Some of the largest companies in the U.S. have been targets of hackers, including Yahoo, JP Morgan Chase and TJX. Watch as we detail the top 15 breaches and their overall impact on customers or employees.
NordVPN gives you a private and fast path through the public Internet. All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can’t crack. Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here). This is a special deal available for a limited time.To read this article in full or to leave a comment, please click here
During the past few years, the Internet of Things (IoT) has become one of the hottest movements of our time. Although many technology trends and buzzwords come and go overnight, it’s clear that the IoT is here to stay. Almost half of the world's population is online, and technology is a deeply integrated part of our lives. Smart thermostats regulate our business and household temperatures, connected cameras watch over our homes and pets, online TVs and speakers respond to our every need, and intelligent devices constantly monitor our health.According to Gartner, the number of world-wide Internet connected devices will grow to 11.4 billion by 2018. It’s a phenomenal trend that will continue to spread until human and machine connectivity becomes ubiquitous and unavoidably present.To read this article in full or to leave a comment, please click here
In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops:
You are doing a terrible job and should probably be fired.
I know. That’s harsh. But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job. For years, we’ve had one trojan, worm and virus after another. And almost every single one is specifically targeting Microsoft Windows. Not MacOS. Not Linux. Not DOS. Not Unix. Windows. To read this article in full or to leave a comment, please click here
In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops:
You are doing a terrible job and should probably be fired.
I know. That’s harsh. But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job. For years, we’ve had one trojan, worm and virus after another. And almost every single one is specifically targeting Microsoft Windows. Not MacOS. Not Linux. Not DOS. Not Unix. Windows. To read this article in full or to leave a comment, please click here
In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers. "There's just not enough time for normal site owners to apply the updates," said David Jardin, a member of the German association CMS Garden, which promotes the use of open source CMS software including Drupal, Joomla, WordPress and others.To help ordinary users patch more quickly, CMS Garden is participating in a government-funded project, Secure Websites and Content Management Systems (Siwecos), to make the websites of SMEs more secure. To read this article in full or to leave a comment, please click here
In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers. "There's just not enough time for normal site owners to apply the updates," said David Jardin, a member of the German association CMS Garden, which promotes the use of open source CMS software including Drupal, Joomla, WordPress and others.To help ordinary users patch more quickly, CMS Garden is participating in a government-funded project, Secure Websites and Content Management Systems (Siwecos), to make the websites of SMEs more secure. To read this article in full or to leave a comment, please click here
Hackers proclaiming to be pro-ISIS defaced 10 Ohio government websites on Sunday as well as the government websites for Howard County, Maryland, and Brookhaven, Long Island.“Hacked by Team System DZ,” the defacements read. “Anti: Govt all word.”The pro-ISIS message continued:
You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries. I Love Islamic state.
Ohio Department of Rehabilitation and Corrections via Ohio Treasurer Josh Mandel
A screenshot of the defaced Ohio Department of Rehabilitation and Corrections website was posted on Facebook and Twitter by Ohio Treasurer Josh Mandel. He added, “OH Dept of Corrections website right now, this is what you see. Wake up freedom-loving Americans. Radical Islam infiltrating the heartland.”To read this article in full or to leave a comment, please click here
At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable” to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here
Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way.TLS, the successor to SSL, is used to negotiate secure connections to web or mail servers, encrypting data on the move.Six years in the making, TLS 1.2 added new, stronger encryption options -- but retained all the older, weaker encryption schemes that had gone before in the name of backward compatibility. Unfortunately, this meant that someone able to perform a man-in-the-middle attack could often downgrade connections to a weaker encryption system without the user being aware.To read this article in full or to leave a comment, please click here
Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way.TLS, the successor to SSL, is used to negotiate secure connections to web or mail servers, encrypting data on the move.Six years in the making, TLS 1.2 added new, stronger encryption options -- but retained all the older, weaker encryption schemes that had gone before in the name of backward compatibility. Unfortunately, this meant that someone able to perform a man-in-the-middle attack could often downgrade connections to a weaker encryption system without the user being aware.To read this article in full or to leave a comment, please click here
A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here
The Internet has entered a new chapter called the Internet of Things (IoT). It follows the fixed-Internet era characterized by connected PCs and laptops through the 1990s, and builds on the mobile-Internet era spearheaded by the proliferation of smartphones during the first two decades of this century. This new chapter has a new set of challenges and opportunities because it involves a broader diversity of devices — ranging from connected light bulbs, smart gas meters and smart speakers, to IP monitoring cameras, smart watches, drones, and robots. And while the connectivity and compute requirements of these IoT devices vary widely, they all have a common need: strong security.To read this article in full or to leave a comment, please click here
We frequently hear that we can’t have privacy and security; sadly, that is often still the case as an audit of over 1,000 top websites analyzed for security and privacy practices showed an alarming trend for the third year in a row. The Online Trust Alliance said, “Sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.”There is good news and bad news coming out of the audit (pdf). The good news is that 52 percent of websites, the highest percent in nine years of the annual analysis, qualified for the OTA’s Honor Roll. The flipside is that 46 percent of the websites failed the audit; of those, bank did the worst.To read this article in full or to leave a comment, please click here
The European Commission wants to make it easier for lightweight drones to fly autonomously in European airspace -- with logistics, inspection services and agricultural businesses set to benefit.Last Friday, the Commission unveiled a plan to improve the safety of drones flying at low altitude.It wants to introduce a consistent set of rules across the EU for flying drones in "U-space," its name for regulated airspace under 150 meters in altitude.Simpler regulations will be welcomed by multinational businesses such as gas giant Engie, which is developing drones for tasks such as pipeline or building inspection or for cleaning the insulators on high-voltage overhead power lines.To read this article in full or to leave a comment, please click here
You’d think if someone had amassed personal information on nearly every registered US voter, and stored that information on an Amazon S3 storage bucket, that it would at least be protected with a password. But thanks to a misconfigured server, personal data of 198 million Americans voters could be downloaded by anyone who happened across it. It is believed to be the largest leak of voter records to have ever occurred anywhere in the world.That giant oops caused by Deep Root Analytics, a data analytics firm contracted to compile the information for the Republican National Committee, contained names, birthdates, home and mailing addresses, phone numbers, party affiliations, suspected ethnicities and religions, as well as analytics on who people would likely vote for and their stance on hot-button issues such as gun control and abortion.To read this article in full or to leave a comment, please click here
We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here
We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere with the election; they attempted to pivot from compromised school districts to state voting systems.The Miami Herald reported that MoRo, a group of hackers based in Morocco, penetrated “at least four Florida school district networks” and purportedly searched for a way “to slip into other sensitive government systems, including state voting systems.”To read this article in full or to leave a comment, please click here