Security

This year's HITB Haxpo in Amsterdam features Reuben Paul, an 8 year old CEO, as one of the highlight speakers.

A new report by security vendor ESET holds mixed news for enterprises running on Microsoft technology.

For the past several months, different groups of attackers have distributed malware through Microsoft Office documents that contain malicious macros, reviving a technique that has been out of style for over a decade.

Macros are scripts that contain commands for automating tasks in various applications. Microsoft Office programs like Word and Excel support macros written in Visual Basic for Applications (VBA) and these can be used for malicious activities like installing malware.

FBI Director James Comey, today, said that the hackers who compromised Sony Pictures Entertainment usually used proxy servers to obfuscate their identity, but "several times they got sloppy."

Speaking today at an event at Fordham University in New York, Comey said, "Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using ... were exclusively used by the North Koreans.

Previous stories on KrebsOnSecurity about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about the emergence of a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack.

Sony CEO Kazuo Hirai noted his dismay at being the target of a notorious hack that sparked an international controversy between the US and North Korea.

Sony was "unfortunately the victim of one of the most vicious and malicious cyberattacks we've known certainly in recent history," Hirai said during a keynote presentation at this year's Consumer Electronics Show here.

If keeping a suitcase secured with NFC and a smartphone instead of a key sounds interesting to you, the eGeeTouch smart luggage lock may be worth a look. Being shown off here at CES Unveiled, the lock lets you get at your luggage without a key or combination digit wheel — the ways travelers most often open a suitcase. (That's assuming you lock things down to begin with.) Instead, it uses NFC to know when you're nearby.

As the clock strikes midnight on the new year, so begins the countdown to a new round of security threats and breaches that doubtless will unfold in 2015. But this year will be a little different. In the past, when we’ve talked about threat predictions, we’ve focused either on the criminal hackers out to steal credit card data and banking passwords or on the activist hackers out for the lulz (and maybe to teach corporate victims a lesson).

Dubbed Thunderstrike, the vulnerability reportedly allows a custom-crafted malicious Thunderbolt device to flash code to the boot ROM. In a lengthy video posted to ccc-tv, Hudson demoes how persistent firmware modifications can be fed into the EFI boot ROM of MacBooks equipped with Thunderbolt ports.

It’s generally easier to keep safe the files we have under our control, on our internal and external drives, than those that waft far away from us on cloud-storage backup systems. Different backup services handle how they send data for storage and how they encrypt it once it arrives.