eBook: Six Tips For Putting Your CRM Into Overdrive [Free Download]
Welcome Guest | Sign In
TechNewsWorld.com
Oracle Pulls Plug on Java Browser Plug-In
January 30, 2016
Oracle earlier this week announced its decision to scrap its Java browser plug-in. The plug-in, a frequent target of hackers, won't be included in the next version of JDK 9, which is expected to ship in September. Oracle's action was motivated by browser makers' withdrawal of support for the plug-in. Developers of applications that depend on it need to consider alternatives, the company said.
FDA Guidelines Target IoT Medical Device Security
January 28, 2016
The U.S. Food and Drug Administration last week took a step toward addressing the threat the Internet of Things poses to patients and their data by releasing some proposed guidelines for managing cybersecurity in medical devices. "Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats," the FDA says in its proposal.
Snap-Happy Trojan Targets Linux Servers
January 22, 2016
Security researchers at Dr.Web on Tuesday revealed details of the Trojan Linux.Ekoms.1, which takes screen shots and records audio to acquire sensitive and personal information, mostly from Linux servers. Malware for Linux is becoming more diverse and includes spyware programs, ransomware and Trojans designed to carry out distributed denial-of-service attacks, according to Dr.Web.
GM Bug Program Gets Mixed Notices
January 21, 2016
Two white-hat hackers, Charlie Miller and Chris Valasek, made headlines last year when they demonstrated how they could hijack the control systems of a moving motor vehicle over the Internet. The move got the attention of the auto industry, and last week General Motors put in place a program to encourage more digital dabblers to alert the company when they find bugs in GM vehicles.
Ukraine Mounts Investigation of Kiev Airport Cyberattack
January 20, 2016
Ukrainian officials earlier this week said they had launched a probe into the source of a cyberattack that targeted a Kiev Airport. The attack may be related to the BlackEnergy malware attacks that recently targeted Ukrainian infrastructure facilities, apparently from Russia. CERT-UA on Monday warned system administrators to be on the alert for the presence of BlackEnergy malware.
Phishing Attack Could Net LastPass Credentials
January 19, 2016
LastPass has boosted security for its users after a security researcher alerted the company of a phishing attack he devised to steal users' login and two-factor authentication credentials. Sean Cassidy, CTO of Praesidio, demonstrated the phishing attack, which he calls "LostPass," last week at ShmooCon. "We think this is a very serious problem," said Praesidio CEO Edgardo Nazario.
OpenSSH Flaw Could Leak Crypto Keys
January 15, 2016
Qualys on Thursday reported a flaw in the OpenSSH client that could let a hacker steal the client's private crypto keys. The bug is the result of an undocumented feature called "roaming" that exists in version 5.4 and above. It's one of two vulnerabilities that a malicious SSH server or a trusted but compromised server can exploit, Qualys said. The other is a heap-based buffer overflow.
Privacy as a Service Advocates Promise Better Data Protection
January 14, 2016
There's been a lot of wailing and gnashing of teeth about the Sisyphean task of protecting privacy in the Digital Age, but that hasn't stopped innovators from searching for ways to preserve it. One of the latest ideas to emerge in the field is Privacy as a Service. As with many emerging technologies, the definition of "PaaS" (not to be confused with Platform as a Service) is in flux.
Hack Lets PS4 Run Linux
January 7, 2016
Hacking team fail0verflow last week demonstrated a hack of Sony's PlayStation 4 game console that allows anyone running the modification to run the Linux OS on the appliance. The demo was part of a lightning talk session at the 32nd Chaos Communication Congress. The hackers used exploits in FreeBSD, PS4's operating system and WebKit, which powers the game console's browser.
Major Security Flaw Found in Silent Circle's Blackphone
January 7, 2016
Security researchers at SentinelOne on Wednesday revealed a vulnerability they discovered in the Blackphone. The flaw -- an obscure socket -- lets an attacker take over and control communications on the Blackphone, a highly secure Android smartphone Silent Circle developed and marketed in reaction to news of government surveillance of people's communications.
