The National Security Agency (NSA) discovered a vulnerability in versions of Windows and, instead of retaining it, reported it to Microsoft, which is now patching the flaw in its handling of certificate and cryptographic messaging functions. The vulnerability could have enabled attackers to use malicious code that would pretend to be legitimate software. Microsoft also warned all current users of Windows 7 Home Basic, Home Premium, Professional or Ultimate to upgrade immediately. Continue reading NSA Discovers Windows Vulnerability — and Tells Microsoft

Early Tuesday morning, just as CES 2020 was getting underway, the team that monitors computers for Las Vegas detected a potential cyberattack as the city’s systems were reportedly compromised. While city officials tweeted about the breach, the information was light on details regarding which operations had been affected or the extent of the attack. The timing was unfortunate, since the annual CES confab is one of the largest events in Las Vegas. Last year, the show attracted more than 175,000 people and 4,400 exhibitors, including a number of Fortune 500 companies. Continue reading Las Vegas Was a Target of Cyberattack While Hosting CES

The National Security Agency and security firm FireEye recently detected extensive attacks by Iran on U.S. banks, businesses and government agencies, prompting the Department of Homeland Security to declare an emergency during the government shutdown. The attacks from Iran took place at the same time that China renewed its efforts to steal trade and military secrets, from Boeing, General Electric Aviation and T-Mobile. Meanwhile, Microsoft detected a Russian government operation targeting think tanks critical of Russia. Continue reading Chinese, Iranian, Russian Hackers Honing Their Attack Skills

Facebook’s internal investigation into the recent data breach that affected 30 million user accounts has concluded that the hack was the work of spammers disguised as a digital marketing company, and not foreign nationals. Facebook believes the attack was initiated by a group of Facebook and Instagram spammers that intended to make money by means of deceptive advertising. The FBI is continuing its investigation into the hack, which is the worst security breach in the social network’s 14-year history. Continue reading Facebook Says Spammers, Not Nation-State, Behind Breach

As we reported last week, Bloomberg published a story claiming that China had secretly installed microchips on motherboards built by Supermicro that were used in data center servers of companies such as Apple and Amazon. In the first official response from the U.S. government, Homeland Security issued a statement indicating that it has “no reason to doubt” the denials issued by Apple, Amazon and Supermicro in the wake of the report. The Homeland Security statement is similar to comments released by the U.K.’s National Cyber Security Centre. Continue reading Government Backs Apple and Amazon Denials of Spy Chips

According to a Bloomberg Businessweek cover story today, Chinese spies infiltrated nearly 30 U.S. companies including Amazon and Apple by embedding tiny chips into servers in the technology supply chain. In 2015, malicious microchips were reportedly embedded in servers bound for U.S. companies, which resulted in compromised software used in numerous hardware devices. While the report cites former government officials and “senior insiders” at Apple, both Amazon and Apple — as well as motherboard manufacturer Supermicro and China’s Ministry of Foreign Affairs — have firmly disputed the findings. Continue reading China Reportedly Used Tiny Chips to Hack U.S. Companies

In its third security breach reported since June, Facebook announced on Friday that hackers had leveraged a security vulnerability in order to attack its computer network and access the personal accounts of about 50 million of its social platform users. In the two other breaches, hackers unblocked individuals that had been previously blocked by Facebook users, and users’ share settings were manipulated without permission. As a result of this latest breach, “the attackers could use the account as if they are the account holder,” according to Guy Rosen, VP product management for Facebook. Continue reading Facebook Reveals Another Attack on its Computer Network

Today’s consumers are “overconfident in their security prowess,” which has resulted in a record year for cyberattacks, according to the “2017 Norton Cyber Security Insights Report.” The Symantec report found that 978 million people across 20 countries were impacted last year by cybercrime, and 44 percent of consumers were affected in the last 12 months. “As a result,” notes the report, “consumers who were victims of cybercrime globally lost $172 billion — an average of $142 per victim — and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.” Continue reading Symantec Publishes Global Security Findings in Latest Report

Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

Security companies Morphisec and Cisco reported the extent of the damage caused by a malware attack on security software CCleaner. Experts say that the software, distributed by Czech company Avast, was targeted not simply to disrupt as many computers as possible, but to conduct espionage. Hackers penetrated the software and added a backdoor, ultimately installing malware on more than 700,000 computers. But hackers also sought to find computers among those infected that resided in networks of 20 leading tech firms. Continue reading CCleaner Malware Is Linked to Attack Against 20 Tech Firms

Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.   Continue reading Equifax Data Breach, Discovered in July, Impacts 143 Million

Despite earlier concerns over censorship and a cyberattack traced to Chinese hackers — and the fact that its search engine can only be accessed in the region by using VPNs (due to the government’s filtering system) — Google is reportedly ramping up its presence in China. Its careers web page lists nearly 60 open positions in Beijing and Shanghai. According to The Wall Street Journal, at least four of the engineering positions involve artificial intelligence, “including a technical lead to develop a team to work on natural language processing, data compression and other machine learning technologies.” Continue reading Google Ramping Up its Artificial Intelligence Efforts in China

The threat of ransomware and malware are growing. The “WannaCry” attack impacted at least 200,000 computers in 150 countries before peaking last week. Adylkuzz is another piece of malware currently threatening computers around the world. As computers become increasingly connected, so opportunities for cybercrime expand, say the experts. Part of the problem is that the Internet wasn’t designed with cybersecurity protections, and criminals are attracted to cybercrimes for the relatively easy profits they can make. Continue reading Advice on Keeping Smaller Businesses Safe From Cybercrime

A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault. Continue reading Major Cyberattack Hits 150 Countries, Could Keep Spreading

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data