Hackers are reportedly targeting third-party sellers on Amazon by using stolen email and password credentials (available for purchase from previous hacks via the “Dark Web”) in a scam to post fake product deals online and pocket cash. Thieves have changed the bank info of active sellers on Amazon to steal amounts up to tens of thousands from each and have hacked less active sellers to post merchandise that does not exist, offering products at steep discounts. While PayPal and eBay have been targeted by hackers in the past, cybersecurity experts indicate that Amazon is becoming a new target. Continue reading Third-Party Sellers on Amazon Become Latest Hacking Target

The Department of Justice officially charged four people yesterday in connection with Yahoo’s 2014 data breach that reportedly resulted in the theft of data from 500 million Yahoo accounts. According to the indictment, the Russian government used the data obtained by two intelligence officers (Dmitry Dokuchaev, Igor Sushchin) and two hackers (Alexsey Belan, Karim Baratov) to spy on White House and military officials, bank executives, cloud computing companies, a senior level airline official, a Nevada gaming regulator, as well as Russian journalists, business execs and government officials. Continue reading U.S. Claims That Russian Hackers Were Behind Yahoo Attack

WikiLeaks released thousands of documents yesterday that it claims detail methods used by the CIA “to break into smartphones, computers and even Internet-connected televisions,” reports The New York Times. According to WikiLeaks, the CIA and allied intelligence services bypassed encryption on messaging services including Signal, Telegram and WhatsApp. WikiLeaks also suggests that agencies can collect audio and messaging data from Android phones “before encryption is applied.” The Wall Street Journal notes that such activities, if actually taking place with consumer electronics, could fuel tensions between intelligence agencies and the tech industry, which has been concerned about customer privacy. Mobile devices are a major concern; NYT published an article detailing potential smartphone vulnerabilities. Continue reading WikiLeaks Claims of CIA Hacking Could Impact Tech Industry

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

The Securities and Exchange Commission has opened an investigation into Yahoo’s highly-publicized data breaches and whether the company should have disclosed the massive hacks earlier. “The SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors,” reports The Wall Street Journal. Yahoo’s 2014 breach, disclosed in September 2016, involved data from at least 500 million users. In December 2016, the company revealed that more than 1 billion Yahoo user accounts had been breached in 2013. “The SEC has investigated multiple companies over whether they properly disclosed hacks,” notes WSJ, especially after the 2013 Target breach “that compromised up to 70 million credit and debit-card accounts.” Continue reading SEC Opens Investigation into Massive Yahoo Data Breaches

In a recently published Infrastructure Security Design Overview, Google explains its six layers of security for the cloud it uses for its own operations and its public cloud services. The company also revealed that it designs custom chips, “including a hardware security chip that is currently being deployed on both servers and peripherals,” that allow it to “securely identify and authenticate legitimate Google devices at the hardware level.” The chip works with cryptographic signatures validated during each boot or update. Continue reading Newly Published Google Overview Spells Out Security Details

To improve encryption, Google has launched an open source project, Key Transparency, a follow-up to its Certificate Transparency, both of which focus on the need to verify the authenticity of the person or server the user believes he is connecting to. Keybase, a collection of verified users and their “cryptographic credentials” is one solution, but Google now wants to ascertain that the contacts are verified systematically and are privacy-protected, by having the address “double-check” itself. Continue reading Google Key Transparency Project to Boost Messaging Security

At CES 2017, LG stated that this year all of its home appliances will include “advanced Wi-Fi connectivity.” One flagship product is its Internet-connected Smart InstaView Refrigerator that supports Amazon’s Alexa; no price has been announced. Features of the webOS appliance include stickers and tags to be attached to items in the refrigerator, which will signal the consumer when a food item in question is about to expire, and the ability to remotely view the inside of the refrigerator via a camera mounted inside. Continue reading LG Goes Big on Wi-Fi-Connected Appliances, Robots at CES

Beyond the sights and spectacle of CES, almost 2.5 million square feet of exhibits, 3,800 exhibiting companies, and 175,000 attendees, are oases of insight and information to be found among more than 300 conference sessions. CES conferences leverage the attendance of senior executives, experts, and policymakers to populate panels that cover the spectrum of product categories, tech trends, and consumer interests represented throughout the show. Eight SuperSessions feature senior leaders grappling with their experiences in emerging sectors, while 44 different tracks explore a wide range of timely topics. Continue reading CES 2017: Conference Sessions Explore Products and Trends

China has adopted a broad and controversial cybersecurity law that places new requirements on tech companies, which foreign businesses fear may be used to negatively affect competition. The law, designed to tighten state control over technology and information while ramping up online security, addresses areas such as data storage, technical support, censorship and government certification of hardware. According to The Wall Street Journal, “The law drew criticism from foreign business groups due to the expansive list of sectors that are defined as part of China’s ‘critical information infrastructure,’ making sectors including telecommunications, energy, transportation, information services and finance subject to security checks.” Continue reading Global Tech Firms Wary of China’s Broad Cybersecurity Law

Wired editor-in-chief Scott Dadich recently sat down with President Barack Obama and MIT Media Lab director Joi Ito in the White House to discuss the numerous possibilities and potential implications of artificial intelligence and machine learning. “It’s worth thinking about because it stretches our imaginations and gets us thinking about the issues of choice and free will that actually do have some significant applications for specialized AI,” said Obama. “If properly harnessed, it can generate enormous prosperity and opportunity. But it also has some downsides that we’re gonna have to figure out in terms of not eliminating jobs. It could increase inequality. It could suppress wages.” Continue reading President Obama and MIT Media Lab Director Talk Future of AI

FCC chairman Tom Wheeler is reminding the tech industry that cybersecurity standards should be a significant consideration while moving forward with the development of 5G wireless Internet. Last week, the FCC published a request “for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific ‘performance requirements’ for developers of example Internet-connected devices,” reports FedScoop. Companies interested in a license to access 5G spectrum will need to comply with the new requirements, which will include network security plans. Continue reading FCC Pushes for 5G Standards with Emphasis on Cybersecurity

Spurred by the May 7 fatal crash involving an autonomous Tesla Motors vehicle in Florida, the National Highway Traffic Safety Administration is considering requiring approval of technologies involved in self-driving cars, something not covered by current motor safety rules. That lack of relevant regulations means the government has no authority over automated car technologies being introduced on U.S. roads and highways. The NHTSA can only intervene in potential safety issues after an incident has occurred. Continue reading Regulators and Insurers Examine Risks of Automated Vehicles

According to a new Accenture report, 23 percent of consumers claim their financial data has been breached at least once in the past two years. Interestingly, most remain willing to share their data if it means better service. “About 63 percent of respondents are willing to give their bank direct access to personal information,” reports HousingWire. The National Association of Federal Credit Unions recently called on Congress to combat hacking with legislation that would create stricter standards for retail businesses. Accenture surveyed 4,013 bank customers in North America — 70 percent in the U.S. and 30 percent in Canada. Continue reading Consumers Report Financial Data Breaches, Still Trust Banks

President Obama’s Commission on Enhancing National Cybersecurity met with tech industry executives at UC Berkeley to gather suggestions on how to improve cybersecurity. Executives from Google, Facebook, Dropbox and others had their own agenda: to move the issues of consumer data privacy, transparency and sharing of cyber threats towards more openness. Former NSA director General Keith Alexander and Uber chief security officer Joe Sullivan are among the members of the commission. Continue reading Feds, Tech Titans Grapple Over Approaches to Cybersecurity