Must-read articles on computer security, including virus alerts and much more!
Is Staples the latest retailer to get hit with a huge credit card breach?
- Brian Krebs, the man who originally reported the Home Depot data breach earlier this year, now believes that Staples has been subjected to a data breach of its own. Krebs says that at least six banks noticed a pattern of debit and credit card fraud in several Staples branches, indicating that card data might have been accessed. At Krebs on Security, Krebs notes that every card that has been connected to this potential breach was used in one of seven or so stores in the Northeast, so even if Staples has been infiltrated, it looks like the range is relatively limited. Interestingly, the cards were affected by other fraudulent charges as well outside of Staples, which Krebs believes could be a sign that Staples is a victim
China-backed hackers target Apple's iCloud users: blog
- By Jim Finkle, Gerry Shih and Ben Blanchard BOSTON/BEIJING (Reuters) - Apple Inc's iCloud storage service in China was attacked by hackers trying to steal user credentials, a Chinese web monitoring group said, adding that it believes the Beijing government is behind the campaign. Using what is called a "man-in-the-middle" (MITM) attack, the hackers interposed their own website between users and Apple's iCloud server, intercepting data and potentially gaining access to passwords, iMessages, photos and contacts, Greatfire.org wrote in its blog post. ...
U.S. national security prosecutors shift focus from spies to cyber
- By Aruna Viswanatha WASHINGTON (Reuters) - The U.S. Justice Department is restructuring its national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands, as American business and government agencies face more intrusions. The revamp, led by Assistant Attorney General John Carlin, also marks a recognition that national security threats have broadened and become more technologically savvy since the 9/11 attacks against the United States. ...
7 awesome paid iPhone and iPad apps you can get for free right now
- We shared a terrific list of eight paid iPhone and iPad apps on Monday that were normally worth a combined $60 but were all on sale for free for a limited time. In fact, if you hurry, you can still download a few of them for free. Tuesday brings a new batch of software sales though, and this time we have another seven iOS apps regularly worth $18 all together, but each and every one of them is free for a limited time. DON’T MISS: The 10 best iPhone apps with iOS 8 Notification Center widgets These are paid iPhone and iPad apps that have been made available for free for a limited time by their developers. There is no way to
The Tech Behind Apple Pay: Is Your Money Secure?
- Apple's new mobile payment system, Apple Pay, launches today (Oct. 20), and while some have questioned whether the technology is safe, security experts say it may actually be safer than swiping your credit or debit card. Apple Pay lets iPhone 6 and iPhone 6 Plus users make purchases in stores with their smartphones, using near-field communication (NFC) technology. A tiny antennain the phone transmits encrypted credit card data without consumers having to swipe their card. Apple Pay uses a security protocol — known as the EMV standard — that other mobile wallets don't use, Ferenczi told Live Science.
Apple Pay Q&A: What you need to know
- Apple's mobile payment system, Apple Pay, made its debut Monday. Now you can flash your new iPhone in the checkout line to pay for food, clothing and other goods. There's no need to pull out your credit ...
Obama’s new order: U.S. government’s credit card security must be improved
- In the wake of the numerous sophisticated cyberattacks that managed to steal credit and debit card data from various retail stores in the U.S., President Obama on Friday signed an executive order to improve security for credit cards and payment systems used by the government, The New York Times reports. FROM EARLIER: Home Depot didn’t take data security seriously, report reveals “You should be able to buy the things that you need without risking your identity, your credit score or your savings,” Obama said at the Consumer Financial Protection Bureau before signing the order. Government agencies and offices will have to upgrade their systems to better protect user data, and move to more secure a chip-and-PIN credit cards that are more
China-backed hackers may have infiltrated Apple's iCloud: blog
- SAN FRANCISCO (Reuters) - Apple Inc's iCloud storage and backup service in China was attacked by hackers trying to steal user credentials and other information, a cyber security blog charged on Monday, saying it believes the country's government is behind the campaign. Unknown "Chinese authorities" interposed their own website between users and Apple's iCloud, intercepting instructions and messages while the user believes he or she is communicating directly with Apple's site, Greatfire.org wrote in its blog post. ...
Wall Street urges U.S. regulators' joint cybersecurity approach
- By Sarah N. Lynch and Douwe Miedema WASHINGTON (Reuters) - Wall Street's top trade group is calling for the creation of a new inter-agency working group of regulators and the White House that would be tasked with developing consistent cybersecurity rules for the financial industry. The recommendation by the Securities Industry and Financial Markets Association (SIFMA) was one of several unveiled on Monday as part of a new paper that lays out proposed "principles for effective cybersecurity regulatory guidance. ...