Iranian Cyberattack on American Dam Viewed As Rarity
January 7, 2016
Just days before Christmas, a rare event occurred: the report of a successful intrusion into America's infrastructure by overseas hackers. The event -- penetration of the control system of a dam 20 miles from New York City -- happened more than two years ago but wasn't made until last month. Cloaking such incidents in secrecy is standard operating procedure for industries that use control systems.
Security Execs Sweat Insider Threats
December 31, 2015
Insider threats are becoming increasingly worrisome to corporate security executives. That is one of the findings in a survey of C-level businesspeople Nuix released last week. "The insider threat seems to be a bigger concern this year than it was in previous years," said Nuix's Keith Lowry. "People are recognizing that it is a significant weakness that has yet to be fully addressed."
Backspace Flaw Enables Linux Zero-Day Attack
December 28, 2015
Researchers last week revealed a zero-day flaw that lets attackers take over a Linux system by pressing the backspace key repeatedly. Pressing backspace 17 to 20 times will overwrite the highest byte of the return address of the grub_memset() function, ultimately causing a reboot by redirecting control flow to the 0x00eb53e8 address, according to the Cybersecurity Group at the Universitat Politecnica de Valencia.
All Security Pros Want for Christmas: Smarter Users, Decoy Networks
December 24, 2015
People like to see gifts from their wish lists under the Christmas tree, and security pros are no exception. Here are things some cyberwarriors would like old St. Nick to deliver to them. "It's probably never going to happen, but it would be fantastic to get smarter users who are less susceptible to social engineering," said Proofpoint's Ryan Kalember.
Three Charged in Hacking Case That Spammed 60M
December 17, 2015
Federal prosecutors in New Jersey on Tuesday charged three men in a $2 million identity theft scheme to hack corporate computer systems and blast spam messages to more than 60 million people. The defendants face up to 20 years in prison and $250,000 in fines on wire fraud charges, and up to five years in prison and $250,000 in fines on email and computer conspiracy charges.
Creating Rules of War for Cyberspace
December 17, 2015
The idea of a "Cyber Geneva Convention" has gained steam in the last five years. Based on the original Geneva Convention, it would ensure that certain types of attacks and specific targets would remain off-limits in a cyberwar. The concept of rules dictating what shouldn't be allowed in war came about after Henry Dunant visited wounded soldiers during the Second Italian War of Unification.
UK Police Pinch Suspect in VTech Hack
December 16, 2015
UK police have arrested a 21-year-old man as part of their investigation into last month's hack on VTech's systems. The man was arrested in Bracknell, 30 miles west of London, on suspicion of unauthorized access to a computer to facilitate the commission of an offense and suspicion of causing a computer to perform functions to secure or enable unauthorized access to a program or data, police said.
Hot Hacker Targets in 2016: Fantasy Sports, Professional Services
December 15, 2015
As 2016 approaches, it's time to get the crystal ball out and predict next year's cybersecurity trends. Here are some predictions from security pros TechNewsWorld interviewed. Fantasy sports sites in 2015 caught the attention of states' attorneys general, who wanted to treat the outfits as gambling enterprises. In 2016, the sites will get attention from another quarter: hackers.
FBI Chief: High-Tech Firms Need to Rethink Encryption Stance
December 11, 2015
FBI Director James Comey on Wednesday told members of a U.S. Senate committee that high-tech companies may need to adopt a new business model regarding encryption in order to get on the same page with law enforcement. "Encryption is getting in the way of our ability to have court orders effective to gather information we need in our most important work," he told the Senate Judiciary Committee.
Gadget Gives Passwords Pocket Protectors
December 9, 2015
Denis Clermont and Jérôme Jadot last month launched a Kickstarter campaign for the OdyOne digital identity manager. As much as many Web travelers and security experts would like usernames and passwords to disappear from use, the pesky credentials aren't going away anytime soon. That's why password managers are seen as a way to make the best of a bad situation.
Hello Barbie, Can We Talk About Your Security Issues?
