According to researchers, the WPA2 protocol for Wi-Fi connectivity contains a significant weakness that makes it vulnerable to attackers. A hacker within range of connected devices would reportedly be able to exploit this weakness to hijack passwords, emails and other “encrypted” data, or even place ransomware into a website the user is visiting. The research, which has been ongoing for weeks, reveals that the WPA2 core vulnerability could affect operating systems and devices including Android, Linux, OpenBSD, MediaTek, Linksys, macOS and Windows. Continue reading WPA2 Wi-Fi Flaw Revealed, Android & Linux Most Vulnerable

In the wake of May’s Equifax website breach that reportedly involved personal data of 145.5 million U.S. consumers, the credit reporting service’s site was manipulated again this week. On Wednesday, and again on Thursday, fraudulent Adobe Flash updates appeared that infected computers with adware when clicked. Only three of 65 antivirus providers detected the adware. Security analyst Randy Abrams discovered the issue while investigating false information that had appeared on his credit report. Meanwhile. federal legislators have introduced a new cybersecurity bill to help protect consumers. Continue reading Clicking Flash Update on the Equifax Site Results in Adware

Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

The Equifax breach exposed millions of U.S. adults’ personal information, prompted Federal Trade Commission and FBI investigations, and spurred lawsuits by many states’ attorneys general. With the threat of even worse breaches in the future, companies will be urged to adopt better cybersecurity practices. But the Equifax breach is likely to have another result that tech companies won’t like: the need for transparency. Although 48 states have already passed data-breach disclosure laws, now federal regulations are proposed. Continue reading Equifax Breach Spurs Call for Federal Laws on Transparency

Security companies Morphisec and Cisco reported the extent of the damage caused by a malware attack on security software CCleaner. Experts say that the software, distributed by Czech company Avast, was targeted not simply to disrupt as many computers as possible, but to conduct espionage. Hackers penetrated the software and added a backdoor, ultimately installing malware on more than 700,000 computers. But hackers also sought to find computers among those infected that resided in networks of 20 leading tech firms. Continue reading CCleaner Malware Is Linked to Attack Against 20 Tech Firms

Equifax’s two cyber breaches, which exposed about 143 million Americans’ personal information, were the work of hackers who took advantage of a flaw in Apache Struts software. The nonprofit Apache Software Foundation and the U.S. Computer Emergency Readiness Team warned of the bug in early March, but Equifax only alerted its end users on September 7, almost five months later. IT experts say the event highlights the challenges in keeping software current and identifying all potentially vulnerable applications. Continue reading Equifax Breaches Spur Businesses to Prioritize Cybersecurity

The federal government, financial service companies, and other regulated industries store their most important data on tape, an old-fashioned and inconvenient format that is, nonetheless, impervious to hackers. As cyberattacks become more skillful and persistent, other companies are now following suit. Starting in the 1950s, digital tape, stored in on-site libraries, was the only means of reliable storage for massive amounts of data. Eventually, companies moved to digital records and, in recent years, the cloud. Continue reading Companies Return to Tape As Protection From Cyberattacks

Increasingly pervasive threats to cybersecurity have jumpstarted the cyberinsurance business to reach beyond technology companies, its core customers. Covering financial loss, including theft of data and ransomware, cyberinsurance is reportedly the fastest-growing coverage among U.S. companies; cyberinsurance firms provide competing tools to distinguish their offerings in the marketplace. Insurance is not in lieu of good security practices, but the idea of cyberinsurance is appealing even though it is largely untested. Continue reading As Threats to Cybersecurity Grow, So Does Cyberinsurance

Jackson Palmer and his once-wildly successful cryptocurrency Dogecoin are a cautionary tale for those bedazzled by Bitcoin. Palmer was an early enthusiast of cryptocurrency, but sought a way to mock the hype around investing huge sums of money in it. He created his own cryptocurrency, Dogecoin, based on an Internet meme of a Shiba Inu dog. Instead of getting the joke, investors brought Dogecoin’s market value to $400 million, before scammers and hackers brought it down, selling fake products and defrauding investors. Continue reading Are Cryptocurrencies Next Big Bust or Revolution in Finance?

Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.   Continue reading Equifax Data Breach, Discovered in July, Impacts 143 Million

Last week, IBM and the Massachusetts Institute of Technology announced a 10-year, $240 million partnership to establish the MIT-IBM Watson AI Lab in Cambridge, Massachusetts. The long-term initiative is expected to bring together industry experts, professors and students to research areas such as cybersecurity, healthcare, machine learning and quantum computing. Researchers will work at MIT and the nearby Watson Health and Security facilities. The lab will be co-chaired by IBM Research VP Dario Gil and MIT School of Engineering dean Anantha Chandrakasan. Continue reading IBM and MIT Team Up for Artificial Intelligence Research Lab

A group of 28 developers in China have hired a local law firm to file a complaint against Apple that claims the company engaged in “monopolistic behavior” after it removed apps from the App Store in China “without detailed explanation” and charged “excessive fees for in-app purchases,” reports The Wall Street Journal. “The complaint also alleges Apple doesn’t give details on why apps are removed and puts local developers at a disadvantage by not responding to queries in Chinese.” Continue reading Chinese Developers Accuse Apple of ‘Monopolistic Behavior’

In the largest ransomware payout to date, South Korean web provider Nayana has agreed to pay $1 million to hackers who originally demanded 550 Bitcoins, about $1.62 million. Following negotiations, Nayana has agreed to pay $1 million in three installments. The ransomware, identified as Erebus by cybersecurity firm Trend Micro, impacted 153 Linux servers and more than 3,400 websites hosted by Nayana. “This is the single largest-known payout for a ransomware attack, and it was an attack on one company,” reports CNET. “For comparison, the WannaCry ransomware attacked 200,000 computers across 150 countries, and has only pooled $127,142 in Bitcoins since it surfaced.” Continue reading Ransomware: Hackers Extort $1 Million From One Company

In an experiment described in Science, Chinese researchers used photons (also known as light particles) from the country’s quantum-communications satellite and established an instantaneous connection between two ground stations more than 744 miles apart. By doing so, say the experts, China is now a pioneer in harnessing matter and energy at a subatomic level — and a leader in the field of using quantum technology to build a global communications network that can’t be hacked. Meanwhile, the U.S. Department of Energy is paying for companies to develop new supercomputers in pursuit of at least one “exascale” system. Continue reading U.S. and China Continue to Compete in Supercomputing Race

Journalists routinely purchase libel insurance, but now insurance companies are selling such policies to ordinary citizens. The growth of social media has led to an increasing number of users regularly venting online, and sometimes there are consequences. Musician/actress Courtney Love, for example, spent six years in court accused of libeling her former attorney and later a designer, ultimately paying $780,000 in settlements. Libel insurance costs an average of $33 per month bundled with traditional home or car insurance policies. Continue reading Libel Insurance Policies More Common in Social Media Era