Threatpost for B2B
Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan.
Document-sharing website Scribd announced this week it was hacked, the victim of what it’s calling a “deliberate attempt to access the email addresses and passwords of registered Scribd users.”
Bitcoin may still be a virtual unknown quantity for most people, but the digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains. The attacks against Bitcoin exchange Mt. Gox and hack of Instawallet this week are the latest evidence, but now there is a piece of malware in circulation that is using Skype as a spreading mechanism and then using infected machines' processing power to mine Bitcoins.
Appropriately enough for the start of the baseball season, Microsoft is going to go 4-for-4 and release another set of critical Internet Explorer patches on Tuesday, the fourth consecutive month in which serious vulnerabilities in the browser are being addressed in Microsoft’s Patch Tuesday monthly security updates.
UPDATE Popular applications Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users’ Facebook accounts. In what’s technically being referred to as an “open direct vulnerability,” both applications failed to validate sites before sending users and their access tokens to them.
The maintainers of the PostgreSQL database software have patched a security vulnerability, which, in some very limited circumstances, could be used to run arbitrary code on vulnerable servers. The vulnerability, which affects versions 9.0, 9.1 and 9.2, also can be used to cause a denial-of-service by any remote attacker.
As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1 billion.
A report released Wednesday indicates an organization on average experiences a malware-related event every three minutes, often involving business-related spear phishing and targeting technology companies.
Security-related policy or legislation is enacted and then enforced to protect corporate, government or military interests. Civil organizations are often left flailing in the wind, fending for themselves with fewer IT resources and experience than a Middle America mom-and-pop operation. Yet these non-governmental—and not-for-profit—organizations have tasked themselves with helping those targeted by lethal adversaries who aren’t just after corporate secrets, but are out to deny people their freedom or, in some cases, their lives.
Nearly a year since the Flashback Trojan surfaced and ultimately infected more than 600,000 Apple OS X computers, the author of the malware may haven been discovered.
Hackers compromised the forum and game database of the massively multiplayer online game, The War Z, forcing the game’s producer OP Productions to temporarily take the game and its forum offline.
California, which set the standard for data breach notifications nationwide, is again seeking to set a precedent by becoming the first state in the nation to require companies upon request disclose to California consumers the data they've collected and to whom it was shared during the past year. They would be required to respond within 30 days and provide the report for free.
Mozilla has added a new privacy feature to Firefox that enables users to begin a new private browsing session in a separate tab while still running a normal session in other tabs. Firefox 20 also includes patches for 11 critical security vulnerabilities.
The new version of Firefox expands the capabilities of the private browsing function in the browser, a feature that allows users to browse without any cookies, logs or any other data retention.
Much like malware that was discovered last year, a new Trojan has been reported that relies on detecting mouse clicks to evade sandbox analysis. BaneChant masquerades as a Word document and incorporates advanced evasion techniques making it stealthier than its predecessor.
Tibetan activists in China as well as those living in exile around the world are being targeted by dangerous malware that not only steals data from infected computers, but also has graduated to reporting location data from mobile devices for surveillance purposes.
The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took the Army CIO to task in a new report, saying that the CIO "did not implement an effective cybersecurity program for [commercial mobile devices]".
A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week.
The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.
Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company's top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of serious privacy scandals and controversies.