OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
LinuxInsider.com
Connected Cloud Summit
Russian Gang's Credentials Theft Exposes Web's Wild, Wild West Side
August 12, 2014
News that a Russian gang has stockpiled more than a billion purloined user name and password combinations has revved up the Internet's reputation as a post industrial Wild, Wild West. Just how much havoc will be raised by the gang remains to be seen. The data thieves so far appear content to use their ill-gotten trove for spamming, according to Hold Security, which discovered the credential cache.
Cyberspies Help Themselves to DHS Contractor's Data
August 08, 2014
USIS, the contractor that did the background checks on Washington Navy Yard shooter Aaron Alexis and NSA leaker Edward Snowden, on Thursday reported that its computer systems have been breached. "Our internal IT security team recently identified an apparent external cyberattack on USIS' corporate network," said US Investigation Services in a statement.
Russian Cybergang Stockpiles 1.2B Unique Stolen Credentials
August 07, 2014
A Russian cybercriminal gang so far has stolen 4.5 billion credentials, of which 1.2 billion appear to be unique, Hold Security has announced. The credentials belong to more than 500 million email addresses. Two reports released Tuesday may help explain why the cybergang was so successful. About 92 percent of the 800 top consumer websites evaluated failed the OTA's 2014 Email Integrity Audit.
WiFi Insecurity: Crying Wolf or Big Bad Wolf?
August 07, 2014
Can a hacker take over a passenger jet by sneaking in through its WiFi or in-flight entertainment system? The possibility of that occurring, as suggested by cybersecurity firm IOActive, has security experts hot under the collar. Ruben Santamarta, principal security consultant at IOActive, is scheduled to present the team's findings Thursday at the Black Hat security conference.
Retailers Harassed by Backoff Malware
August 05, 2014
The U.S. Department of Homeland Security last week sounded an alarm warning retailers of a family of malicious programs aimed at compromising point-of-sale systems. Attackers used such software last year in massive data breaches that nicked millions of consumer records at Target and Nieman Marcus. Variants of the Backoff family have turned up in at least three forensic investigations.
Tor Has Been Breached - What Now?
August 01, 2014
News that two Carnegie-Mellon CERT researchers have developed an inexpensive way to breach the Tor network has the project, privacy advocates, and probably criminals who use the network equally concerned. The Tor Project posted has advised relays to upgrade to Tor 0.2.r.23e or 0.2.5.6-alpha to close the protocol vulnerability used by the researchers.
That Innocent Little Thumb Drive Could Be Big Security Trouble
August 01, 2014
USB flash drives could be at risk of a pernicious attack on their firmware. Over the past two decades, USB devices, aka "thumb drives," have proliferated all over the world, because USB has proven to be a versatile standard. That versatility, though, also makes USB devices vulnerable to what could be a very nasty firmware attack, noted Karsten Nohl and Jakob Lell of Secure Research Labs.
Hackers Back to Their Old Tricks
July 30, 2014
Old tricks that have helped hackers penetrate computers for months or longer worked again last week at Goodwill and Stubhub. Taking a page from the gang that pillaged payment card and personal information from Target last year, hackers clipped payment card information from an undisclosed number of Goodwill Industries International customers. It's believed point-of-sale systems were compromised.
Android's Fake ID Could Put Millions in Jeopardy
July 30, 2014
An Android vulnerability that exists in every version from v2.1 Eclair to v. 4.3 Jelly Bean could expose millions of users, Bluebox Security has warned. The flaw lets attackers fake the certificates of specially privileged parties, such as Adobe and Google Wallet, and serve them up with malware that bypasses detection by Android. Attackers then can take over every app running on an Android device.
Chinese Turn the Screws on Microsoft
July 28, 2014
China is ramping up its campaign against Microsoft, following its ban in May on the installation of Windows 8 on government computers. Officials of China's State Administration for Industry & Commerce reportedly have made unannounced visits to Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu. They apparently questioned staff in at least one office.
iOS Insecurity - Designed by Apple?
July 22, 2014
The long-held belief that Android is the least secure of mobile OSes was shattered by security researcher and expert iOS hacker Jonathan Zdziarski over the weekend. Zdziarski unveiled a host of iOS vulnerabilities, the scope of which was staggering. They include undocumented services that bypass backup encryption and can be accessed both via USB and wirelessly.
