IT Security News - Archives
- BlueBorne: What You Need To Know, September 15
These days, leaving your Bluetooth turned on might do more than just drain your phone battery. A new cyberattack known as BlueBorne allows hackers to take control of your devices through the air. What makes BlueBorne so scary is that you do not have to authorize to pair your device, it just happens.
- 500+ Android apps found containing program that can download spyware plug-in, August 25
More than 500 mobile apps on Google Play were recently discovered containing an advertising software development kit capable of downloading malicious plug-ins that can spy on Android users' call histories, researchers from mobile security company Lookout have reported.
- Malicious PowerPoint Slide Show files exploit Microsoft bug to deliver REMCOS RAT, August 18
In what researchers are calling a first, malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability that is more typically exploited with Rich Text File documents.
- 70% of DevOps Pros Say They Didn’t Get Proper Security Training in College, August 18
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
- How Cybersecurity Became 2017’s Hot New Major, August 18
If recent headlines about attacks on our privacy make one thing clear, it’s that there is a lot of work to do in the world of cybersecurity.
- Mozilla Firefox patches 29 vulnerabilities, August 11
Mozilla Foundation released 29 CVE patches to Firefox 55, including five that address critical vulnerabilities.
- Android app stores flooded with 1,000 spyware apps, August 11
Three fake messaging apps in the Google Play Store have been found to be distributing SonicSpy malware.
- Adobe patches security flaws in Acrobat and Reader, August 11
Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and Mac, patching vulnerabilities that could allow an attacker to take control of the affected system.
- Microsoft fixes ‘critical’ security bugs affecting all versions of Windows, August 11
Microsoft patched 48 separate vulnerabilities — the majority of which were the highest "critical" rating.
- CopyCat malware infects 14M Android devices, steals credits for app downloads, July 10
Dubbed CopyCat, the malware is the first known adware that injects its code into Zygote, a daemon tasked with launching apps on Android devices.
- Anthem will pay $115 million in largest data breach settlement in history, June 27
Anthem Inc. agreed to pay $115 million in a deal to end a court battle over the 2015 data breach where hackers gained access to sensitive records for nearly 80 million Americans.
- Why Girl Scouts Make Great Cybersecurity Hackers, June 20
On Thursday, Girl Scouts of the USA announced a new partnership with Palo Alto Networks to create a series of cybersecurity badges.
- New Ransomware affects Microsoft Windows Operating Systems, June 16
According to multiple reports, a new widespread ransomware campaign (known as WannaCry, WCry, Wanna Decryptor) is affecting various organizations across the globe. One possible way you can be infected is through phishing.
- Diversity in Recent Mac Malware, May 26
In recent weeks, there have been some high-profile reports about Mac malware, most notably OSX/Dok and OSX.Proton.B. Dok malware made headlines due to its unique ability to intercept all web traffic, while Proton.B gained fame when attackers replaced legitimate versions of HandBrake with an infected
- WannaCry: Ransom note analysis throws up new clues, May 26
Linguistic analysis of ransom notes by Flashpoint suggests the ransomware note writer speaks Chinese - and used Google Translate.
- Android Overlay and Accessibility Features Leave Millions at Risk, May 26
University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone.
- No More Ransom!, May 24
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However this is not guaranteed and you should never pay!
- Windows Defender does not defend Windows 7 against WannaCry, May 24
Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7.
- BEC scammers picked off $5B, FBI says, May 10
Business E-mail Compromise (BEC) scams have now raked in a total of $5 billion, according to the Federal Bureau of Investigation (FBI).
- Microsoft uncovers hacking operation aimed at software supply chain, May 10
Microsoft researchers recently uncovered a sophisticated hacking campaign that was serving targeted malware to “several high-profile technology and financial organizations.”
- WordPress Zero-Day Could Expose Password Reset Emails, May 05
Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
- Massive Google Docs phishing attack targeted credentials, permissions, May 05
A fast moving, but widespread phishing attack targeting Google Gmail and Docs users hit yesterday affecting an unknown number of victims with the likely goal of stealing login credentials and millions of additional email addresses that could be used for a future phishing campaign.
- Nokia Threat Intelligence Report- Protect your IoT devices!, April 19
The most recent report from Nokia states that mobile device infection rates have gone up steadily throughout 2016—a rise of 400% smartphone malware. he report highlights vulnerabilities in a lot of different IoT devices, as well as iOS systems in iPhones
- President Trump Signs Repeal of U.S. Broadband Privacy Rules, April 19
Earlier this month, President Trump signed a law to repeal privacy rules that “can prevent broadband providers from selling customers’ internet-browsing histories and other data without their permission.”
- Critical Security Updates from Adobe, Microsoft, April 14
Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products.