EU and China end telecoms row as EU drops threats against Huawei
- By Robin Emmott BRUSSELS (Reuters) - The European Union has ended a long-running telecoms row with China, the EU's trade chief said on Monday, dropping a threat to levy punitive tariffs on Chinese telecoms exports and easing tensions between two of the world's top trading powers. As Reuters reported exclusively on Oct. 8, the deal struck between Brussels and Beijing sets out a framework for China to address EU concerns about subsidies to Huawei , China's No. 2 telecoms equipment maker, and its smaller rival ZTE. ...
China says it's hard to resume cyber security talks with U.S.
- BEIJING (Reuters) - Resuming cyber security cooperation between China and the United States would be difficult because of "mistaken U.S. practices", China's top diplomat told U.S. Secretary of State John Kerry. Cyber security is an irritant to bilateral ties. On Wednesday the U.S. Federal Bureau of Investigation said hackers it believed were backed by the Chinese government had launched more attacks on U.S. companies, a charge China rejected as unfounded. ...
A comprehensive guide to using 2014’s coolest new iOS and OS X feature
- The coolest new feature that spans across both iOS and OS X announced this year has definitely been the Handoff feature that will let you quickly move information and data between iOS devices and your Mac. 9to5Mac’s Sarah Guarino has put together a fantastic guide for how to use this new feature, which iPhone owners can finally use now that Apple has released OS X Yosemite. RELATED: Apple announces release details and pricing for OS X Yosemite The first thing you’ll need to do is obviously have a device with iOS 8 installed that you’ll pair to your Mac via Bluetooth. Guarino also lists all the Macs that you can use to run the Handoff feature: “A 2012 iMac, MacBook Air, MacBook
Kerry seeks to warm summit mood with dinner for China's top diplomat
- By David Brunnstrom BOSTON (Reuters) - U.S. Secretary of State John Kerry welcomed China's top diplomat, State Councilor Yang Jiechi, to his Boston home on Friday for talks aimed at warming the often strained U.S.-China relationship ahead of a summit between their leaders next month. Kerry stood outside his imposing townhouse residence in Boston's exclusive Louisburg Square to welcome Yang with smiles and handshakes. After their dinner on Friday night, the two will hold formal talks on Saturday, when Kerry also plans to show Yang some of the sights of his native city. Chinese and U.S. ...
Man sentenced for part in global cybercrime ring
- A Massachusetts man who was part of an international cybercrime ring that the government says hacked into the computers of more than a dozen financial institutions and the U.S. military's payroll service ...
Exclusive: NSA reviewing deal between official, ex-spy agency head
- By Warren Strobel and Mark Hosenball WASHINGTON (Reuters) - The U.S. National Security Agency has launched an internal review of a senior official’s part-time work for a private venture started by former NSA director Keith Alexander that raises questions over the blurring of lines between government and business. Under the arrangement, which was confirmed by Alexander and current intelligence officials, NSA's Chief Technical Officer, Patrick Dowd, is allowed to work up to 20 hours a week at IronNet Cybersecurity Inc, the private firm led by Alexander, a retired Army general and his former ...
Is Car Hacking the Next Big Security Threat?
- "It's not hypothetical at all," said Chris Valasek, director of vehicle security research at IOActive, a global security services company that has its North American headquarters in Seattle. Valasek has conducted research on remote car-hacking with Twitter security engineer Charlie Miller. Researchers at the University of Washington and University of California, San Diego, have also examined this type of security breach. Valasek and Miller said the automotive industry needs to better prepare for potential attacks.
FBI director warns against cellphone encryption
- WASHINGTON (AP) — FBI Director James Comey warned in stark terms Thursday against the push by technology companies to encrypt smartphone data and operating systems, arguing that murder cases could be stalled, suspects could walk free and justice could be thwarted by a locked phone or an encrypted hard drive.
FBI director warns new phone encryption could thwart probes
- By Aruna Viswanatha WASHINGTON (Reuters) - U.S. FBI Director James Comey on Thursday made his strongest comments yet about encryption features built into new cell phones by Google Inc and Apple Inc , warning they could hurt law enforcement efforts to crack homicide and child exploitation cases. Speaking before an audience at the Brookings Institution think tank, Comey said the new phones, which limit the ability for the companies themselves to access data stored on the units, have "the potential to create a black hole for law enforcement. ...
'Malvertising' targets U.S. military firms in new twist on old web threat
- By Eric Auchard AMSTERDAM (Reuters) - A surge in malware disguised as online advertisements aimed at unsuspecting web users has hit major U.S. military contractors in the past few weeks, marking a dangerous twist on a decade-old scourge for advertisers, security researchers said on Thursday. Researchers from Fairfax, Virginia-based security software company Invincea said they had documented new uses of so-called "malvertising" to carry out highly-targeted cyber espionage campaigns against three firms in the military-industrial arena. ...
