Archives: August 2016
You are here: Home \ 2016 \ August
Single sign-on company OneLogin began notifying customers this week that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure. The company, whose authentication technology secures cloud-based applications, confirmed the incident Tuesday in a blog post. The compromised feature, Secure Notes, enables...
Security researchers warn mixing vulnerability disclosures with stock market bets sets a troubling precedent that erodes confidence in the relationship between businesses and white hat hackers who help uncover threats. Researchers are responding to the unprecedented partnership between security research firm MedSec and investment research outfit Muddy Waters LLC. Last week, Muddy Waters released a scathing report based...
When hackers infiltrated Dropbox in 2012 they made off with credentials for roughly 68 million users. The fact that the online storage site was hacked four years ago was no secret. But details around the sheer size of the stolen database, which contains users’ email addresses plus hashed and salted passwords from 2012, were unknown until Tuesday,...
Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely. Posts to the forums on the BleepingComputer website corroborate a number of such attacks, most likely intrusions powered by brute-force attacks against SSH, according to one of the victims. In each instance, the web folder...
More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say. According to Level 3 Threat Research Labs, a small malware family that goes by the names Lizkebab, BASHLITE, Torlus and Gafgyt is behind a web of botnets carrying out the attacks. “This research shocked us,”...
Researchers at Ben-Gurion University of Negev have found a way to take a run-of-the-mill USB device and use it to leak data from an air-gapped computers via RF signals. Academics with the school’s Cyber Security Research Labs division claim they’ve come up with software, dubbed USBee, that can modulate binary data over electromagnetic waves, and then transmit...
The June arrest of a Russian cybercrime gang responsible for the Lurk Trojan also put to rest the infamous Angler Exploit Kit. Researchers at Kaspersky Lab today published a detailed report on the Lurk takedown, confirming at the same time the connection between the Lurk gang and Angler. Activity around Angler all but disappeared once...
Alleging a trail of broken promises, two privacy-focused advocacy groups yesterday filed a complaint with the Federal Trade Commission against a recent WhatsApp privacy policy change that states it will begin sharing user data with parent company Facebook. The Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) said in a joint...
The Federal Bureau of Investigation’s Cyber Division warned election officials nationwide this month to fortify their systems in the wake of two breaches it was able to detect earlier this summer. A “flash” warning sent by the agency about 10 days ago warned state boards of election to take the necessary precautions to safeguard their...
Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. In a security bulletin posted on Friday, the company said its Opera sync system showed “signs of an attack” and asked users to change their Opera sync passwords in addition to any...