Group items tagged

The US National Security Agency (NSA) knew of the Heartbleed flaw in the widely used OpenSSL security tool and exploited it for year - instead of blowing the whistle so that the patch could be flawed."

"According to a report by Sophos, malware and spam are on the rise on social networks such as Twitter, MySpace, Facebook and LinkedIn. In the last year, 57% of users report they have been spammed via social networking sites, an increase of 70.6% compared to last year. Furthermore, 36% of users claim they've been sent malware via social networking sites, which is a rise of 69.8% from last year. On the other hand, CEOs of companies are concerned that their employees' usage of social networks is posing a security risk for their company. Sophos has surveyed more than 500 organizations, discovering that 72% of them think social networks are a danger for their companys, with 60% of them tagging Facebook as the biggest security risk, followed by MySpace, Twitter and LinkedIn. Graham Cluley, senior technology consultant for Sophos, says that Facebook is the biggest threat because it's the biggest social network out there, but he also places some of the blame on Facebook's own privacy rules. "When Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the internet," he says. Interestingly enough (and contrasted to some of the reports we've seen lately), Cluley thinks that simply barring access to Facebook is not the solution. "Social networks can be an essential part of the business mix today," he says, "and the answer is not to bar staff from participating in them but to apply some 'social security' instead.""

"Security researcher Troy Hunt reports that the snuggly spies, from Spiral Toys, Security researcher Troy Hunt reports that the snuggly spies, from Spiral Toys, "represents the nexus" of the problem with internet-connected appliances and toys: children being recorded, data being leaked, and the technical possibility of surreptitious access to children through networked toys. "The best way to understand what these guys do is to simply watch the video [advertisement for the toy].""

"One of the most widely used tools for monitoring and restricting pupils' internet use in UK schools has a serious security flaw which could leave hundreds of thousands of children's personal information exposed to hackers, a researcher has warned."

"Durumeric leads a team of researchers at the University of Michigan that has developed scanning software called ZMap. This tool can probe the whole public Internet in under an hour, revealing information about the roughly four billion devices online. The scan results can show which sites are vulnerable to particular security flaws. In the case of FREAK, a scan was used to measure the scale of the threat before the bug was publicly announced."

"If mediocre malware can power some of the largest DDoS attacks ever, and considering the sad state of security of the Internet of Things in general, we should probably brace for more cyberattacks powered by our easy-to-hack "smart" Internet of Things, as many, including ourselves, had predicted months ago."

"Vietnam has introduced a new cybersecurity law, which criminalises criticising the government online and forces internet providers to give authorities' user data when requested, sparking claims of a "totalitarian" crackdown on dissent. The law, which mirrors China's draconian internet rules, came into effect on 1 January and forces internet providers to censor content deemed "toxic" by the ruling communist government. Vietnam's ministry of public security said it will tackle "hostile and reactionary forces", but human rights groups said it was authorities' latest method of silencing free speech."

"The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? One way to think about Efail is that it was caused by a lack of central coordination and control over email-reading programs -- the underlying protocols are strong and robust, but they can be implemented in ways that create real problems. In particular, the ability to show HTML inside a message makes email very hard to secure:"

"DDoS attacks are also becoming more common. Brian Krebs, an independent security researcher, observed earlier this month that the "source code" to the Mirai botnet had been released by a hacker group, "virtually guaranteeing that the internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices""

"Hackers breached the Internet Corporation for Assigned Names and Numbers (ICANN), the organization that coordinates unique web addresses all across the world, but luckily didn't hit the Internet Assigned Numbers Authority, an important leg that keeps the Internet running smoothly. Attackers used "spear fishing" to break into the system in late November, according to a post on ICANN's website this week. Staffers received email messages that appeared to be coming from ICANN's own domain; several ICANN staffers' emails were compromised."

"It happened when Hello Kitty's fan site, SanrioTown.com, had its database accessed in late 2015. Here's the catch - it wasn't hacked. According to security researcher Chris Vickery of Kromtech, no hack was necessary. Vickery stated that pretty much anyone could access, "…first and last names, birthday…, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers…," and more."

"Many of these cameras have no easy, networked means of getting a firmware update, either, making their zeroday bugs into foreverday bugs. Some of these bugs were simple programmer error, but Philips, ah, Philips: they shipped an Internet-connected home spycam whose default root login was admin and /ADMIN/. Security. "

People in Germany are being warned about the risks of security when using Internet Explorer. Apparently anyone using versions six through eight are at risk, and are being advised to use another browser.

"Three months passed. Then, on Wednesday, anonymous government officials reportedly confirmed that a local company called Systems Engineering of Egypt (SEE or See Egypt) had won the bid to develop the system, which would allegedly allow the Egyptian government to sniff and analyze Internet and social media activity, as well as intercept Skype, WhatsApp and Viber conversations. "

"So, yes: the internet of things presents many new possibilities, and it would be foolish to dismiss those possibilities out of hand. But we would also be wise to approach the entire domain with scepticism, and in particular to resist the attempts of companies to gather ever more data about our lives - no matter how much ease, convenience and self-mastery we are told they are offering us."

"An internet blackout that knocked out some of the world's biggest websites on Tuesday was ultimately caused by a single customer updating their settings, the infrastructure provider Fastly has revealed. A bug in Fastly's code introduced in mid-May had lain dormant until Tuesday morning, according to Nick Rockwell, the company's head of engineering and infrastructure. When the unnamed customer updated their settings, it triggered the flaw, which ultimately took down 85% of the company's network."

"There were staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers, such as Russia. "

"Facebook had not spotted Adebowale's message containing "graphic" threats, so the security services were not told. The report by the parliamentary intelligence and security committee (ISC) said if the message had been passed to MI5 it could have prevented the murder of the soldier."

"UK's electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world's biggest internet companies through a covertly run operation set up by America's top spy agency, documents obtained by the Guardian reveal."