Capital One Breach Exposes Data of 106 Million Customers

A hacker accessed the personal data of about 106 million credit card customers and applicants of Capital One Financial, the fifth-largest credit card company in the U.S., making it one of the biggest such breaches of a large bank. Federal authorities arrested 33-year old Paige Thompson, who is accused of breaking through the bank’s firewall to access data stored on Amazon’s cloud service. Most of those exposed by the hack were customers and small businesses who applied for credit cards between 2005 and early 2019. Continue reading Capital One Breach Exposes Data of 106 Million Customers

Juniper Networks Backdoor Hack Likely From Foreign Nation

Tech giant Juniper Networks just found unauthorized code — essentially a backdoor — in the operating system running some of its firewalls. The hidden backdoor, found in versions of the company’s ScreenOS software dating back to at least August 2012, enable hackers to take complete control of Juniper NetScreen firewalls as well as decrypt encrypted traffic running through the Virtual Private Networks (VPN) on the firewalls. The FBI is investigating the breach, which appears to be the work of a foreign government. Continue reading Juniper Networks Backdoor Hack Likely From Foreign Nation

California Senate Passes Amended Smartphone Kill-Switch Bill

Weeks after the California Senate voted down legislation that would require anti-theft tech in all new smartphones, it has now passed a revised version of the bill after Apple and Microsoft withdrew their opposition. While the legislation is applauded by law enforcement groups, it is still opposed by some wireless carriers, and could face an uphill battle in the state Assembly. If passed, kill-switch technology would be required for phones sold in California that are manufactured after July 1, 2015. Continue reading California Senate Passes Amended Smartphone Kill-Switch Bill

Cybersecurity Focus Shifts From Blocking to Spotting Threats

Companies such as IBM and Symantec are investing in new technologies to detect viruses and hackers and make stealing customer data more difficult. The companies believe that traditional antivirus software that erect barriers to keep out threats is becoming increasingly ineffective as hackers around the world regularly create novel bugs. IBM plans to analyze behavior in computer network data to detect irregularities. Symantec is launching its own division that will help hacked businesses respond to security breaches.  Continue reading Cybersecurity Focus Shifts From Blocking to Spotting Threats

Bug Causes Scramble to Update Software and Change Passwords

Popular websites have been scrambling to update software and Internet users have been encouraged to change their passwords following the news of an encryption flaw known as the Heartbleed bug, which is already being categorized as one of the biggest security threats the Internet has ever experienced. The bug has affected a number of websites and services (although the extent is not clear), and may have exposed account info including passwords and credit card numbers going back two years. UPDATE: Cisco and Juniper said yesterday that some of their networking products contain the bug, which means sensitive info may have been obtained while moving across corporate networks, home networks and the Internet. Continue reading Bug Causes Scramble to Update Software and Change Passwords

New Software Lets Chat Apps Connect Phones Without Internet

The recently released FireChat mobile app stands out from competitors as the only messaging app that can be used without cell phone reception. FireChat makes use of Apple’s multipeer connectivity introduced in iOS 7, which enables phones to connect with each other directly via Bluetooth or Wi-Fi. FireChat users within 100 feet of one another can exchange messages without sending data through a cellular provider. A future of similar apps not reliant upon the Internet could open new possibilities and address privacy concerns. Continue reading New Software Lets Chat Apps Connect Phones Without Internet

NSA and GCHQ Monitor Gaming Activity, Search for Terrorists

The National Security Agency and its UK sister agency GCHQ have been deploying real-life agents into fictional worlds like “World of Warcraft” and “Second Life,” collecting gamers’ chats and even attempting to recruit potential informants, according to documents leaked by Edward Snowden. The agencies claimed that real-life terrorists might be playing and plotting within these games, suggesting that the gamer communities may provide intelligence on terrorist activity. Continue reading NSA and GCHQ Monitor Gaming Activity, Search for Terrorists

Verizon: Big Corporations Still Moving to the Public Cloud

Verizon recently released a study that found that NSA surveillance concerns have not decreased the adoption of public cloud services by large corporations. Companies have been increasing their amount of data stored in the cloud. Public clouds remain attractive as they allow companies to decrease or increase the scale of resources, and to share the cost of ownership among users. But some big companies are looking to vendors outside the U.S. to avoid the NSA. Continue reading Verizon: Big Corporations Still Moving to the Public Cloud

