Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

Security is a top concern for the Internet of Things, in particular when large numbers of IoT devices are deployed in an organization. There’s been a rise in attacks on such devices, via botnets, and a search engine, Shodan, is dedicated to finding unsecured IoT hardware endpoints. In that context, Microsoft, which is updating its Azure IoT toolset, is also testing a new approach to securing and managing such devices. Dubbed Project Sopris, Microsoft Research hopes to mix secure hardware and a secure communications channel. Continue reading Microsoft Encourages Testing of New IoT Security Paradigm

Hackers are reportedly targeting third-party sellers on Amazon by using stolen email and password credentials (available for purchase from previous hacks via the “Dark Web”) in a scam to post fake product deals online and pocket cash. Thieves have changed the bank info of active sellers on Amazon to steal amounts up to tens of thousands from each and have hacked less active sellers to post merchandise that does not exist, offering products at steep discounts. While PayPal and eBay have been targeted by hackers in the past, cybersecurity experts indicate that Amazon is becoming a new target. Continue reading Third-Party Sellers on Amazon Become Latest Hacking Target

The Department of Justice officially charged four people yesterday in connection with Yahoo’s 2014 data breach that reportedly resulted in the theft of data from 500 million Yahoo accounts. According to the indictment, the Russian government used the data obtained by two intelligence officers (Dmitry Dokuchaev, Igor Sushchin) and two hackers (Alexsey Belan, Karim Baratov) to spy on White House and military officials, bank executives, cloud computing companies, a senior level airline official, a Nevada gaming regulator, as well as Russian journalists, business execs and government officials. Continue reading U.S. Claims That Russian Hackers Were Behind Yahoo Attack

According to Leichtman Research Group’s latest on-demand study, more TV households in the U.S. now have Netflix (54 percent) than a digital video recorder (53 percent), marking a first for the streaming service. The study also found that 64 percent of households presently use SVOD services from Netflix, Amazon and/or Hulu. “In 2011, according to the research firm, 44 percent of TV households had a DVR and 28 percent had Netflix,” reports Variety. “About 23 percent of all adults in TV homes stream Netflix daily … compared with 6 percent who did in 2011. LRG president Bruce Leichtman noted that Netflix’s penetration is boosted by password sharing.” Continue reading Milestone: Netflix Service Surpasses DVR in U.S. Households

Motion Picture Solutions CTO Laurence Claydon addressed issues of security during the HPA Tech Retreat, not always the most interesting issue to a crowd of film and TV technologists. Claydon’s experience comes from more than 20 years of content localization, and working in digital cinema for Technicolor, Deluxe and others. “This is based on those workflows,” he said, “but some of it is those principles can be applied to any workflow.” Advances in technology have increased the risks of piracy, even before the advent of videotape, he noted. Continue reading HPA Tech Retreat: Security Threats, Strategies for Film and TV

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

In its Q4 earnings report, Facebook revealed that sales rose 51 percent to $8.81 billion, above the $8.51 billion average analyst prediction. The bump in revenue is largely attributed to advertising on mobile phones. Also, within the space of a year, monthly active Facebook users increased 17 percent to 1.86 billion people, with 1.23 billion checking daily and 1.74 billion accessing the social network via their smartphones. Facebook has now cemented its No. 2 position in the mobile advertising market behind Google. The company is also making a major move into video content. Continue reading Facebook Eyes Success with Mobile Ads and Focus on Video

At a CES CyberSecurity Forum, journalist/author Wayne Rash led a discussion on the various ways that companies are failing to protect their intellectual property and remain vulnerable to malicious code and ransomware. According to Yubico chief executive Stina Ehrensvard, 70 percent of hacks are related to passwords. “The password is the weak link,” agrees Authentic8 chief executive Scott Petry. “Reusing passwords is a problem. If you use your Yahoo password for other sites, you’re in trouble.” Continue reading Cybersecurity and How to Build Speed Bumps Against Hackers

In September, Yahoo revealed a 2014 security breach that involved 500,000 of its users’ accounts. Now the company has announced an even larger data breach from 2013 involving more than one billion accounts, including those of more than 150,000 government and military employees. “The two attacks are the largest known security breaches of one company’s computer network,” reports The New York Times. “The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.” Continue reading Yahoo: Second Data Breach Involves 1 Billion User Accounts

Uber Technologies, MasterCard and the Alabama Department of Revenue are among the handful of companies and government agencies beginning to use selfies, rather than passwords, as proof of identity. Smartphone cameras take better quality photos than before and facial recognition software is more accessible and affordable, which makes this a new option. But some experts in cybercrime aren’t as sanguine, worried that this way of proving identity is riddled with both security and privacy issues. Continue reading Uber and MasterCard Moving to Selfies for Identity Verification

New research from Akamai Technologies reveals that hackers are remotely taking over DVRs, satellite antennas and networking devices to steal massive numbers of login credentials. The company says that, in recent months, hackers have plundered as many as two million so-called smart devices in “credential stuffing campaigns,” which means they test whether the compromised user names and passwords can access other websites. Among the devices hacked are Ruckus Wireless Wi-Fi hot spots from Brocade Communications. Continue reading Akamai: Hackers Are Using Smart Devices to Attack Websites

Six years ago, the Chinese military hacked Google, Yahoo and other technology companies. Google, whose co-founder Sergey Brin vowed “never again,” hired hundreds of security engineers to make good on that promise. Yahoo, under the leadership of Marissa Mayer, however, focused on other problems the ailing company faced and reportedly failed to take more stringent security measures. Now, Yahoo reports another serious breach, undetected for two years, with 500 million users’ credentials stolen. Yahoo and the FBI are investigating. Continue reading With Breach, Yahoo Pays the Price For Skimping on Security

In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords. Continue reading Hackers Steal Data From Half a Billion Yahoo User Accounts

The NSO Group, an Israeli firm that sells software for invisibly tracking mobile phones, is believed to be responsible for leveraging three security vulnerabilities in Apple devices to spy on journalists and dissidents. The software can reportedly be used to access passwords, emails, text messages, calls, contacts and more. Apple fixed the security flaws 10 days after two researchers provided the tip. The company urges all users to download the latest version of iOS. “Apple on Thursday released a patched version of its mobile software, iOS 9.3.5,” reports The New York Times. “Users can get the patch through a normal software update.” Continue reading Security Alert: Apple Urges iPhone Users to Update Their iOS