As we reported last week, Bloomberg published a story claiming that China had secretly installed microchips on motherboards built by Supermicro that were used in data center servers of companies such as Apple and Amazon. In the first official response from the U.S. government, Homeland Security issued a statement indicating that it has “no reason to doubt” the denials issued by Apple, Amazon and Supermicro in the wake of the report. The Homeland Security statement is similar to comments released by the U.K.’s National Cyber Security Centre. Continue reading Government Backs Apple and Amazon Denials of Spy Chips

According to a Bloomberg Businessweek cover story today, Chinese spies infiltrated nearly 30 U.S. companies including Amazon and Apple by embedding tiny chips into servers in the technology supply chain. In 2015, malicious microchips were reportedly embedded in servers bound for U.S. companies, which resulted in compromised software used in numerous hardware devices. While the report cites former government officials and “senior insiders” at Apple, both Amazon and Apple — as well as motherboard manufacturer Supermicro and China’s Ministry of Foreign Affairs — have firmly disputed the findings. Continue reading China Reportedly Used Tiny Chips to Hack U.S. Companies

In its third security breach reported since June, Facebook announced on Friday that hackers had leveraged a security vulnerability in order to attack its computer network and access the personal accounts of about 50 million of its social platform users. In the two other breaches, hackers unblocked individuals that had been previously blocked by Facebook users, and users’ share settings were manipulated without permission. As a result of this latest breach, “the attackers could use the account as if they are the account holder,” according to Guy Rosen, VP product management for Facebook. Continue reading Facebook Reveals Another Attack on its Computer Network

Today’s consumers are “overconfident in their security prowess,” which has resulted in a record year for cyberattacks, according to the “2017 Norton Cyber Security Insights Report.” The Symantec report found that 978 million people across 20 countries were impacted last year by cybercrime, and 44 percent of consumers were affected in the last 12 months. “As a result,” notes the report, “consumers who were victims of cybercrime globally lost $172 billion — an average of $142 per victim — and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.” Continue reading Symantec Publishes Global Security Findings in Latest Report

Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

Security companies Morphisec and Cisco reported the extent of the damage caused by a malware attack on security software CCleaner. Experts say that the software, distributed by Czech company Avast, was targeted not simply to disrupt as many computers as possible, but to conduct espionage. Hackers penetrated the software and added a backdoor, ultimately installing malware on more than 700,000 computers. But hackers also sought to find computers among those infected that resided in networks of 20 leading tech firms. Continue reading CCleaner Malware Is Linked to Attack Against 20 Tech Firms

Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.   Continue reading Equifax Data Breach, Discovered in July, Impacts 143 Million

Despite earlier concerns over censorship and a cyberattack traced to Chinese hackers — and the fact that its search engine can only be accessed in the region by using VPNs (due to the government’s filtering system) — Google is reportedly ramping up its presence in China. Its careers web page lists nearly 60 open positions in Beijing and Shanghai. According to The Wall Street Journal, at least four of the engineering positions involve artificial intelligence, “including a technical lead to develop a team to work on natural language processing, data compression and other machine learning technologies.” Continue reading Google Ramping Up its Artificial Intelligence Efforts in China

The threat of ransomware and malware are growing. The “WannaCry” attack impacted at least 200,000 computers in 150 countries before peaking last week. Adylkuzz is another piece of malware currently threatening computers around the world. As computers become increasingly connected, so opportunities for cybercrime expand, say the experts. Part of the problem is that the Internet wasn’t designed with cybersecurity protections, and criminals are attracted to cybercrimes for the relatively easy profits they can make. Continue reading Advice on Keeping Smaller Businesses Safe From Cybercrime

A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault. Continue reading Major Cyberattack Hits 150 Countries, Could Keep Spreading

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

Six years ago, the Chinese military hacked Google, Yahoo and other technology companies. Google, whose co-founder Sergey Brin vowed “never again,” hired hundreds of security engineers to make good on that promise. Yahoo, under the leadership of Marissa Mayer, however, focused on other problems the ailing company faced and reportedly failed to take more stringent security measures. Now, Yahoo reports another serious breach, undetected for two years, with 500 million users’ credentials stolen. Yahoo and the FBI are investigating. Continue reading With Breach, Yahoo Pays the Price For Skimping on Security

In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords. Continue reading Hackers Steal Data From Half a Billion Yahoo User Accounts

Some Lenovo laptops that have shipped since August include a pre-installed adware program known as Visual Discovery by Superfish. While Superfish is designed to serve ads, it reportedly does so in a dangerous way that leaves users vulnerable to hackers. While Lenovo claims that it has investigated the tech and does “not find any evidence to substantiate security concerns,” Internet security analysts suggest a major problem still exists. The Department of Homeland Security warns that Superfish makes users vulnerable to SSL spoofing. Continue reading Security: Government Urges Removing Superfish from Laptops

The U.S. Government Accountability Office warns that data caps may drive the prices of Internet service up for everyone, instead of keeping costs low for the people who only use a small amount of data. Internet service providers do not have enough competition in some places, which would make it easier for ISPs to abuse a usage-based pricing system. The GAO recommends that the Federal Communications Commission develop a voluntary code of conduct for ISPs. Continue reading Data Caps May Result in Higher Prices for Internet Customers