SEC Opens Investigation into Massive Yahoo Data Breaches

The Securities and Exchange Commission has opened an investigation into Yahoo’s highly-publicized data breaches and whether the company should have disclosed the massive hacks earlier. “The SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors,” reports The Wall Street Journal. Yahoo’s 2014 breach, disclosed in September 2016, involved data from at least 500 million users. In December 2016, the company revealed that more than 1 billion Yahoo user accounts had been breached in 2013. “The SEC has investigated multiple companies over whether they properly disclosed hacks,” notes WSJ, especially after the 2013 Target breach “that compromised up to 70 million credit and debit-card accounts.” Continue reading SEC Opens Investigation into Massive Yahoo Data Breaches

Wall Street Adopts Blockchain Technology to Record Trades

The Depository Trust and Clearing Corporation (DTCC), the “back end” for much of Wall Street trading, is replacing a central database with Bitcoin-inspired software. The New York-based DTCC records and reports almost every stock, bond and valuable derivative trade in the U.S. IBM, already experienced in blockchain technology, is leading the DTCC software transition, which is slated to be functioning by early 2018. The shift marks Wall Street’s most serious effort thus far to adopt Bitcoin’s underlying technology. Continue reading Wall Street Adopts Blockchain Technology to Record Trades

Cybersecurity and How to Build Speed Bumps Against Hackers

At a CES CyberSecurity Forum, journalist/author Wayne Rash led a discussion on the various ways that companies are failing to protect their intellectual property and remain vulnerable to malicious code and ransomware. According to Yubico chief executive Stina Ehrensvard, 70 percent of hacks are related to passwords. “The password is the weak link,” agrees Authentic8 chief executive Scott Petry. “Reusing passwords is a problem. If you use your Yahoo password for other sites, you’re in trouble.” Continue reading Cybersecurity and How to Build Speed Bumps Against Hackers

Yahoo: Second Data Breach Involves 1 Billion User Accounts

In September, Yahoo revealed a 2014 security breach that involved 500,000 of its users’ accounts. Now the company has announced an even larger data breach from 2013 involving more than one billion accounts, including those of more than 150,000 government and military employees. “The two attacks are the largest known security breaches of one company’s computer network,” reports The New York Times. “The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.” Continue reading Yahoo: Second Data Breach Involves 1 Billion User Accounts

Congress Passes BOTS Act to Halt Electronic Ticket Scalping

Aimed at suppressing an $8 billion secondary ticket market, Congress passed a bill outlawing bots, computer programs scalpers use to buy the best tickets and resell them at increased prices. The Better Online Ticket Sales Act, or BOTS Act, passed the House with bipartisan support, following its passage in the Senate, and now goes to President Obama for his signature. The BOTS Act would make it illegal to bypass ticketing websites’ security measures. The Federal Trade Commission would be granted authority to enforce the law. Continue reading Congress Passes BOTS Act to Halt Electronic Ticket Scalping

Chrome Tightens Up Security Warnings for Unencrypted Sites

In January, Chrome will begin placing a “not secure” warning on the left of its address bar for websites that do not use strong HTTPS-connected encryption, which accounts for nearly half of the world’s existing sites. Up until then, Chrome has only posted warnings on HTTPS sites with faulty encryption. Later in 2017, Chrome plans to expand the categories of sites for which it will issue warnings, including any unencrypted pages visited via Chrome’s Incognito and any HTTP site offering downloads. Continue reading Chrome Tightens Up Security Warnings for Unencrypted Sites

Global Tech Firms Wary of China’s Broad Cybersecurity Law

China has adopted a broad and controversial cybersecurity law that places new requirements on tech companies, which foreign businesses fear may be used to negatively affect competition. The law, designed to tighten state control over technology and information while ramping up online security, addresses areas such as data storage, technical support, censorship and government certification of hardware. According to The Wall Street Journal, “The law drew criticism from foreign business groups due to the expansive list of sectors that are defined as part of China’s ‘critical information infrastructure,’ making sectors including telecommunications, energy, transportation, information services and finance subject to security checks.” Continue reading Global Tech Firms Wary of China’s Broad Cybersecurity Law

