In the wake of May’s Equifax website breach that reportedly involved personal data of 145.5 million U.S. consumers, the credit reporting service’s site was manipulated again this week. On Wednesday, and again on Thursday, fraudulent Adobe Flash updates appeared that infected computers with adware when clicked. Only three of 65 antivirus providers detected the adware. Security analyst Randy Abrams discovered the issue while investigating false information that had appeared on his credit report. Meanwhile. federal legislators have introduced a new cybersecurity bill to help protect consumers. Continue reading Clicking Flash Update on the Equifax Site Results in Adware

Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

The Equifax breach exposed millions of U.S. adults’ personal information, prompted Federal Trade Commission and FBI investigations, and spurred lawsuits by many states’ attorneys general. With the threat of even worse breaches in the future, companies will be urged to adopt better cybersecurity practices. But the Equifax breach is likely to have another result that tech companies won’t like: the need for transparency. Although 48 states have already passed data-breach disclosure laws, now federal regulations are proposed. Continue reading Equifax Breach Spurs Call for Federal Laws on Transparency

London cut Uber’s license to operate, which will expire September 30. London said that Uber lacked corporate responsibility and was not fit and proper to hold a private vehicle hire licenses. Uber has 40,000 drivers and 3.5 million users in London. Transport for London (TfL), the agency that oversees the city’s cabs, buses and subways, said it would allow Uber to operate until the conclusion of the appeals process. TfL also cited Uber’s background checks on drivers, its approach to reporting serious criminal offenses and Greyball, a software that could block regulators from accessing the app. Continue reading London Pulls Uber’s License to Operate, Uber Appeals Ruling

Security companies Morphisec and Cisco reported the extent of the damage caused by a malware attack on security software CCleaner. Experts say that the software, distributed by Czech company Avast, was targeted not simply to disrupt as many computers as possible, but to conduct espionage. Hackers penetrated the software and added a backdoor, ultimately installing malware on more than 700,000 computers. But hackers also sought to find computers among those infected that resided in networks of 20 leading tech firms. Continue reading CCleaner Malware Is Linked to Attack Against 20 Tech Firms

Equifax’s two cyber breaches, which exposed about 143 million Americans’ personal information, were the work of hackers who took advantage of a flaw in Apache Struts software. The nonprofit Apache Software Foundation and the U.S. Computer Emergency Readiness Team warned of the bug in early March, but Equifax only alerted its end users on September 7, almost five months later. IT experts say the event highlights the challenges in keeping software current and identifying all potentially vulnerable applications. Continue reading Equifax Breaches Spur Businesses to Prioritize Cybersecurity

The federal government, financial service companies, and other regulated industries store their most important data on tape, an old-fashioned and inconvenient format that is, nonetheless, impervious to hackers. As cyberattacks become more skillful and persistent, other companies are now following suit. Starting in the 1950s, digital tape, stored in on-site libraries, was the only means of reliable storage for massive amounts of data. Eventually, companies moved to digital records and, in recent years, the cloud. Continue reading Companies Return to Tape As Protection From Cyberattacks

The World Wide Web Consortium (W3C) published the Encrypted Media Extensions (EME) specification as a recommendation, although W3C members only voted 58.4 percent to approve, with 30.8 percent opposing and 10.8 percent abstaining. EME is a standard interface for digital rights management (DRM) protection of content delivered through the browser, defining how Internet content works with third-party Content Decryption Modules (CDMs) that provide proprietary decryption and rights management. In response to the EME recommendation, the Electronic Frontier Foundation has resigned from the W3C. Continue reading W3C Officially Recommends EME Spec for DRM Protection

Increasingly pervasive threats to cybersecurity have jumpstarted the cyberinsurance business to reach beyond technology companies, its core customers. Covering financial loss, including theft of data and ransomware, cyberinsurance is reportedly the fastest-growing coverage among U.S. companies; cyberinsurance firms provide competing tools to distinguish their offerings in the marketplace. Insurance is not in lieu of good security practices, but the idea of cyberinsurance is appealing even though it is largely untested. Continue reading As Threats to Cybersecurity Grow, So Does Cyberinsurance

Google launched a new site this week that offers startups a single location for accessing Google’s services and tools such as AdWords, Analytics, Android Studio, Firebase, Google Cloud and G Suite. “Startup with Google” also highlights Google’s Campus co-working spaces for entrepreneurs and its Google Developers Launchpad programs for providing mentorship and equity-free support. In addition to promoting Google’s own accelerators and events, the new site links to community programs and tech hubs run by third parties. Continue reading ‘Startup with Google’ Site Bundles Resources in Central Hub

Jackson Palmer and his once-wildly successful cryptocurrency Dogecoin are a cautionary tale for those bedazzled by Bitcoin. Palmer was an early enthusiast of cryptocurrency, but sought a way to mock the hype around investing huge sums of money in it. He created his own cryptocurrency, Dogecoin, based on an Internet meme of a Shiba Inu dog. Instead of getting the joke, investors brought Dogecoin’s market value to $400 million, before scammers and hackers brought it down, selling fake products and defrauding investors. Continue reading Are Cryptocurrencies Next Big Bust or Revolution in Finance?

Over the weekend, the Virtual Reality Industry Forum (VRIF) released its draft VR and 360 video production and distribution guidelines at IBC 2017 in Amsterdam. The draft document begins with an intro section suggesting best practices for VR/360 production, including experiences with three degrees of freedom (3DOF). It then makes specific recommendations for the technical aspects of visual and audio VR/360 content production, media and presentation profiles, and content security. VRIF aims to release the full guidelines, with an emphasis on an open ecosystem, at CES 2018 in January. Continue reading VR Industry Forum Draft Guidelines Push for Open Ecosystem

The Chinese government, increasingly uneasy about virtual currency, is on the verge of shutting down the country’s Bitcoin exchanges, say sources. The move comes as the government focuses on preventing capital from leaving to digital currencies. But if China, the world’s No. 2 economy, does indeed take this step, the market for cryptocurrencies, including all the new companies using it, will feel the impact. Of all the virtual currencies, Bitcoin is the largest, since restrictions on it were loosened in Japan and elsewhere. Continue reading Sources Say China Is Planning to Shutter Bitcoin Exchanges

Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.   Continue reading Equifax Data Breach, Discovered in July, Impacts 143 Million

Last week, IBM and the Massachusetts Institute of Technology announced a 10-year, $240 million partnership to establish the MIT-IBM Watson AI Lab in Cambridge, Massachusetts. The long-term initiative is expected to bring together industry experts, professors and students to research areas such as cybersecurity, healthcare, machine learning and quantum computing. Researchers will work at MIT and the nearby Watson Health and Security facilities. The lab will be co-chaired by IBM Research VP Dario Gil and MIT School of Engineering dean Anantha Chandrakasan. Continue reading IBM and MIT Team Up for Artificial Intelligence Research Lab