In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.
Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys.
The vulnerability can be exploited over local area networks, as well as over the Internet if the devices are configured for remote administration and expose their Web interface externally.
Google managed to ruffle a few feathers recently by disclosing bugs and security problems in widely used software. Project Zero is used to encourage companies to fix issues that have been detected by imposing a 90-day deadline before details of the vulnerabilities are made public.
Anthem isn't a member of the healthcare industry's information sharing and analysis center, the NH-ISAC, so the NH-ISAC got word of the attack via other members of the threat information-sharing community the morning after Anthem reported its massive data breach.
New research suggests more than 1 billion data records were stolen from more than 1,500 individual data breaches last year. The latest findings from Gemalto, an enterprise security firm, represent a significant year-over-year increase in both corporate breaches and data theft. Data breaches were up by 49 percent, while the theft or loss of data records were up by 78 percent on the year prior. Security came into prime focus last year after a spate of high-profile attacks on banks and retailers.
One of the security bulletins released by Microsoft on Tuesday fixes a privilege escalation vulnerability which, according to researchers, can be exploited by malicious actors to bypass all the security measures in Windows by modifying a single bit.
Apple has taken steps to make it harder for hackers to gain access to FaceTime and iMessage by extending its optional two-step verification process to cover the services.
The addition means that even if a hacker has access to a user's username and password, they still won't be able to use the services on a new device because the user would be sent a 4-digit verification code to a selected device that would need to be used to authorize the new device.
The Netatmo weather station, a popular and beautiful connected weather station, apparently sends your Wi-Fi password as well as other device and network information over the internet in an unencrypted format.
Johannes Ullrich, CTO at the SANS Internet Storm Center in Jacksonville, Florida, posted a blog on Thursday documenting the device’s lack of security. He was pretty mild-mannered about the lapse, pointing out that the transmission of his credentials only happened at the setup and wasn’t replicated when he restarted the device again.
Like it or not, Facebook has become almost ubiquitous in today's world. Most people you know, both young and old, are on there. Worse, some folks keep memories of their lives stored on the service, including precious photos that, in some cases, may not be backed up in any way. It feels safe, after all, Facebook wouldn't lose them, right? Not so fast.
The financial consequences of Anthem's massive data breach could reach beyond the $100 million mark, according to reports.
The US health insurance provider's cyber insurance policy, led by the American International Group, covers losses of up to $100 million. However, when a company has up to 80 million current and previous customers, staff and investors to contact, reassure and notify, this amount may not be enough.
