS intelligence report covering the first quarter of 2016, 74 countries were targeted by DDoS attacks, with China, South Korea and the the United States as the top three most-targeted countries. There was slight drop in the percentage of attacks targeting resources in the U.S.SYN, TCP and HTTP were the top three most-popular DDoS attack methods in Q1.To read this article in full or to leave a comment, please click here
Researchers from the University of Michigan and Microsoft Research took aim at Samsung’s SmartThings and came up with four proof-of-concept attacks that they believe should make SmartThings owners a bit paranoid by thinking about worst case scenarios in which hackers remotely take control of your home.If a hacker could unlock your door while you are sleeping, then your safety is at risk. If the door is unlocked while you were away, then you might have come home to discover all your cool tech is gone. If a hacker could continually set off your smoke alarm, then your sanity might be tested.None of those examples are out of the realm of possibility as the researchers exploited SmartThings framework design flaws and developed attacks which included stealing door lock PIN codes, changing the lock code, triggering a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”To read this article in full or to leave a comment, please click here
Researchers from the University of Michigan and Microsoft Research took aim at Samsung’s SmartThings and came up with four proof-of-concept attacks that they believe should make SmartThings owners a bit paranoid by thinking about worst-case scenarios in which hackers remotely take control of your home.If a hacker could unlock your door while you are sleeping, then your safety is at risk. If the door is unlocked while you are away, then you might have come home to discover all your cool tech is gone. If a hacker could continually set off your smoke alarm, then your sanity might be tested.None of those examples is out of the realm of possibility, as the researchers exploited SmartThings framework design flaws and developed attacks that included stealing door lock PIN codes, changing the lock code, triggering a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”To read this article in full or to leave a comment, please click here
Researchers from the University of Michigan and Microsoft Research took aim at Samsung’s SmartThings and came up with four proof-of-concept attacks that they believe should make SmartThings owners a bit paranoid by thinking about worst-case scenarios in which hackers remotely take control of your home.If a hacker could unlock your door while you are sleeping, then your safety is at risk. If the door is unlocked while you are away, then you might have come home to discover all your cool tech is gone. If a hacker could continually set off your smoke alarm, then your sanity might be tested.None of those examples is out of the realm of possibility, as the researchers exploited SmartThings framework design flaws and developed attacks that included stealing door lock PIN codes, changing the lock code, triggering a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”To read this article in full or to leave a comment, please click here
Last week was a busy week when it comes to ransomware. New victims included a utility company, visitors to a toymaker’s website, pirates sailing The Pirate Bay and many more. Some cyber crooks are now demanding gift cards for ransom instead of bitcoin. While it wasn’t all bad news, there are new decryptors and detectors, the FBI published a new warning about the proliferation of increasingly sophisticated ransomware campaigns.Utility company hit with ransomwareLansing Board of Water & Light (BWL), a Michigan municipal utility, was hit with ransomware after an employee opened an email with a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network; BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.To read this article in full or to leave a comment, please click here
Last week was a busy week when it comes to ransomware. New victims included a utility company, visitors to a toymaker’s website, pirates sailing The Pirate Bay and many more. Some cyber crooks are now demanding gift cards for ransom instead of bitcoin. While it wasn’t all bad news, there are new decryptors and detectors, the FBI published a new warning about the proliferation of increasingly sophisticated ransomware campaigns.Utility company hit with ransomwareLansing Board of Water & Light (BWL), a Michigan municipal utility, was hit with ransomware after an employee opened an email with a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network; BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.To read this article in full or to leave a comment, please click here
Last week was a busy week when it comes to ransomware. New victims included a utility company, visitors to a toymaker’s website, pirates sailing The Pirate Bay and many more. Some cyber crooks are now demanding gift cards for ransom instead of bitcoin.
While it wasn’t all bad news, there are new decryptors and detectors, the FBI published a new warning about the proliferation of increasingly sophisticated ransomware campaigns.Utility company hit with ransomware
Lansing Board of Water & Light (BWL), a Michigan municipal utility, was hit with ransomware after an employee opened an email that had a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network. BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.To read this article in full or to leave a comment, please click here
Last week was a busy week when it comes to ransomware. New victims included a utility company, visitors to a toymaker’s website, pirates sailing The Pirate Bay and many more. Some cyber crooks are now demanding gift cards for ransom instead of bitcoin.
