Cybersecurity
Latest
Coronavirus bursts Big Tech’s bubble
Virus enthusiasts from all over the world converged in San Francisco this week for America's largest security event: RSA Conference 2020. Before it began, fourteen companies withdrew from RSAC over concerns about the impending Coronavirus (COVID-19) pandemic. On opening day, organizers sent a message through the conference app asking attendees to stop greeting each other with handshakes.
Facial recognition startup Clearview AI says its full client list was stolen
You might expect a high-profile (and controversial) facial recognition startup like Clearview AI would have its data locked down, but it turns out it's just as vulnerable as almost any other company to malicious individuals. In a notification obtained by The Daily Beast, the company says a recent vulnerability allowed someone to gain "unauthorized access" to a list of all of its customers. Clearview works with approximately 600 law enforcement agencies across North America, including the Chicago Police Department.
Vinyl cover maker Slickwraps coughs up customer info in a data breach
If you have an account with Slickwraps, you'll want to change your password as soon as possible. The company, one of the more popular manufacturers of vinyl skins for phones, computers, tablets and game consoles, disclosed today that its website was hacked.
Microsoft’s Defender security software is coming to iOS and Android
Despite Apple and Google's best efforts, malware and malicious apps are still a big concern on iOS and Android. So today, Microsoft announced that it's bringing its Defender Advanced Threat Protection (ATP) to the mobile operating systems. In other words, Microsoft is stepping in to fix a problem that Apple and Google can't seem to resolve.
UN confirms it suffered a 'serious' hack, but didn't inform employees
The United Nations was the victim of a massive, likely state-sponsored hacker attack this past summer, according to reports from The New Humanitarian and Associated Press. To make the matters worse, the organization didn't disclose the details and severity of the hack until those publications obtained an internal document on the situation.
Russian hacker behind an elite crime forum pleads guilty to multiple charges
Last week, a well-connected Russian cybercrime boss, Aleksei Burkov, pleaded guilty to running an online criminal marketplace and a site that sold stolen credit and debit card data. What's even more intriguing, than the $20 million in fraudulent purchases that Burkov's site facilitated and the exclusive cybercrime ring he ran, is how badly Russia wanted to prevent Burkov from being extradited to the US.
FDA warns hospitals about security flaws in some GE medical equipment
Some GE medical equipment have vulnerabilities that make them easy to tamper with, according to the FDA. The agency has warned hospitals and healthcare providers that a third-party cybersecurity firm has identified flaws in certain GE Healthcare Clinical Information Central Stations and Telemetry Server models. Hospitals use these devices to monitor patients' information, including their temperature, heartbeat and blood pressure, and are usually located in the nurse's bay or other central locations within a facility.
Microsoft accidently exposed 250 million customer service records
While most people were out celebrating the start of a new year, Microsoft's security teams were working overtime to close a potentially enormous security loophole. On Thursday, the company disclosed a database error that temporarily left approximately 250 million customer service and support records accessible to anyone with a web browser.
Brazil charges journalist Glenn Greenwald for colluding with hackers
Brazilian federal prosecutors have charged Glenn Greenwald with violating the country's cybersecurity laws, reports The New York Times. According to a 95-page complaint, Greenwald was part of the "criminal organization" that hacked into the phones of several public officials and prosecutors in 2019. The charges come after Greenwald's website, The Intercept Brasil, published multiple reports last year that exposed unethical behavior from some of Brazil's highest public officials, including current Justice Minister Sérgio Moro.
Cloudflare is providing free anti-DDoS services to US political campaigns
With a major election cycle less than a year away, Cloudflare says it's working with politicians in the US to secure their campaigns against cyberattacks through a program called Cloudflare for Campaigns. The service, which includes protection against denial-of-service (DDoS) attempts, is available to both House and Senate candidates for free as long as they meet specific fundraising requirements. House candidates will need to show at least $50,000 in donation receipts, while those running for a Senate seat will need $100,000 in donations. Presidential hopefuls are also eligible as long as they're polling above five percent nationally. Cloudflare says it will also offer the program for a fee to political campaigns outside of the US, as well those that don't meet the free requirements in the US.
