Mozilla Sets Discount Privacy Bundle: VPN Plus Firefox Relay

Mozilla has bundled two premium security products into a subscription package. Firefox Relay and Mozilla VPN are available together for $6.99 with an annual subscription. With the holiday sales season in full swing, retailers are bracing for hacker attacks and phishing schemes, an angle Mozilla is leveraging with its push. Axios Codebook says “the ongoing economic downturn is prompting more shoppers to look for online discount codes and more hackers to trick these consumers with phony deals.” Firefox Relay protects identities by hiding users real email addresses, while Mozilla VPN is a virtual private network service. Continue reading Mozilla Sets Discount Privacy Bundle: VPN Plus Firefox Relay

Big Tech Ramps Up Digital Security with Passkey Deployment

Now that Apple, Google and Microsoft have updated their operating systems to support the open standard passkey protocol stewarded by the FIDO Alliance, consumers will soon be liberated from the tyranny of passwords and their attendant security threats. PayPal has become the latest to embrace the passkey approach, announcing U.S. users will soon be able to log in using FIDO-compliant passkeys. It joins Best Buy, CardPointers, eBay, Kayak and WordPress among those with digital portals offering a passkey option. Passkeys will permit consumers to login seamlessly across devices, making online purchases easier and eliminating friction from app access. Continue reading Big Tech Ramps Up Digital Security with Passkey Deployment

EU’s Cyber Resilience Act Plans to Augment Security for IoT

The European Union has released additional details of its Cyber Resilience Act (CRA), proposed cybersecurity rules initially introduced last year aimed at the growing number of smart devices and the Internet of Things. The goal is to introduce effective regulations that would help curb surging cyberattacks. Major tech companies from Apple to Amazon and LG would need to meet strict new standards in the connected electronics space or face significant fines that could run as high as the greater of $15 million or 2.5 percent of a company’s worldwide revenue. Continue reading EU’s Cyber Resilience Act Plans to Augment Security for IoT

Microsoft, Google, Apple Unite Behind Passwordless Logins

Apple, Google and Microsoft have joined forces in a rare intercorporate collaboration to create passwordless sign-in technology that relies on smartphones to sign-in. The tech giants announced last week that they are coordinating support for the passwordless sign-in standard, developed by the World Wide Web Consortium (W3C) and the FIDO (Fast Identity Online) Alliance. As a result, by the end of the year users of any of the three operating systems should be able to sign-in to any app or website when using supporting browsers from their nearby device. Continue reading Microsoft, Google, Apple Unite Behind Passwordless Logins

Major Security Vulnerability Triggers Worldwide Internet Crisis

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

Biden Administration Orders Agencies to Repair Cyber Flaws

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

Department of Justice Launches a Cryptocurrency Crime Unit

The U.S. Department of Justice has formed the National Cryptocurrency Enforcement Team (NCET) to investigate the use of cryptocurrency for criminal purposes. The new unit will examine cases involving virtual currency exchanges and money laundering. Members will also investigate so-called “mixing and tumbling” services, which involve charging a fee to send cryptocurrency to an address while obscuring the source of funds. The group, which include experts from the offices of U.S. Attorneys, will also work on tracing and recovery of assets lost to fraud, hacking or ransomware extortion. Continue reading Department of Justice Launches a Cryptocurrency Crime Unit

Twitch Hack Leaks App Code, Revenue from Streaming Stars

Video game streaming platform Twitch has suffered a data breach resulting in information about the revenue earned by the biggest game streamers leaked to online chat forum 4chan. “Find out how much your favorite streamer is really making!” the hacker wrote in a 4chan data dump labeled “part one.” The perpetrator claimed to have additional information about Twitch’s creator payouts, source code and internal security tools and creator payouts. Without confirming what data was taken, Twitch confirmed the breach, writing on Twitter, “Our teams are working with urgency to understand the extent of this.” Continue reading Twitch Hack Leaks App Code, Revenue from Streaming Stars

Government Pursues ‘Zero Trust’ Approach to Cybersecurity

The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

SEC Probe of SolarWinds Attack Concerns Corporate Execs

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

Media Consortium Reveals Extent of Pegasus Spyware Reach

A consortium of media outlets dubbed the Pegasus Project found that Israeli surveillance firm NSO Group licensed its military-grade spyware Pegasus to governments that used it to hack 37 smartphones of business executives, human rights activists and journalists. Two women close to murdered Saudi journalist Jamal Khasghoggi were also reportedly targeted. Amnesty International and journalism non-profit Forbidden Stories shared a list of 50,000 phone numbers that dates to 2016 and included the 37 targets. New evidence also suggests that thousands of iPhones worldwide may have been compromised.  Continue reading Media Consortium Reveals Extent of Pegasus Spyware Reach

Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

On Wednesday, scammers launched one of the most audacious attacks in recent memory, posting messages from the Twitter accounts of Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk that if people sent Bitcoin, the famous person would send back double the money. The first attack targeted high-profile cryptocurrency leaders and companies, but soon broadened to include a list of prominent U.S. politicians and entertainment and tech executives. It appears that an internal Twitter account was involved in the attacks, but it has yet to be determined whether an employee was willfully complicit. Continue reading Prominent Twitter Accounts Hacked for Cryptocurrency Fraud

ThiefQuest Is New Ransomware and Spyware Aimed at Macs

K7 Labs malware researcher Dinesh Devadoss discovered a new form of malware aimed at Mac computers. ThiefQuest (originally dubbed EvilQuest, until researchers discovered that’s the name of a Steam game) isn’t simply ransomware but also contains spyware that allows it to exfiltrate an infected computer’s files, search it for passwords and cryptocurrency wallet data, and nab passwords and credit card numbers. Even after a computer reboots, the spyware lingers as a backdoor that could be used for a second-stage attack. Continue reading ThiefQuest Is New Ransomware and Spyware Aimed at Macs

Supreme Court Will Review Computer Fraud and Abuse Act

Many cybersecurity experts believe the current anti-hacking law, the 1986 Computer Fraud and Abuse Act (CFAA), is woefully out of date and applied too broadly by prosecutors and law enforcement. The Supreme Court is now taking another look at the law with a case in which a former Georgia police officer, Nathan Van Buren, was convicted in 2017 after allegedly selling information from a police database to an acquaintance for $6,000. Stanford University law professor Jeffrey L. Fisher is the lead attorney in the case. Continue reading Supreme Court Will Review Computer Fraud and Abuse Act