Apple Reveals Platform Security Guide with Info on M1 Chip

Apple unveiled its annual Platform Security Guide, now 200 pages, which provides the first-ever detailed documentation of its new M1 chips. The company is known for being reticent to release much in-depth technical information as part of its “security through obscurity” strategy to fend off hackers. However, this latest edition of the guide offers “significantly expanded information,” including details about the secure enclave and other software features and is designed to enable customers use the technology’s defense attributes. Continue reading Apple Reveals Platform Security Guide with Info on M1 Chip

White House Names Official to Lead Probe of Expansive Hack

In December, suspected Russian hackers compromised SolarWinds Corp., a small software vendor, leveraging it to infiltrate the U.S. departments of Commerce, State and Treasury, as well as numerous private companies. An in-depth investigation revealed that the hack’s scope was larger than first known, with about one-third of those hacked having no direct connection with SolarWinds. Now, the Biden administration has selected White House National Security Council senior official Anne Neuberger to lead the response. Continue reading White House Names Official to Lead Probe of Expansive Hack

New York State Calls for a Dedicated Social Media Regulator

On the heels of a cyberattack on Twitter this summer, the New York State Department of Financial Services (DFS) called for a dedicated regulator to oversee big social media platforms. In a 37-page report, the department described the July 15 attack in which accounts of Barack Obama, Joe Biden, Jeff Bezos, Elon Musk and others were hacked and used to promote a cryptocurrency scam. Three people have since been charged with posing as employees to launch that attack, which relied on relatively simple tactics. Continue reading New York State Calls for a Dedicated Social Media Regulator

Facebook Detects Malware That Was Being Used for Ad Fraud

Facebook shut down malware out of China that stole user credentials to serve ads for diet pills, sexual health products and counterfeit goods including designer handbags, shoes and sunglasses. The hackers used the consumer’s associated payment method to purchase the ads, at the cost to victims of $4 million. The social media company first exposed these attacks in 2018 and traced them to ILikeAd Media International, filing a civil suit against the firm and the two Chinese nationals who allegedly developed the malware. Continue reading Facebook Detects Malware That Was Being Used for Ad Fraud

Akamai Reports a Rise in Game Hacking During the Pandemic

Cyberattacks against gamers have increased during the coronavirus pandemic, according a report from cloud services company Akamai, which detailed that hackers attempted almost 10 billion credential-stuffing attacks to take over accounts. Akamai security researcher Steve Ragan, who wrote the report, noted that, “as games move online and leverage cloud infrastructure and cross-platform and cross-generation play, that’s an attack surface.” “The bigger the attack surface, the more room [hackers] have to play,” he added. Continue reading Akamai Reports a Rise in Game Hacking During the Pandemic

Cybersecurity Chiefs Concerned Over Risks of Remote Work

In the corporate work world, cybersecurity experts are worried about their limited ability to track how employees are working remotely, including whether they record conference calls, share corporate devices with family members or take photos of sensitive documents. Their actions could inadvertently put the company at greater risk to be hacked; organizations such as the National Bureau of Economic Research are tracking an uptick in hacking attempts while corporate security teams are devising new policies to head off the problems. Continue reading Cybersecurity Chiefs Concerned Over Risks of Remote Work

Unsecured Databases Leak 235 Million Social Media Profiles

On August 1, security research firm Comparitech, led by Bob Diachenko, discovered a massive data leak of nearly 235 million Instagram, TikTok and YouTube user profiles. The leak was due to an unsecured database, which is quickly becoming a widespread cause of similar breaches. An audit of the dark web found about 15 billion stolen logins from 100,000 such unsecured database breaches. The data leak discovered by Diachenko and his team was spread across several datasets, including two of 100 million each of Instagram users. Continue reading Unsecured Databases Leak 235 Million Social Media Profiles

Twitter Hack Technique Is Being Replicated for Other Attacks

Last month, three alleged hackers were arrested for manipulating Twitter to control 45 accounts of high-profile figures including Jeff Bezos, Joe Biden and Elon Musk. Now, the technique these young malefactors used — dubbed “phone spear phishing” — is being used by so many other bad actors that experts dub it a crime wave. Phone spear phishing, also known as “vishing,” a mashup of “voice phishing,” has been used this last month to attack banks, web hosting companies and cryptocurrency exchanges, said investigators. Continue reading Twitter Hack Technique Is Being Replicated for Other Attacks

