Third-Party Sellers on Amazon Become Latest Hacking Target

Hackers are reportedly targeting third-party sellers on Amazon by using stolen email and password credentials (available for purchase from previous hacks via the “Dark Web”) in a scam to post fake product deals online and pocket cash. Thieves have changed the bank info of active sellers on Amazon to steal amounts up to tens of thousands from each and have hacked less active sellers to post merchandise that does not exist, offering products at steep discounts. While PayPal and eBay have been targeted by hackers in the past, cybersecurity experts indicate that Amazon is becoming a new target. Continue reading Third-Party Sellers on Amazon Become Latest Hacking Target

U.S. Claims That Russian Hackers Were Behind Yahoo Attack

The Department of Justice officially charged four people yesterday in connection with Yahoo’s 2014 data breach that reportedly resulted in the theft of data from 500 million Yahoo accounts. According to the indictment, the Russian government used the data obtained by two intelligence officers (Dmitry Dokuchaev, Igor Sushchin) and two hackers (Alexsey Belan, Karim Baratov) to spy on White House and military officials, bank executives, cloud computing companies, a senior level airline official, a Nevada gaming regulator, as well as Russian journalists, business execs and government officials. Continue reading U.S. Claims That Russian Hackers Were Behind Yahoo Attack

Half of Web Traffic Now Encrypted as Websites Adopt HTTPS

A new report from rights organization Electronic Frontier Foundation (EFF) found that half of today’s Web’s traffic is now protected by encryption. The increased adoption of HTTPS is largely a result of efforts from big tech companies, like Google and Facebook, and an increased awareness of government surveillance. Google started factoring whether a website was on HTTPS or HTTP into its algorithm. WordPress, one of the biggest Web hosting providers, switched to HTTPS last year. Continue reading Half of Web Traffic Now Encrypted as Websites Adopt HTTPS

Verizon to Pay $350 Million Less for Yahoo Internet Businesses

Verizon and Yahoo announced yesterday plans to move forward with the sale of Yahoo’s core Internet businesses. In the wake of major data breaches at Yahoo, the purchase price has been lowered by $350 million for a new deal valued at $4.48 billion. The companies plan to split future costs related to the data breaches. “The revised agreement,” notes The New York Times, “paves the way for the deal to proceed to a shareholder vote as early as April, although securities regulators are still assessing how Yahoo disclosed information about the breaches to investors.” Verizon is looking to compete with Facebook and Google in digital advertising and, according to The Wall Street Journal, plans to fold Yahoo’s ad tech and websites “into AOL, which Verizon acquired in 2015.” Continue reading Verizon to Pay $350 Million Less for Yahoo Internet Businesses

Yahoo Warns Users: Hackers Forged Cookies to Access Data

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

SEC Opens Investigation into Massive Yahoo Data Breaches

The Securities and Exchange Commission has opened an investigation into Yahoo’s highly-publicized data breaches and whether the company should have disclosed the massive hacks earlier. “The SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors,” reports The Wall Street Journal. Yahoo’s 2014 breach, disclosed in September 2016, involved data from at least 500 million users. In December 2016, the company revealed that more than 1 billion Yahoo user accounts had been breached in 2013. “The SEC has investigated multiple companies over whether they properly disclosed hacks,” notes WSJ, especially after the 2013 Target breach “that compromised up to 70 million credit and debit-card accounts.” Continue reading SEC Opens Investigation into Massive Yahoo Data Breaches

Wall Street Adopts Blockchain Technology to Record Trades

The Depository Trust and Clearing Corporation (DTCC), the “back end” for much of Wall Street trading, is replacing a central database with Bitcoin-inspired software. The New York-based DTCC records and reports almost every stock, bond and valuable derivative trade in the U.S. IBM, already experienced in blockchain technology, is leading the DTCC software transition, which is slated to be functioning by early 2018. The shift marks Wall Street’s most serious effort thus far to adopt Bitcoin’s underlying technology. Continue reading Wall Street Adopts Blockchain Technology to Record Trades