Homeland Security wants you to update your Firefox browser right now
The Department of Homeland Security is urging Firefox users to update their browsers. The rare warning was issued earlier this week, after Mozilla released two critical security updates. According to the Cybersecurity and Infrastructure Security Agency (CISA), the exploit could allow hackers to "take control of an affected system."
Huawei denies receiving billions in financial aid from Chinese government
Huawei may not be as much of a self-made success story as founder Ren Zhengfei has consistently made the company out to be. According to The Wall Street Journal, the Chinese government has granted as much as $75 billion worth of financial assistance to Huawei, allowing the company to spend more freely than it would have otherwise been able to.
Twitter fixes an Android bug that could have allowed hackers to hijack accounts
Twitter has updated its Android app to fix a security vulnerability that could have allowed someone to see nonpublic information about your account, as well as take control of it to send tweets and direct messages. According to a blog post from the company, taking advantage of the bug involved "a complicated process" of inserting malicious code into the restricted storage areas of the Twitter Android app. The bug may have also allowed malicious individuals to access someone's location information and their protected tweets.
Google Chrome will warn you if your logins have been stolen
Google is adding several new features to Chrome to keep you safe while browsing online. To start, the next time you try to login into a website, Chrome will warn you if your username and password were compromised in a data breach. It will also suggest you change any passwords you've reused.
752,000 US birth certificate applications were exposed online
According to a report from TechCrunch, an online company that allows people in the US to obtain a copy of their birth certificate has exposed more than 752,000 applications. The case of negligence was discovered by Fidus Information Security, a company that conducts online penetration testing, and verified by TechCrunch. The two found that the company is storing the applications on an Amazon Web Services (AWS) cache that's not protected by a password. By simply entering the "easy-to-guess" address of the cache in a browser, a malicious visitor could access the documents held within. TechCrunch didn't disclose the name of the company to protect the privacy of those who used its service.
Facebook is fixing a bug that turned on phone cameras
Early this month, some Facebook users began to notice a glitch when they were using the iOS app. Users shared on Twitter that when they were watching videos or looking at photos, their cameras were activated behind the Facebook app, CNET reports. Facebook has acknowledged the bug and says it is submitting a fix to Apple today.
Iowa asked researchers to break into a courthouse, then it arrested them
Ransomware attacks have cost cities like Atlanta and Baltimore millions of dollars and made it clear that state and municipal governments need to protect themselves against cyberthreats. With that in mind, the state of Iowa hired cybersecurity firm Coalfire to conduct a penetration test. The state asked the company to try to break into servers and physical buildings to see if it could gain access to sensitive data or equipment. When two Coalfire employees successfully broke into one Iowa courthouse, they were arrested, and the charges have not yet been dropped.
Huge cyberattack against country of Georgia knocks out 15,000 websites
The country of Georgia is reeling from a particularly vicious cyberattack. Officials are investigating after intruders striking on October 28th defaced over 15,000 websites hosted on local provider Pro-Service, including those for the President of Georgia's administration, mayoral offices, the courts and private companies like newspapers. In each case, the defacement left a picture of former President Mikheil Saakashvili (shown above) with the English text "I'll be back." The attack hit three TV stations and even forced two, TV Imedi and TV Maestro, to go off the air.
Microsoft has a new way to keep your computer's firmware from being hacked
In the constant cat and mouse game that is PC security, hackers have increasingly turned to firmware exploits to carry out their attacks. There are a couple of reasons for the uptick. One obvious one is that firmware, as the code that defines the relationship between hardware and software, is vitally important to any computer. Another major issue is that firmware is often written by hardware manufacturers instead of operating system developers like Microsoft. This means there are countless different varieties of firmware, each with their own particular set of quirks and vulnerabilities.
Facebook’s 2020 election 'protections' still allow for lying politicians
Today, Facebook outlined new measures to stop abuse and interference in the 2020 election. They include safeguards meant to make Facebook more secure and transparent, but they make one glaring omission. The new policies don't change Facebook's rules that allow political candidates to lie in their political ads.
