According to researchers, the WPA2 protocol for Wi-Fi connectivity contains a significant weakness that makes it vulnerable to attackers. A hacker within range of connected devices would reportedly be able to exploit this weakness to hijack passwords, emails and other “encrypted” data, or even place ransomware into a website the user is visiting. The research, which has been ongoing for weeks, reveals that the WPA2 core vulnerability could affect operating systems and devices including Android, Linux, OpenBSD, MediaTek, Linksys, macOS and Windows. Continue reading WPA2 Wi-Fi Flaw Revealed, Android & Linux Most Vulnerable

Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

The federal government, financial service companies, and other regulated industries store their most important data on tape, an old-fashioned and inconvenient format that is, nonetheless, impervious to hackers. As cyberattacks become more skillful and persistent, other companies are now following suit. Starting in the 1950s, digital tape, stored in on-site libraries, was the only means of reliable storage for massive amounts of data. Eventually, companies moved to digital records and, in recent years, the cloud. Continue reading Companies Return to Tape As Protection From Cyberattacks

The Electronic Privacy Information Center filed a legal complaint with the Federal Trade Commission over Google’s Store Sales Measurement, a new advertising program that connects consumers’ online activities with purchases in retail stores. According to the complaint, Google now has access to U.S. consumers’ credit and debit card purchase records, but doesn’t reveal how it gets the information and uses a secretive method to protect it. The complaint states that consumers should be provided a way to opt out of the program. Continue reading Privacy Group Files Complaint Over New Google Ad Program

A Wisconsin-based technology company, Three Square Market, is offering its employees the chance to have a microchip injected between their thumb and index finger. The grain-of-rice sized chip, once injected, will allow an employee to swipe her hand to pay for food in the cafeteria, enter the office building or accomplish any other task involving RFID technology. Though the implant might sound like overreach, more than 50 of the company’s 80 employees have signed up for the implant when it is first offered on August 1. Continue reading Tech Firm Is First to Offer Employees Implantable RFID Chips

Apple will open its first data center in southwest China, in response to a new Chinese law that requires companies to store data within its borders. The data center, which will be operated in partnership with a local data management company, is part of a $1 billion investment Apple will make in the Guizhou province. Amazon, Facebook and Microsoft have built data centers in Germany, France and the Netherlands among other countries for technical reasons and in response to security concerns of governments and customers. Continue reading Apple to Open New Data Center in China With Local Partner

In the largest ransomware payout to date, South Korean web provider Nayana has agreed to pay $1 million to hackers who originally demanded 550 Bitcoins, about $1.62 million. Following negotiations, Nayana has agreed to pay $1 million in three installments. The ransomware, identified as Erebus by cybersecurity firm Trend Micro, impacted 153 Linux servers and more than 3,400 websites hosted by Nayana. “This is the single largest-known payout for a ransomware attack, and it was an attack on one company,” reports CNET. “For comparison, the WannaCry ransomware attacked 200,000 computers across 150 countries, and has only pooled $127,142 in Bitcoins since it surfaced.” Continue reading Ransomware: Hackers Extort $1 Million From One Company

A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault. Continue reading Major Cyberattack Hits 150 Countries, Could Keep Spreading

Slack came to life three years ago, out of a failed video game, and, as messaging software, combines rich data on how people use a product with information on how people feel about using it. When it debuted in 2014, word of mouth catapulted Slack to a value of $4 billion. Now, the private company has attracted competition from Microsoft, which last fall unveiled Teams, free to 85 million users of Office 365, and Facebook with its free collaboration tool Workplace. A smaller company, Atlassian, has also had success. Continue reading Slack Faces Off Against Bigger Competitors, Tweaks Software

The World Wide Web Consortium (W3C) has formally moved its Encrypted Media Extensions (EME) anti-piracy mechanism to the stage of Proposed Recommendation. The decision of whether or not to adopt the EME standard now depends on a poll of W3C’s members, which have until April 19 to respond. Although the proposed standard has many critics, W3C director/HTML inventor Sir Tim Berners-Lee has personally endorsed it. Engineers from Google, Microsoft and Netflix created EME, which has been under development for some time. Continue reading World Wide Web Consortium Proposes HTML5 DRM Standard

WikiLeaks released thousands of documents yesterday that it claims detail methods used by the CIA “to break into smartphones, computers and even Internet-connected televisions,” reports The New York Times. According to WikiLeaks, the CIA and allied intelligence services bypassed encryption on messaging services including Signal, Telegram and WhatsApp. WikiLeaks also suggests that agencies can collect audio and messaging data from Android phones “before encryption is applied.” The Wall Street Journal notes that such activities, if actually taking place with consumer electronics, could fuel tensions between intelligence agencies and the tech industry, which has been concerned about customer privacy. Mobile devices are a major concern; NYT published an article detailing potential smartphone vulnerabilities. Continue reading WikiLeaks Claims of CIA Hacking Could Impact Tech Industry

A new report from rights organization Electronic Frontier Foundation (EFF) found that half of today’s Web’s traffic is now protected by encryption. The increased adoption of HTTPS is largely a result of efforts from big tech companies, like Google and Facebook, and an increased awareness of government surveillance. Google started factoring whether a website was on HTTPS or HTTP into its algorithm. WordPress, one of the biggest Web hosting providers, switched to HTTPS last year. Continue reading Half of Web Traffic Now Encrypted as Websites Adopt HTTPS

The Signal app from non-profit Open Whisper Systems provides end-to-end encrypted messaging, voice calling, and now video chatting. The new feature, along with improved voice calling functionality, comes as part of a beta update for the app’s Android and iOS versions. Signal is a popular choice for activists and journalists who need a private communications platform, but it is still struggling to find a foothold in the mainstream because it sacrifices some popular features for security.  Continue reading Signal App Update Adds Ability to Make Encrypted Video Calls

In a recently published Infrastructure Security Design Overview, Google explains its six layers of security for the cloud it uses for its own operations and its public cloud services. The company also revealed that it designs custom chips, “including a hardware security chip that is currently being deployed on both servers and peripherals,” that allow it to “securely identify and authenticate legitimate Google devices at the hardware level.” The chip works with cryptographic signatures validated during each boot or update. Continue reading Newly Published Google Overview Spells Out Security Details

To improve encryption, Google has launched an open source project, Key Transparency, a follow-up to its Certificate Transparency, both of which focus on the need to verify the authenticity of the person or server the user believes he is connecting to. Keybase, a collection of verified users and their “cryptographic credentials” is one solution, but Google now wants to ascertain that the contacts are verified systematically and are privacy-protected, by having the address “double-check” itself. Continue reading Google Key Transparency Project to Boost Messaging Security