- Microsoft Patches Critical Zero-Day Exploit in Office Suite, April 14
This Patch Tuesday, Microsoft issues a fix for a zero-day vulnerability in the Office productivity suite that attackers were actively exploiting.
- Microsoft kills off security bulletins after several stays, April 14
'Disappointing,' says patch expert after concluding the replacement means more work for admins
- Home Routers Used to Hack WordPress Sites, April 14
There's a group of hackers who are hijacking unsecured home routers and using these devices to launch coordinated brute-force attacks on the administration panel of WordPress sites.
- Email-based attacks exploit unpatched vulnerability in Microsoft Word, April 11
Attackers have been exploiting a zero-day vulnerability in Microsoft Word since January to infect computers with malware
- Amazon’s Third-Party Sellers Hit By Hackers, April 11
Fraud stems largely from email, password credentials stolen from hacked accounts, sold on the ‘dark web’
- Google discloses unpatched IE flaw after Patch Tuesday delay, February 28
Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.
- Windows 10 to permit block on apps installing if they’re not from Microsoft Store, February 28
Microsoft is testing a new feature that offers the option of preventing non-Windows 10 Store apps being installed.
- RIAA, Other Copyright Holders Want ISPs to Introduce Piracy Filters, February 28
The DMCA is no longer enough for rightsholders, who now want ISPs to filter out copyrighted content and block access
- Yahoo issues new breach warning; Verizon shaves $300M off its Yahoo offer, February 17
Verizon was in talks to purchase Yahoo's internet business when news broke that the web company had been hit with two massive data breaches and this has had an impact on the asking price with the initial offer of $4.8 billion has been reduced by about $250 million, according to a report Wednesday on
- Adobe issues patches, Microsoft’s usual Patch Tuesday fixes delayed, February 17
The company released fixes as part of its regularly scheduled patch series for more than a dozen code execution vulnerabilities in its Flash Player.
- Microsoft Launches Office 365 Secure Score, February 14
Microsoft on Friday announced that Office 365 Secure Score API, the company's security analytics tool aimed at evaluating data risk levels in the cloud service, is now available for commercial Office 365 users.
- Microsoft Delays February’s Security Updates, February 14
Microsoft's security updates for February will be delayed.
- Microsoft Warns of Emails Bearing Crafty PDF Phishing Scams, February 02
Instead of trying to cram malware into inboxes, attackers are increasingly using PDF-based social engineering schemes to trick victims into handing over sensitive data or email login passwords.
- Half the Web Is Now Encrypted. That Makes Everyone Safer, February 02
Computer security news is usually pretty dismal, from malware crippling the web to ransomware taking down hospitals. But the web is getting safer in an important way.
- Police camera system in D.C. hit with ransomware, February 02
A ransomware attack forced the city's security team to take the system offline while it mitigated the intrusion and reinstalled the system throughout the area.
- This phishing email uses an unexpected trick to infect PCs with keylogger malware, January 17
Rather than using macros, this malware uses Visual Basic Script to avoid detection.
- Kaspersky antivirus exposed users to traffic-interception attacks, January 06
The certificate validation mechanism relied on weak 32-bit signatures that were susceptible to collisions, researcher found
- Data: More vulnerabilities found in Google Android than any other program in 2016, January 06
Android's vulnerability totals far surpassed those of runners-up Debian Linux and Ubuntu Linux, which compiled 319 and 278 bugs respectively.
- Google Patches Android for 90 Vulnerabilities in January Update, January 06
Google starts the new year with another large security update for Android, once again patching mediaserver, Qualcomm and Linux kernel vulnerabilities.
- New ransomware asks victims to spread the malware as payment, December 13
A new and insidious ransowmare technique was spotted by MalwareHunterTeam that attempts to blackmail a ransomware victim into committing a crime in order to have their files decrypted and make them feel bad for their attacker.
- Google Patches Android for 74 Vulnerabilities in December Update, December 07
Final scheduled security update for Android in 2016 brings a long list of security fixes including 11 critical flaws.
- Visa Delays Chip Deadline for Pumps To 2020, December 07
Visa this week delayed by three years a deadline for fuel station owners to install payment terminals at the pump that are capable of handling more secure chip-based cards.
- Google Implements “Repeat Offender” Category for Safe Browsing, November 28
Google has updated its Safe Browsing service to include a ‘Repeat Offender’ category. If you're susceptible to side-channel attacks with ad networks, there can be major implications.
- White House: Your logins must be better than this, September 30
The Obama administration joins tech companies and internet security advocates in urging Americans to think beyond the password.
- Lock Down Your Login, September 29
Your usernames and passwords are not enough to keep your accounts secure.
- Apple macOS Sierra Fixes 68 Vulnerabilities, September 23
Apple is patching dozens of security issues with the macOS Sierra (10.12), the company's rebranded desktop operating system.