While it wasn’t all bad news, there are new decryptors and detectors, the FBI published a new warning about the proliferation of increasingly sophisticated ransomware campaigns.Utility company hit with ransomware
Lansing Board of Water & Light (BWL), a Michigan municipal utility, was hit with ransomware after an employee opened an email that had a malicious attachment. The ransomware spread, encrypting files on other computers on the internal network. BWL shut down its accounting system, email service for 250 employees and “phone lines,” including the customer assistance line for account inquiries and the line for reporting outages. “Printers and other technology” were also affected.To read this article in full or to leave a comment, please click here
One of the things that stands out in Verizon's 2016 Data Breach Investigations Report is that “63% of confirmed data breaches involve using weak, default or stolen passwords.”The thing is, many of the breaches could have been prevented had a company been using two-factor authentication (2FA).Authors of the Verizon report wrote:
We are realists here, we know that implementation of multi-factor authentication is not easy. We know that a standard username and password combo may very well be enough to protect your fantasy football league. We also know that implementation of stronger authentication mechanisms is a bar raise, not a panacea. Even with all of that, 63% of confirmed data breaches involved leveraging weak/default/stolen passwords. This statistic drives our recommendation that this is a bar worth raising.To read this article in full or to leave a comment, please click here
One of the things that stands out in Verizon's 2016 Data Breach Investigations Report is that “63% of confirmed data breaches involve using weak, default or stolen passwords.”The thing is, many of the breaches could have been prevented had a company been using two-factor authentication (2FA).Authors of the Verizon report wrote:
We are realists here, we know that implementation of multi-factor authentication is not easy. We know that a standard username and password combo may very well be enough to protect your fantasy football league. We also know that implementation of stronger authentication mechanisms is a bar raise, not a panacea. Even with all of that, 63% of confirmed data breaches involved leveraging weak/default/stolen passwords. This statistic drives our recommendation that this is a bar worth raising.To read this article in full or to leave a comment, please click here
You’d think you’d hear about a hack that affects over seven million people … unless the company chooses to “cover it up.” Thankfully that is changing thanks to security researcher Troy Hunt, via Have I Been Pwned. Have I Been Pwned?
Scale-wise, it's a big breach. Lifeboat is listed in Have I Been Pwned’s top 10 breaches; it currently is ranked eighth with 7,089,395 compromised accounts.To read this article in full or to leave a comment, please click here
You’d think you’d hear about a hack that affects over seven million people … unless the company chooses to “cover it up.” Thankfully that is changing thanks to security researcher Troy Hunt, via Have I Been Pwned. Have I Been Pwned?
Scale-wise, it's a big breach. Lifeboat is listed in Have I Been Pwned’s top 10 breaches; it currently is ranked eighth with 7,089,395 compromised accounts.To read this article in full or to leave a comment, please click here
Hackers behind the Bangladesh bank heist created malware to compromise the SWIFT financial system. Security researchers said the malware allowed attackers to modify a database logging the bank’s activity over the SWIFT network, to delete records of outgoing transfer orders and to intercept incoming transfer confirmation messages, and to manipulate both account balance logs and a printer used to make hard copies of the transfer orders.The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a cooperative owned by 3,000 financial institutions. SWIFT software is supposed to securely send and receive information about financial transactions; the messaging platform is reportedly used by 11,000 banks worldwide. SWIFT admitted to Reuters that it was aware of malware targeting its client software “Alliance Access,” which is not used by all 11,000 banks.To read this article in full or to leave a comment, please click here
Hackers behind the Bangladesh bank heist created malware to compromise the SWIFT financial system. Security researchers said the malware allowed attackers to modify a database logging the bank’s activity over the SWIFT network, to delete records of outgoing transfer orders and to intercept incoming transfer confirmation messages, and to manipulate both account balance logs and a printer used to make hard copies of the transfer orders.The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a cooperative owned by 3,000 financial institutions. SWIFT software is supposed to securely send and receive information about financial transactions; the messaging platform is reportedly used by 11,000 banks worldwide. SWIFT admitted to Reuters that it was aware of malware targeting its client software “Alliance Access,” which is not used by all 11,000 banks.To read this article in full or to leave a comment, please click here
On April 14, MacKeeper security researcher Chris Vickery discovered another misconfigured MongoDB, but this time the database contained the full names, addresses, birth dates and voter registration numbers for every Mexican voter. The database containing personal information on 93.4 million Mexican voters was hosted on an Amazon cloud server with “no password or any authentication of any sort” to protect it. And it has been publicly accessible since September 2015, according to Salted Hash’s Steve Ragan; although it is unknown how many people besides Vickery accessed the records.To read this article in full or to leave a comment, please click here
Ms. Smith