Security

No one gets into their car thinking they're going to get into an accident—that, is until they do. Luckily, we now have dash cams, in-car technology that can be helpful to drivers in the event something goes wrong while they're behind the wheel. If you don't have one in your car already, you've probably heard about dash cams on the news when footage from a tense police encounter or from a foreign country like Russia has been featured due to an unusual situation. However, you likely won't encounter meteorites and crashing airplanes as often as you will annoyingly aggressive drivers.

Clickers gonna click. Despite mandatory corporate training, general security awareness, and constant harping about the risks of clicking on unverified links in e-mails and other documents, people have been, are now, and forever will click links where exploit kits and malware lurk. It's simply too easy with the slightest amount of targeted work to convince users to click.

Bad news for banks with lax security that also use SWIFT, the global financial transaction messaging network, as hackers are still pulling off high-tech heists.

On Tuesday, the Society for Worldwide Interbank Financial Telecommunication, more commonly called SWIFT, notified customers of “ongoing attacks.”

A new DDoS botnet, powered by the Bashlite malware has been uncovered by security researchers, primarily using vulnerable IoT (Internet of Things) devices. According to Level 3 Threat Research Labs, the Bashlite malware family, also known as Lizkebab, Torlus and Gafgyt is responsible for the rise of a million-endpoint botnets conducting DDoS attacks.

InterContinental Hotels Group Plc-owned Kimpton Hotels & Restaurants said an investigation had found a malware attack on servers that processed payment cards used at some of its hotels.

The news comes nearly three weeks after a data breach was reported at 20 U.S. hotels operated by HEI Hotels & Resorts for InterContinental, Hyatt Hotels Corp, Starwood Hotels & Resorts Worldwide Inc and Marriott International Inc.

Practically every word we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.

For hackers, years-old leaks of millions of people’s private credentials don’t expire. Instead, they become a kind of collector’s item.

Since people so often reuse passwords, or use easily guessable variations on a theme, the data in a trove of usernames and passwords can help bad actors access all sorts of accounts, whether it’s from last week or half a decade ago. Now the latest old hack to resurface has exposed 68 million user credentials from Dropbox, and its apparent age shouldn’t be much comfort to anyone whose data was stolen.

Since Edward Snowden stepped into the limelight from a hotel room in Hong Kong three years ago, use of the Tor anonymity network has grown massively. Journalists and activists have embraced the anonymity the network provides as a way to evade the mass surveillance under which we all now live, while citizens in countries with restrictive Internet censorship, like Turkey or Saudi Arabia, have turned to Tor in order to circumvent national firewalls. Law enforcement has been less enthusiastic, worrying that online anonymity also enables criminal activity.

The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It's a technique that's so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment.

Dropbox is recommending to some users update the login credentials for their account because a group of member emails and passwords may have been compromised.

Dropbox is recommending to some users update the login credentials for their account because a group of member emails and passwords may have been compromised.