- Yahoo Reveals Nation State-Borne Data Breach Affecting A Half-Billion Users, September 23
Nearly two months after signs of a Yahoo data breach surfaced with leaked user credentials in the cybercrime underground, Yahoo today confirmed that it had suffered a cyberattack in late 2014 by what the company says was likely a nation-state actor.
- Microsoft releases one of its biggest security updates this year, September 16
Microsoft released one of its biggest security updates this year, fixing 50 vulnerabilities in its products and 26 more in Flash Player, which is bundled with its Edge browser.
- Adobe, Microsoft Push Critical Updates, September 16
Adobe and Microsoft on Tuesday each issued updates to fix multiple critical security vulnerabilities in their software.
- Two-speed Android update risk: Mobes face months-long wait, August 24
Mobile app metrics firm Apteligent examined device data for Samsung, LG, Sony, HTC, Motorola, and ZTE to determine which manufacturer pushes out OS updates the soonest.
- Eddie Bauer is latest retailer to be hit by point-of-sale malware, August 24
Sportswear retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information.
- Apple Updates iOS to Version 9.3.4, August 12
Apple has released an update for its mobile operating system, iOS 9.3.4, which fixes a memory corruption issue that could be exploited "to execute arbitrary code with kernel privileges." The update blocks a jailbreak bug known as IOMobileFrameBuffer.
- Microsoft Security Bulletin Summary for August 2016, August 12
Microsoft has released nine bulletins addressing more than 30 vulnerabilities in Windows, Edge, Internet Explorer, Office, and other products. Five of the nine bulletins address issues rated critical.
- Google to push Flash closer to extinction with new version of Chrome, August 12
Chrome 55, due out in December, will replace the once-popular plug-in with HTML5, Google says.
- Software Bundling Outfits Intentionally Distributing Unwanted Apps, August 10
A joint report published by Google and NYU researchers notes alerts generated by ad injectors, scareware and other unwanted apps far outstrip alerts for malware.
- Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected, August 10
Newkirk Products, Inc, a service provider that issues healthcare ID cards for health insurance plans including several Blue Cross Blue Shield branches, has begun notifying approximately 3.3 million people of a data breach.
- Most companies still can’t spot incoming cyberattacks, July 19
More than three quarters of organisations vulnerable to hackers due to lack of cybersecurity staff or tools, says report.
- Delilah malware secretly taps webcam, blackmails and recruits insider threat victims, July 19
Delilah malware taps computer and webcam to get dirty little secrets, then blackmails victims into becoming an insider threat and coughing up a company’s secrets.
- Ex-Cardinals employee gets nearly 4 years in prison for Astros hack, July 19
A former employee of the St. Louis Cardinals baseball organization has been sentenced to nearly four years in prison for hacking computers belonging to the Houston Astros, the US Justice Department said Monday.
- This Android Trojan blocks the victim from alerting banks, July 19
A new Trojan that can steal your payment data will also try to stymie you from alerting your bank.
- Adobe, Microsoft Patch Critical Security Bugs, July 15
Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software.
- Wendy’s says payment card info accessed in malware attack, July 08
Wendy's is serving up more details about a malware attack on its point-of-sale systems.
- Google Issues Largest Android Security Update, July 08
The July Android Security bulletin provides 108 patches and debuts a new model for patch updates.
- Symantec security flaws are “as bad as they get,” says researcher, July 01
Google's Project Zero team has unearthed severe security holes in Symantec and Norton products which place you at serious risk.
- Cisco patches critical flaws affecting device software, July 01
Cisco patched two critical vulnerabilities and a high severity flaw Wednesday that allow attackers to bypass authentication.
- Noodles & Company Payment Data May Have Been Hacked, July 01
Fast-casual restaurant chain operator Noodles & Company said Tuesday a recent data security incident may have compromised the security of payment information of some its customers.
- Noodles & Company Suffers Data Breach, June 30
The restaurant chain has announced a data security incident that may have led to customer's credit card information being compromised. Malware targeted locations have been confirmed in 27 states, including Missouri.
- Hacker selling 655,000 patient records from 3 hacked healthcare organizations, June 29
A hacker is reportedly trying to sell more than half a million patient records, obtained from exploiting RDP, on a dark web marketplace.
- Microsoft Office 365 hit with massive Cerber ransomware attack, report, June 29
Updated: Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week that not only included a ransom note, but an audio warning informing victims that their files were encrypted.
- Online Backup Firm Carbonite Hit by Password Reuse Attack, June 24
Boston-based backup services provider Carbonite is the latest company whose users have been targeted by hackers leveraging credentials leaked recently from major websites.