December 8, 2015
New security issues that surfaced last week in connection with Mattel's Hello Barbie doll, which talks back to kids, have heightened fears that hackers could use the toy to steal information about its owners and their families. The Hello Barbie app, which is available for iOS and Android, uses an authentication credential that can be reused by hackers, Bluebox disclosed.
VTech Hires Mandiant to Shore Up Security for Kids
December 4, 2015
VTech on Thursday revealed it has hired FireEye's Mandiant to help improve security after reaction from parents around the world over news that its servers were hacked. It also is cooperating with law enforcement agencies worldwide to investigate the incident and has temporarily shut down several websites, its Learning Lodge app store, and its Kids Connect service.
'Tis the Season for Online Predators
December 3, 2015
While visions of holiday shoppers dance in retailers' heads, those visions are also on the minds of online marauders. Net predators are sticking to scams that have made them money throughout the year. "Over the last 12 months, we've seen a return to attachments with innocuous macros in them," said Kevin Epstein, vice president of advanced security and governance at Proofpoint.
More Things, More Cyberattacks
December 2, 2015
Not a day passes without mention of the Internet of Things in the media, as it appears to expand exponentially. Roughly 6.4 billion things will be connected to the Internet in 2016, at a rate of 5.5 million new things per day, according to Gartner. More than 20 billion devices will be in use by 2020. As a result, everyone must be more cognizant of cyber-risks.
Massive Hack Attack on Educational Toy Company Exposes Parents, Kids
November 30, 2015
Officials of several U.S. states on Monday have opened investigations into a massive data breach that occurred last month at VTech. The award-winning Hong Kong-based maker of electronic learning toys for kids on Friday announced that its Learning Lodge database was breached in a hack attack on Nov. 14. Learning Lodge offers apps, learning games, e-books, and other educational content.
Dojo Stands Cybersecurity Guard for Smart Homes
November 20, 2015
Dojo-Labs on Thursday introduced Dojo, a device that plugs into the router of a home network and acts as a watchdog to ensure that everything connected to the network is operating on its best behavior. The device brings some of the advanced technologies used to protect corporate networks to the home. It can prevent attacks and detect intrusions by observing how a device behaves on the network.
FBI, Carnegie Mellon Deny $1M Contract to Crack Tor
November 19, 2015
The FBI has denied allegations that it paid Carnegie Mellon University security researchers $1 million to crack a network designed to protect the anonymity of its users. The Tor Project, which operates the network, last week accused the FBI of cutting the CMU deal. The attack on Tor occurred from January to July 2014. The attackers discovered a way to strip the anonymity of Tor users.
ISIS Mocks Anonymous' War Declaration
November 18, 2015
ISIS has rebuffed the declaration of cyberwar Anonymous issued. "The #Anonymous hackers threatened in new video release that they will carry out a major hack operation on the Islamic state (idiots)," reads a message posted in a Telegram channel believed to be affiliated with ISIS hackers. "What they gonna hack," it continues. "All what they can do is hacking Alansar twitter accounts, emails etc."
Surveys Reveal Lax Mobile Security Among Federal Workers
November 18, 2015
The use of mobile devices provides significant benefits in convenience and workplace productivity. However, two recent reports indicate that U.S. government workers often ignore security protocols associated with mobile IT. The Office of Personnel Management hack revealed earlier this year drove an effort to address federal IT security. That effort largely has bypassed mobile device security.
FBI Paid Carnegie Mellon $1M to Crack User IDs, Claims Tor
November 17, 2015
The Tor Project last week claimed the FBI paid Carnegie Mellon University $1 million to crack the anonymity of Tor users. The claim appears to have been triggered by a report that said the FBI's arrest of an alleged member of Silk Road 2.0 was based on "information obtained by a 'university-based research institute' that operated its own computers on the anonymous network used by Silk Road 2.0."
See More Articles in Hacking Section >>
Facebook Twitter LinkedIn Google+ RSS
What is your reaction to the rumored
4-inch iPhone?
I'm in -- I'd love to have a smaller iPhone.
I prefer a larger iPhone, but it's good to have more options.
I expect innovation from Apple -- seems it's running out of ideas.
I'm not interested in an iPhone of any size.
Try MailChimp Pro