15 Percent of American Adults Not Using the Internet or Email

A new report from the Pew Internet & American Life Project, based on interviews conducted by Princeton Survey Research Associates, indicates that 15 percent of American adults ages 18 and older say they are not using the Internet or email. Survey participants cite issues related to relevance, problems with ease-of-use, security, expense and availability as primary reasons. Additionally, another 9 percent of U.S. adults note that they use the Internet, but not while they are at home. Continue reading 15 Percent of American Adults Not Using the Internet or Email

Smartphones Merging with Cars Creating Connected Vehicles

Many cars made today are embedded with new technologies, which are leading to partnerships between auto manufacturers and wireless companies. These agreements are resulting in vehicles with always-on, fast wireless connectivity, providing the groundwork for new services, such as smartphones integrating with cars, and perhaps car-to-car communication. But with new forms of connectivity come new distractions and potential dangers. Continue reading Smartphones Merging with Cars Creating Connected Vehicles

AP Twitter Account Hacked: Underlines Need for Security

The Associated Press Twitter account was hacked yesterday with a false report involving explosions at the White House. The account was quickly suspended, but not before the news had been retweeted thousands of times, resulting in a temporary yet sharp drop in the Dow and news outfits clamoring to ascertain details. Although the account is active again, the news agency has nearly 2 million less followers, which Twitter explains could take up to 24 hours to repair. Continue reading AP Twitter Account Hacked: Underlines Need for Security

Malware Shift: Android Overtakes Windows as Top Security Threat

  • In the 2013 Security Threat Report from security firm Sophos, it’s been revealed that Android is now the top market for hackers, beating out previous frontrunner Microsoft’s Windows OS.
  • “The security firm found that during a three-month period this year, 10 percent of Android-based devices experienced some form of malware attack. Just 6 percent of Windows PCs, meanwhile, were hit by an attack,” according to Technology Review.
  • Cybercriminals understand more than ever that the technological future is in mobile, making this an issue of high concern considering over 100 million Android devices shipped worldwide in the second quarter of 2012, notes the report.
  • Because Android is fairly new, especially when compared to Windows OS, users are not yet conditioned to security concerns and will click on links or open unknown apps.
  • “To make matters worse, the anti-malware tools available in the Android ecosystem just aren’t as strong as they could be,” explains the article. “Security firms are behind the times a bit. And until they catch up, we’re all at risk.”
  • According to the Saphos report, in order to stay safe, users should only surf the Web to known sites and should not download anything that could be dangerous.

Surveillance Catalog: Government Uses New Monitoring Techniques

  • Take a look at the toolkit for governments to legally monitor what people are doing on the Web. It’s an impressive catalog that includes hacking, intercept, data analysis, Web scraping and anonymity products. It makes one aware that nothing is safe from surveillance.
  • Hacking tools use techniques commonly used in malware.
  • Intercept tools can filter all traffic from the Internet backbone and determine which to forward to law enforcement.
  • Data analysis sorts, stores and analyzes information from a variety of sources including wired and wireless networks, surveillance, domestic and foreign agencies, tactical operations, etc. to build a complete profile of suspects or identify patterns across data sets.
  • Web scraping gathers and analyzes data from publicly available sources.
  • Anonymity hides the identity of investigators.
  • If governments are already using these tools, how long will it be before anyone can obtain them? WIll this imperil the confidence people have online?

Facebook Under Siege: Hackers Exploit XSS-Flaw in Massive Spam Attack

  • Facebook suffered one of its largest ever security breaches this week when hackers found a way to spread violent and explicit images to some users’ profiles.
  • Hackers reportedly tricked users into copying and pasting malicious Javascript code onto their browsers, thus providing attackers access to personal profiles.
  • “The ‘self-XSS’ exploit refers to the fact that social engineering techniques were employed to trick users into entering the code necessary to execute the attacks, as opposed to other types of XSS-based attacks where the perpetrators inject the code on to the Website,” reports eWeek.
  • Facebook reported yesterday that it had identified those responsible for the attack, was taking control of the spam and making plans for preventing such a future attack.
  • “Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms,” said a Facebook spokesperson, adding that no user accounts or data were compromised.

Hacker Group Anonymous Targets Apple Online Data

  • Apple has joined Sony and Fox News in the growing list of companies experiencing recent security breaches.
  • In what appears to be a warning salvo, 27 user names and encrypted passwords from an Apple website were reportedly posted online over the weekend along with a warning of future attacks from hacker group Anonymous.
  • The hacker group posted a list of data supposedly taken from an Apple Business Intelligence website. Apple has not commented on this.
  • Anonymous hacker group, which linked to this leak in a Twitter post, threatens that Apple could be a target of its attacks.
  • Anonymous is running “antisec,” an operation that threatens government, law enforcement and corporations.