RSS Reader for Computer Security Articles
The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.
Just because you’re using a Mac doesn’t mean you’re safe from hackers. That’s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U.S. defense industry.
The malware, called MacDownloader, was found on a website impersonating the U.S. aerospace company United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats.
The fake site was previously used in a spear-phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed.
To read this article in full or to leave a comment, please click here
The discovery of malware on computers and servers of several Polish banks has put the country’s financial sector on alert over potential compromises.
Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.
It’s not clear what the malware’s end goal is, but in at least one case it was used to exfiltrate data from a bank’s computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.
To read this article in full or to leave a comment, please click here
A global cyberthreat report released Tuesday found that 2016 was a mixed bag: malware was down slightly, but ransomware attacks soared, up 167 times the number recorded in 2015.
In addition to that huge increase in ransomware, 2016 saw a new line of cybercrime from a large-scale DDoS attack through internet of things devices. The principal case occurred in October when the Mirai botnet attacked unprotected IoT devices, such as internet-ready cameras, resulting in a DDoS attack on Dyn servers.
The 2016 report, by cybersecurity company SonicWall, looked at data from daily network feeds sent from more than 1 million sensors in nearly 200 countries.
To read this article in full or to leave a comment, please click here
Dozens of iOS apps that are supposed to be encrypting their users’ data don’t do it properly, according to a security vendor.
Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.
The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post.
TLS is used to secure an app’s communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information.
To read this article in full or to leave a comment, please click here
The U.S. House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months.
The House approved the bill by voice vote, and it now goes the Senate for consideration.
The Email Privacy Act would update a 31-year-old law called the Electronic Communications Privacy Act (ECPA). Some privacy advocates and tech companies have pushed Congress to update ECPA since 2011. Lax protections for stored data raise doubts about U.S. cloud services among consumers and enterprises, supporters of the bill say.
To read this article in full or to leave a comment, please click here
Pretending that Steve Bannon is really the President was funny when Saturday Night Live did it on their opening bit. Then today, Business Insider wrote about a Google Chrome extension that replaces every mention of “Trump” with “Steve Bannon” on all web pages. Funny? Not from a Defensive Computing perspective.
Any extension that can change a specific word on every web page is inherently dangerous. Almost by definition, such an extension is spyware.
Michael HorowitzInstalling the President Bannon extension to the Chrome browser
To read this article in full or to leave a comment, please click here
Popular smart TV maker Vizio will pay $2.2 million to settle complaints that it violated customers’ privacy by continuously monitoring their viewing habits without their knowledge.
Beginning in February 2014, the Irvine, California-based TV maker tracked what TV shows customers were watching on 11 million TV sets sold in the U.S., the Federal Trade Commission and the Office of the New Jersey Attorney General said in a complaint, released Monday.
Vizio smart TVs captured “second-by-second” information about video displayed, including video from consumer cable services, broadband, set-top boxes, DVDs, over-the-air broadcasts and streaming devices, according to the complaint.
To read this article in full or to leave a comment, please click here