- Microsoft Patches Dozens of Security Holes, June 17
Yes, that’s right it’s once again Patch Tuesday, better known to mere mortals as the second Tuesday of each month. Microsoft isn’t kidding around this particular Tuesday — pushing out 16 patch bundles to address at least 44 security flaws across Windows and related software.
- Verizon patches email flaw that exposed user accounts, June 17
Verizon has patched a critical security flaw in the firm's email system which permitted attackers to intercept messages and potentially hijack other accounts
- Pentagon Bug Bounty Contest Uncovers at Least 100 Vulnerabilities, June 17
More than 1,400 hackers signed up to hammer at the U.S. Department of Defense's computer systems in search of security flaws during a 24-day pilot program.
- Firefox 47 Debuts With 13 Security Advisories, June 10
Mozilla provided 13 security advisories with Firefox 47. The updated browser also supports encrypted HTML5 video support.
- Morgan Stanley to Pay $1 Million Penalty Over Customer Data Theft, June 10
Banking giant Morgan Stanley will pay $1 million as penalty for failure to protect information on roughly 730,000 of its clients, the Securities and Exchange Commission (SEC) said Wednesday.
- University pays almost $16,000 to recover crucial data held hostage, June 10
Canada's University of Calgary paid almost $16,000 ($20,000 Canadian, ~£10,800) to recover crucial data that has been held hostage for more than a week by crypto ransomware attackers.
- Microsoft Enables Threat Detection in Office 365, June 08
Enterprise customers can now keep an eye out for security threats that can endanger Office users and their data.
- Banks: Credit Card Breach at CiCi’s Pizza, June 08
CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach.
- Android gets patches for major flaws in hardware drivers and media server, June 08
The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.
- Google’s Allo Messaging App Will Offer End-to-End Encryption, May 20
Allo will offer an “incognito” mode that switches on an end-to-end encryption system known as Signal, designed by the privacy-focused non-profit Open Whisper Systems.
- Your iPhone can now run Night Shift and Low Power mode at the same time, May 17
The latest iOS update finally allows you to conserve a dying phone's battery while also reducing the blue light that makes falling asleep harder
- Google Ending Automatic Chrome Support For Flash, May 17
Google's Chrome browser will begin to display HTML5 video and animation, when they're available, on all but 10 websites starting in the fourth quarter of this year.
- junior judges may now authorize electronic searches in their judicial district, April 29
The Supreme Court has passed a proposed change to Rule 41 and passed it along to Congress. This would allow any judge to issue warrants authorizing the government to hack anywhere in the country.
- This tool can block ransomware on Mac OS X, for now, April 22
A security researcher has created a free security tool that can detect attempts by ransomware programs to encrypt files on users' Macs and then block them before they do a lot of damage.
- Adobe issues third update for April, April 22
Every day is Patch Tuesday for Adobe as the software company today issued an update for its Analytics AppMeasurement for Flash Library, it's the third this month.
- Hackers only need your phone number to eavesdrop on calls, read texts, track you, April 20
You might know that if a hacker has nothing more than your phone number, then he or she can listen into and record your calls, read your texts, or track your location, but does your grandma know it?
- Apple stops patching QuickTime for Windows despite 2 active vulnerabilities, April 18
If your Windows computer is running Apple's QuickTime media player, now would be a good time to uninstall it.
- Concordia University discovers keylogger security incident, March 30
A university in Montréal, Québec discovered keylogger devices on computer workstations used by students in university libraries.
- Google enhances Gmail security to thwart malicious links, state-sponsored cyberattacks, March 30
Google yesterday announced several new protections for its Gmail service, aimed at protecting users from malicious links and government-sponsored cyberespionage.
- Crooks Steal, Sell Verizon Enterprise Customer Data, March 30
Verizon Enterprise Solutions, a B2B unit of the telecommunications giant that gets called in to help Fortune 500’s respond to some of the world’s largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned.
- Oracle releases out of cycle fix, Cisco patches six critical vulnerabilities, March 28
Oracle and Cisco Wednesday released security updates that addressed critical vulnerabilities in their respective products.
- Google, Microsoft, Yahoo and others publish new email security standard, March 22
Engineers from some of the world's largest email service providers have banded together to improve the security of email traffic traversing the Internet.
- IRS Cyberattack Total is More Than Twice Previously Disclosed, March 01
Cyberattacks on taxpayer accounts affected more people than previously reported, the Internal Revenue Service said Friday.
- University of California Berkeley once again becomes victim of cyberattack, March 01
The University of California, Berkeley, has admitted to a second data breach which may have exposed the data of 80,000 people to misuse.
- Jersey man gets 30 months for sabotaging former employer’s servers, February 26
The U.S. Department of Justice yesterday announced that Nikhil Nilesh Shah, 33, of Union, N.J., was sentenced to 30 months in prison for sending malicious code to the software company that formerly employed him as an information technology manager.