Google's Project Zero Cybersecurity Watch: No Excuses
July 15, 2014
Google on Tuesday announced Project Zero, an effort to speed up the security bug-fixing process. A team of cybersecurity experts will go after vulnerabilities in any and all software, notify the vendors, and then file bug reports in a public database so users can track the issuance of patches. The Project Zero team has promised to send bug reports to vendors in as close to real-time as possible.
What's Eating Internet Security?
July 15, 2014
It's a given that hackers can and do penetrate websites with laughable ease, ranging from those of retailers to those of the United States government. It certainly doesn't help the security-minded to know that the U.S. National Security Agency and other countries' spy agencies, including the UK's GCHQ and the West German intelligence agency, are tapping into online communications at will.
Critical Infrastructure Companies Lack Cyberdefenses
July 11, 2014
Companies providing the world's critical infrastructure are woefully unprepared for cyberattacks despite the increasing threat level, evidenced by the release of the Stuxnet worm and the Shamoon virus in recent years, found a survey conducted by the Ponemon Institute and Unisys. Nearly 70 percent of the 599 surveyed companies in the past 12 months have reported at least one security breach.
Report: Malware Poisons One-Third of World's Computers
July 09, 2014
Nearly one-third of the world's computers could be infected with malware, suggests a report released last week by the Anti-Phishing Working Group. Malicious apps invaded 32.77 percent of the world's computers, a more than 4 percent jump from the previous quarter's 28.39 percent, it estimates. The increase in infected computers has come hand-in-hand with a jump in the appearance of malware samples.
Dragonfly Swoops Down on Energy Firms
July 01, 2014
The energy industry in the United States and Europe is being targeted by a cybercriminal gang that's suspected of being state-sponsored and has links to Russia. Known variously as "Dragonfly" and "Energetic Bear," the group has been operating at least since 2011. Its focus appears to be espionage and persistent access, with a side dish of sabotage as required, Symantec said.
To Pay or Not to Pay - That's the Ransomware Question
June 24, 2014
Ransomware is a growing problem for consumers and businesses alike. In Symantec's most recent quarterly security report, the company's researchers found all targeted attacks -- including ransomware -- grew 91 percent year-over-year. That's raising a big question for those targeted by cyberextortionists: Should the ransom be paid? Security experts generally say no, but some insert a caveat or two.
Heartbleed Flaw Goes Unpatched on 300K Servers: Report
June 23, 2014
Two months after the Heartbleed vulnerability sent frissons of fear down the spines of IT managers everywhere, 300,000 servers still remain vulnerable, Errata Security said. When the flaw was announced in April, Errata found 600,000 servers vulnerable. "The norm is to do no patches at all for some systems, no matter how easy it is to patch," said Errata CEO Robert Graham.
Godzilla Foreshadows Trouble for Internet of Things
June 16, 2014
The Internet of Things has come under attack by pranksters in recent days. The events could signal tumultuous things to come as more and more everyday objects connect to the Internet. Homeland Security has advised the customers of digital sign maker Daktronics to "take defensive measures" following a series of cyberpranks on the company's traffic signs.
Heartbleed-Weary Tech Firms Show OpenSSL a Little Love
May 30, 2014
Remember Heartbleed? Several weeks ago, the exposure of this security bug chilled the Internet, highlighting once again that even the seemingly unbreakable can be hacked. In the case of the Heartbleed vulnerability, encrypted data was at risk of theft. Sites potentially vulnerable to Heartbleed -- from Canada's Revenue Agency to AWS to Yahoo to Reddit -- urged users to change their passwords.
Sony, China Strike PlayStation Deal
May 27, 2014
Japanese electronics giant Sony has inked a deal in China to manufacture and sell PlayStation consoles in the Middle Kingdom. The partnership creates two joint ventures with Shanghai Oriental Pearl, which will enable Sony to operate out of Shanghai's free trade zone. China's early-2014 approval of videogame consoles from foreign companies reversed a years-long ban.
China's Payback for US Hacker Indictments Begins
May 27, 2014
The Department of Justice last week unsealed indictments against five members of the Chinese military who were accused of hacking into the computer systems of U.S. companies to steal everything from trade secrets to confidential corporate correspondence. China's initial response was to deny any wrongdoing and charge that the U.S. had hacked into the systems of Chinese companies.

See More Articles in Hacking Section >>
Facebook Twitter LinkedIn Google+ RSS