Security

Wed
30
Mar
John Lister's picture

Ransomware Takes Nasty New Twist

The FBI has asked businesses for urgent help dealing with a new form of ransomware. The attack is designed to compromise an entire network, rather than just a single computer. Ransomware is a form of malware that damages a computer in a way that's ... usually reversible - but only by the malware creators. Commonly it involves encrypting files or even an entire hard drive so that they can't be accessed without a key, which is only provided when the victim hands over a fee. Last month the FBI put out a warning of a form of ransomware dubbed MSIL/Samas.A. It targets a security vulnerability ... (view more)

Thu
24
Mar
John Lister's picture

FBI May Unlock iPhone Without Apple's Help

The FBI says it may be able to unlock the San Bernadino shooter's phone without Apple's help. But it's refusing to reveal details of its apparent solution. Apple recently refused to comply with an order to assist law enforcement officials with ... unlocking the phone, leading to a planned courtroom hearing this week. The FBI then asked for the case to be put on hold until next month, saying it wanted to investigate a method it discovered this past weekend that may make Apple's help irrelevant. The argument isn't about decrypting the data on the phone, something that's ... (view more)

Wed
23
Mar
John Lister's picture

Email Security Likely to Get Boost

Some of the biggest tech firms have joined together to call for new standards that could make emails more secure. The proposals have gone to the Internet Engineering Task Force, which develops voluntary but widely used technical standards for the ... Internet. These days around 30 percent of Internet traffic from North American users is encrypted, meaning that if somebody intercepts it on route, they'll struggle to be able to read it. That figure is expected to jump to 60 percent this year, though that's largely a quirk caused by a change in policy by Netflix. In any case, it's now ... (view more)

Thu
03
Mar
John Lister's picture

New 'Drown' Bug: Millions of Secure Sites Could be at Risk

An estimated 11 million secure websites could be vulnerable to hackers exploiting a security bug. Amazingly, the bug has to do with technology that is over 20 years old. There's little, if anything website visitors can do as the bug needs fixing by ... site operators. However, it is possible to check if a site appears to be vulnerable. The bug has been dubbed Drown, a name rather tenuously derived from "Decrypting the RSA algorithm with Obsolete and Weakened eNcryption." Researchers who uncovered the bug aren't publishing the precise details. At the moment it's not known if ... (view more)

Thu
25
Feb
John Lister's picture

FTC Cracks Down on Poor Router Security

ASUS has agreed to government supervision for 20 years after exaggerating the security of its routers. Officials say the company put hundreds of thousands of computers at risk. The company has agreed to a settlement in response to Federal Trade ... Commission (FTC) charges. The alleged breach of rules wasn't in the security flaws themselves, but rather that ASUS continuing to market the routers as "safe" was misleading to customers. Among ASUS's bold claims was that its routers could "protect computers from any unauthorized access, hacking, and virus attacks." This ... (view more)

Tue
23
Feb
John Lister's picture

Apple Refuses Court Order to Unlock Encrypted iPhone

Tech company leaders are backing Apple in its defiance of a court order to make it easier for the FBI to access a murderer's iPhone. However, a poll shows public support for officials despite Apple's claims that the order threatens security. The ... case involves a phone belonging to Syed Farook who, along with his wife, shot dead 14 people in California last December. He was killed in a police shootout, but the FBI wants to examine his phone to see if it contains any details about the planning of the attacks and links to terrorist groups. FBI Needs More Than 10 Password Attempts The ... (view more)

Wed
17
Feb
John Lister's picture

Hackers Demand $3.6M To Restore Hospital Computers

A California hospital has been unable to use its computer system for more than a week thanks to a ransomware attack. The hackers are said to be demanding more than $3 million in return for returning access. The Hollywood Presbytarian Medical Center ... has confirmed the attack but is keeping many of the details quiet. Local news outlets say it doesn't appear any personal data has been compromised and no patients have been put at medical risk. However, the attack has been highly disruptive. Staff are having to register new patients and update medical records on paper. Some patients and family ... (view more)

Thu
11
Feb
John Lister's picture

IRS Online Security Breach Affects 100k Taxpayers

The IRS has revealed that cyber attackers managed to trick its system in handing over more than 100,000 access codes for user accounts. Fortunately the breach was discovered before any sensitive data was compromised. The attack followed a data theft ... from a source outside of the IRS. The agency hasn't revealed what that was, but it appears to have involved a stolen list that included social security numbers. The attackers then set an automated program, or "bot" to work. Using stolen social security numbers (sourced from outside the IRS), the bot was used to generate E-file PINs ... (view more)

Tue
02
Feb
John Lister's picture

Goverment Claims on Encryption Challenged

A Harvard University report challenged the government's argument that online encryption helps criminals go undetected. The report also suggests that the "Internet of Things" will give law enforcement officials more opportunity to surveil suspects. ... Politicians and government agencies (such as the FBI) repeatedly make the case that the law fails to keep up with technology, especially when it comes to being able to monitor communications between suspected offenders. For example, recently-updated wiretapping laws can still prove to be unworkable, especially if data is encrypted ... (view more)

Thu
21
Jan
John Lister's picture

LastPass Password Manager a 'Phishing Risk'

A security researcher says he's published proof that users of password manager tool LastPass could easily be tricked into handing over login details. LastPass insists there is no bug with the service itself, but has made some changes to mitigate the ... issue. Sean Cassidy published details of the potential attack at a security conference. He says the way LastPass operates makes it too easy to create bogus looking login pages that could fool users into handing over their login credentials. According to Cassidy, two main problems combine to create the phishing risk. One is that LastPass ... (view more)

Pages

Subscribe to RSS - Security