Cybersecurity and How to Build Speed Bumps Against Hackers

At a CES CyberSecurity Forum, journalist/author Wayne Rash led a discussion on the various ways that companies are failing to protect their intellectual property and remain vulnerable to malicious code and ransomware. According to Yubico chief executive Stina Ehrensvard, 70 percent of hacks are related to passwords. “The password is the weak link,” agrees Authentic8 chief executive Scott Petry. “Reusing passwords is a problem. If you use your Yahoo password for other sites, you’re in trouble.” Continue reading Cybersecurity and How to Build Speed Bumps Against Hackers

Yahoo: Second Data Breach Involves 1 Billion User Accounts

In September, Yahoo revealed a 2014 security breach that involved 500,000 of its users’ accounts. Now the company has announced an even larger data breach from 2013 involving more than one billion accounts, including those of more than 150,000 government and military employees. “The two attacks are the largest known security breaches of one company’s computer network,” reports The New York Times. “The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.” Continue reading Yahoo: Second Data Breach Involves 1 Billion User Accounts

Congress Passes BOTS Act to Halt Electronic Ticket Scalping

Aimed at suppressing an $8 billion secondary ticket market, Congress passed a bill outlawing bots, computer programs scalpers use to buy the best tickets and resell them at increased prices. The Better Online Ticket Sales Act, or BOTS Act, passed the House with bipartisan support, following its passage in the Senate, and now goes to President Obama for his signature. The BOTS Act would make it illegal to bypass ticketing websites’ security measures. The Federal Trade Commission would be granted authority to enforce the law. Continue reading Congress Passes BOTS Act to Halt Electronic Ticket Scalping

Chrome Tightens Up Security Warnings for Unencrypted Sites

In January, Chrome will begin placing a “not secure” warning on the left of its address bar for websites that do not use strong HTTPS-connected encryption, which accounts for nearly half of the world’s existing sites. Up until then, Chrome has only posted warnings on HTTPS sites with faulty encryption. Later in 2017, Chrome plans to expand the categories of sites for which it will issue warnings, including any unencrypted pages visited via Chrome’s Incognito and any HTTP site offering downloads. Continue reading Chrome Tightens Up Security Warnings for Unencrypted Sites

Global Tech Firms Wary of China’s Broad Cybersecurity Law

China has adopted a broad and controversial cybersecurity law that places new requirements on tech companies, which foreign businesses fear may be used to negatively affect competition. The law, designed to tighten state control over technology and information while ramping up online security, addresses areas such as data storage, technical support, censorship and government certification of hardware. According to The Wall Street Journal, “The law drew criticism from foreign business groups due to the expansive list of sectors that are defined as part of China’s ‘critical information infrastructure,’ making sectors including telecommunications, energy, transportation, information services and finance subject to security checks.” Continue reading Global Tech Firms Wary of China’s Broad Cybersecurity Law

Uber and MasterCard Moving to Selfies for Identity Verification

Uber Technologies, MasterCard and the Alabama Department of Revenue are among the handful of companies and government agencies beginning to use selfies, rather than passwords, as proof of identity. Smartphone cameras take better quality photos than before and facial recognition software is more accessible and affordable, which makes this a new option. But some experts in cybercrime aren’t as sanguine, worried that this way of proving identity is riddled with both security and privacy issues. Continue reading Uber and MasterCard Moving to Selfies for Identity Verification

Akamai: Hackers Are Using Smart Devices to Attack Websites

New research from Akamai Technologies reveals that hackers are remotely taking over DVRs, satellite antennas and networking devices to steal massive numbers of login credentials. The company says that, in recent months, hackers have plundered as many as two million so-called smart devices in “credential stuffing campaigns,” which means they test whether the compromised user names and passwords can access other websites. Among the devices hacked are Ruckus Wireless Wi-Fi hot spots from Brocade Communications. Continue reading Akamai: Hackers Are Using Smart Devices to Attack Websites

Hackers Steal Data From Half a Billion Yahoo User Accounts

In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords. Continue reading Hackers Steal Data From Half a Billion Yahoo User Accounts