Pirate IPTV Subscription Services Now a $1+ Billion Industry

Digital Citizens Alliance and NAGRA released a joint report revealing that illegal piracy subscription services — Internet Protocol Television (PS IPTV) — are now a $1+ billion industry. “Money for Nothing” describes an ecosystem of retailers and wholesalers enabled by legal businesses and consumed by at least nine million U.S. households. The report also looks into its infrastructure, supply chain, and ad-supported business models. Piracy injures consumers via malware among other risks. Continue reading Pirate IPTV Subscription Services Now a $1+ Billion Industry

FTC to Fine Twitter for Using Consumer Data for Targeted Ads

Twitter revealed that the Federal Trade Commission may hit it with a fine up to $250 million for using consumers’ email addresses and phone numbers — collected for “safety and security” purposes — to target ads, something it said it did “inadvertently” between 2013 and 2019. This is a violation of its 2011 agreement with the FTC, in which Twitter agreed that it would no longer mislead consumers by not disclosing other potential uses. Twitter has already received a draft complaint from the FTC. Continue reading FTC to Fine Twitter for Using Consumer Data for Targeted Ads

Latest Twitter Hack Puts Spotlight on Internal Security Issues

Since 2015, Twitter chief executive Jack Dorsey and the company board have been warned annually about internal cybersecurity risks. In fact, there are about 1,500 employees plus contractors with the power to make changes in 186 million daily user accounts, and the company had experienced breaches due to internal sources. Then, on July 15, hackers tricked employees to compromise 130 Twitter accounts, including those of Jeff Bezos, Joe Biden, Barack Obama and Elon Musk, stealing data from eight unidentified accounts. Continue reading Latest Twitter Hack Puts Spotlight on Internal Security Issues

Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

On Wednesday, scammers launched one of the most audacious attacks in recent memory, posting messages from the Twitter accounts of Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk that if people sent Bitcoin, the famous person would send back double the money. The first attack targeted high-profile cryptocurrency leaders and companies, but soon broadened to include a list of prominent U.S. politicians and entertainment and tech executives. It appears that an internal Twitter account was involved in the attacks, but it has yet to be determined whether an employee was willfully complicit. Continue reading Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

‘Zoombombing’ on the Rise, Zoom Works to Improve Security

As use of Zoom Video Communications’ conferencing services have soared, the company’s chief executive Eric Yuan has had issues scaling up the popular app. The nine-year-old tool, once a favorite in the business world, is now ubiquitous among a wide swathe of consumers, educators and others. Issues with privacy and hacking have arisen, and Yuan admitted he “messed up” on security, especially with the claim — proven false — that Zoom offered end-to-end encryption. Yuan said the full encryption feature will be available in a few months. Meanwhile, some users are switching to other platforms. Continue reading ‘Zoombombing’ on the Rise, Zoom Works to Improve Security

Intel Issues a Patch to Address Concerns About Chip Security

According to researchers at security firm Positive Technologies, Intel chips that were released during the past five years contain a flaw that may allow hackers to overcome built-in security measures. The flaw is in the Converged Security and Management Engine (CSME), described as a subsystem inside CPUs and chipsets similar to AMD’s Platform Security Processor. Intel has issued a patch, but Positive Technologies said it may not be enough to protect systems containing the flawed products. Intel’s 10th generation processors are reportedly not among those affected. Continue reading Intel Issues a Patch to Address Concerns About Chip Security

Ransomware Attacks Increase and Demand Bigger Payouts

An increasing number of cities, hospitals and businesses are being attacked by ransomware, by which bad actors shut down the victim’s computer network until a ransom is paid. Up until now, these attacks have been hard to measure since many of those impacted quietly paid the ransom without notifying any authorities. Security firm Emsisoft just reported a 41 percent increase in ransomware attacks between 2018 and 2019, with 205,280 businesses and other groups submitting evidence of such intrusions in 2019. Continue reading Ransomware Attacks Increase and Demand Bigger Payouts

Page 1 of 1012345678910