Security

Russian antivirus company Kaspersky revealed recently that it was the target of hackers behind the Stuxnet and Duqu worms last year. The hackers have been attacking the company’s network for months, collecting data on its operations and software. But it turns out that intelligence agencies including the NSA and GCHQ have spied on antivirus companies for years, looking for exploitable vulnerabilities.

The new report comes from newly leaked documentation from NSA-whistleblower Edward Snowden, who made them available to The Intercept.

Digital Constitution, a website devoted to how Microsoft is fighting government surveillance and working to protect online privacy in a digital world, was hacked to promote online casinos.

ZDNet, which captured a screenshot, reported that the “site appears to have been modified around 9:15pm ET on Wednesday.” The attacker “injected text with keywords” like “online casino,” “poker, “craps, “roulette” and “blackjack.” Additionally, some new pages were “injected to show content that embeds content from other casino-related websites.” Microsoft has since taken that down.

Government officials have been vague in their testimony about the data breaches—there was apparently more than one—at the Office of Personnel Management. But on Thursday, officials from OPM, the Department of Homeland Security, and the Department of the Interior revealed new information that indicates at least two separate systems were compromised by attackers within OPM's and Interior's networks. The first was the Electronic Official Personnel Folder (eOPF) system, an entity hosted for OPM at the Department of the Interior's shared service data center.

Around 1,400 passengers of the Polish airline LOT were grounded at Warsaw's Chopin airport on Sunday after hackers attacked the airline ground computer systems used to issue flight plans, the company said.

The computer system was hacked in the afternoon and fixed after around five hours, during which 10 of the state-owned carrier's national and international flights were cancelled and about a dozen more delayed, spokesman Adrian Kubicki said.

Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators.

The flaw (CVE-2015-3234) is the most critical of four and affects versions six and seven of the content management system.

Drupal's security team say attackers can target unpatched systems if they hold an OpenID account. "A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts," the team wrote in an advisory .

Toshiba has developed a new method of utilizing random telegraph noise (RTN) originating from insulating material faults to implement a physical unclonable function (PUF), an important security technology.

The method, which will contribute to the creation of safe and secure cloud services for smart communities, was announced at the VLSI Technology Symposium, a conference on semiconductor devices that was held on June 16 in Kyoto, Japan.

Hard on the heels of the release of a newly updated version of SAP Hana, a security researcher has warned of a potentially serious vulnerability in the in-memory platform.

"If an attacker can exploit this vulnerability, he can get access to all encrypted data stored in an SAP Hana database," said Alexander Polyakov, CTO with ERPScan, which presented the details Thursday at the Black Hat Sessions XIII conference in the Netherlands.

Should all websites employ HTTPS browsing which helps make surfing the web more secure, at least as far as your privacy is concerned? Well some digital rights advocates are claiming that should be the way moving forward and while there are plenty of websites out there that continue to use the HTTP standard, you will be pleased to learn that Reddit won’t.

 Microsoft's website dedicated to fighting the US government on matters of policy and surveillance has been hacked.

The site, which was launched in mid-2013 months after the Edward Snowden revelations were first published, soon became a platform for Microsoft's corporate views on government surveillance and a new case dedicated to fighting an international search warrant.

But the site appears to have been modified around 9:15pm ET on Wednesday, and remains affected at the time of publication. It's not clear who is behind the attack.

Samsung Electronics Co. will upgrade security software on its smartphones, including the Galaxy S6, to plug a vulnerability to hackers.

More than 600 million Samsung devices are at risk of being spied on because of flaws in how the SwiftKey application is updated, according to consultant NowSecure. Samsung will make upgrades of its Knox security software in a few days to eliminate the risks, the company said in an e-mail on Thursday.