Uber and MasterCard Moving to Selfies for Identity Verification

Uber Technologies, MasterCard and the Alabama Department of Revenue are among the handful of companies and government agencies beginning to use selfies, rather than passwords, as proof of identity. Smartphone cameras take better quality photos than before and facial recognition software is more accessible and affordable, which makes this a new option. But some experts in cybercrime aren’t as sanguine, worried that this way of proving identity is riddled with both security and privacy issues. Continue reading Uber and MasterCard Moving to Selfies for Identity Verification

Akamai: Hackers Are Using Smart Devices to Attack Websites

New research from Akamai Technologies reveals that hackers are remotely taking over DVRs, satellite antennas and networking devices to steal massive numbers of login credentials. The company says that, in recent months, hackers have plundered as many as two million so-called smart devices in “credential stuffing campaigns,” which means they test whether the compromised user names and passwords can access other websites. Among the devices hacked are Ruckus Wireless Wi-Fi hot spots from Brocade Communications. Continue reading Akamai: Hackers Are Using Smart Devices to Attack Websites

Hackers Steal Data From Half a Billion Yahoo User Accounts

In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords. Continue reading Hackers Steal Data From Half a Billion Yahoo User Accounts

Re-Used Passwords a Major Culprit in the Rise of Data Abuse

Recently, the chief executives of Facebook, Google and Twitter all had their email accounts hacked. They regained control of their accounts within hours but many others — especially those who re-use passwords — haven’t been so lucky. Hackers can use software that gleans new passwords from old ones, and nearly two billion old passwords are for sale for as little as $2 on LeakedSource, a database operated anonymously. The pattern of re-using corporate passwords on LinkedIn and other sites is a growing concern. Continue reading Re-Used Passwords a Major Culprit in the Rise of Data Abuse

Apple is the Latest Tech Giant to Launch Bug Bounty Program

Apple has announced its new “security bounty” initiative that will offer payments up to $200,000 to any hackers who inform the company about critical vulnerabilities to its products. In doing so, Apple joins major tech companies that have similar programs in place. Alphabet, Facebook and Microsoft “have paid out millions of dollars in bug bounties over the past few years,” reports The Wall Street Journal. Automobile companies such as Tesla and GM are also introducing bounty programs as vehicles are relying more on software to control their systems. Continue reading Apple is the Latest Tech Giant to Launch Bug Bounty Program

Latest Cryptocurrency Cybertheft Could Shake Faith in Bitcoin

Hong Kong exchange Bitfinex was hacked and funds were stolen, marking a setback for digital currency Bitcoin. Bitfinex director of community and product development Zane Tackett posted on Reddit that 119,756 Bitcoins had been stolen. “Before the hacking was made public, that number of Bitcoins would have been worth about $72 million,” explains The New York Times. “Now that the currency has slumped, the figure is closer to $65 million.” During its investigation, Bitfinex has stopped all trading, deposits and withdrawals. The security breach is the latest in a series of events that could impact the viability of virtual currency. Continue reading Latest Cryptocurrency Cybertheft Could Shake Faith in Bitcoin

DARPA Announces Competition to Combat Computer Viruses

Defense Advanced Research Projects Agency (DARPA) has launched the Cyber Grand Challenge (CGC), to create a program that — without any human interference — can find security vulnerabilities abused by hackers, then create a fix and distribute it. If the Challenge is successful, power plants, air traffic and water infrastructure would eventually become safe from computer viruses and hackers, and ordinary citizens would know their computers and digital devices are safe from malware and viruses. Continue reading DARPA Announces Competition to Combat Computer Viruses

Consumers Report Financial Data Breaches, Still Trust Banks

According to a new Accenture report, 23 percent of consumers claim their financial data has been breached at least once in the past two years. Interestingly, most remain willing to share their data if it means better service. “About 63 percent of respondents are willing to give their bank direct access to personal information,” reports HousingWire. The National Association of Federal Credit Unions recently called on Congress to combat hacking with legislation that would create stricter standards for retail businesses. Accenture surveyed 4,013 bank customers in North America — 70 percent in the U.S. and 30 percent in Canada. Continue reading Consumers Report Financial Data Breaches, Still Trust Banks