FBI warns U.S. businesses of cyber attacks, blames Beijing
- BOSTON (Reuters) - The U.S. Federal Bureau of Investigation said on Wednesday that hackers it believes to be backed by the Chinese government have recently launched attacks on U.S. companies. The "flash" warning to businesses described tools and techniques used by the hackers and asked companies to contact federal authorities if they believe they are the victims of such attacks. The document said the agency recently obtained information regarding "a group of Chinese government affiliated cyber actors who routinely steal high-value information from U.S. ...
Amazon’s Fire Phone might be an even bigger flop than anyone imagined
- Amazon’s Fire Phone is definitely 2014’s version of the Microsoft Kin and the Facebook-centric HTC First — in other words, it will go down as one of the most spectacular mobile phone bombs the world has ever seen. RELATED: A flop for the ages — Fire Phone estimated to have sold 35,000 units at most Now Consumer Intelligence Research Partners passes on some new data that suggests the Fire Phone’s impact on the mobile market has been literally nonexistent as even dedicated Amazon customers have avoided the device like the plague. According to a recent CIRP survey of 500 Amazon Prime customers, literally none of them owned a Fire Phone. While you may just write this off as Prime customers only
Iran tips hand about structure of secret services
- TEHRAN, Iran (AP) — Iran drew back the veil — if slightly — over its intelligence services on Wednesday, with its top nuclear security official crediting them for helping protect the Islamic Republic's atomic program from attempts at sabotage.
UK government's top lawyer backs anti-fraud police, remains open to reforms
- LONDON (Reuters) - The British government's chief legal adviser has defended its structure for fighting serious financial crimes but said he was open to reforms, as published reports raised questions about whether the Serious Fraud Office would be dismantled altogether. The SFO, which has handled the criminal investigation into the Libor rate-rigging scandal along with several high-profile corruption cases, has been battling to restore faith in its crime-fighting credentials. ...
New Poodle web threat not seen as menacing as Heartbleed, Shellshock
- By Jim Finkle BOSTON (Reuters) - Three Google Inc researchers have uncovered a security bug in widely used web encryption technology that they say could allow hackers to take over accounts for email, banking and other services in what they have dubbed a "Poodle" attack. The discovery of "Poodle," which stands for Padding Oracle On Downloaded Legacy Encryption, prompted makers of web browsers and server software to advise users on Tuesday to disable use of the source of the security bug: an 18-year old encryption standard known as SSL 3.0. ...
Mozilla to disable encryption feature in next Firefox browser due to 'Poodle' bug
- (Reuters) - Mozilla said it will disable Secure Sockets Layer (SSL) encryption in the latest version of its Firefox web browser that will be released on Nov. 25 after a security bug called "Poodle" was discovered in a web encryption technology. "By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website," Mozilla said in its blog. (http://mzl.la/1DaxOwY) SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. ...
Researchers find new web encryption bug, warn of 'Poodle' attack
- BOSTON (Reuters) - Three Google Inc researchers have uncovered a security bug in widely used web encryption technology that they say could allow hackers to steal data in what they have dubbed a "Poodle" attack. "Poodle" stands for Padding Oracle On Downloaded Legacy Encryption. The problem is an 18-year old encryption standard, known as SSL 3.0, which is still widely used in web browsers and websites. It was disclosed in a research paper published late on Tuesday on the website of the OpenSSL Project, a group that develops the most widely used type of SSL encryption software. ...
Snapchat breach exposes flawed premise, security challenge
- By Sarah McBride and Alexei Oreskovic SAN FRANCISCO (Reuters) - The prospect of tens of thousands of potentially racy Snapchat photos hitting the Internet has driven home a simple fact: the mobile app's core feature - delivering photos and videos that vanish seconds after viewing - is flawed. The negative publicity surrounding that speculation has spurred criticism about its lax security. But whether this will affect the valuation of the 3-year-old Silicon Valley start-up as it seeks another round of funding remains to be seen. ...
Digital doctors: China sees tech cure for healthcare woes
- By Adam Jourdan HANGZHOU China (Reuters) - Liu Chunming almost died after a car crash in July in Taihe, a remote county in China's southeast Jiangxi province, but survived serious abdominal injuries thanks to specialist doctors who led his treatment from 1,000 kms (621 miles) away. From a central "operations room" in the eastern city of Hangzhou, doctors diagnosed and directed treatment for the 48-year-old using live video feeds and software that shares patient scans and files to aid consultation. ...
Hackers breach Oregon job-seeker database, official says
- By Courtney Sherwood PORTLAND Ore. (Reuters) - Hackers gained access to social security numbers and other sensitive information from up to around 850,000 Oregon job-seekers in a massive breach that began some time before Oct. 6, the state's employment department said on Tuesday. The security flaw that led to the breach was quickly patched without disrupting online services. But individual employment files, which can include social security numbers and other identifying information, had already been accessed, Employment Department spokeswoman Andrea Fogue said. ...
EU, China have resolved telecoms dispute: EU trade chief
- ROME (Reuters) - China and the European Union have found a way to end a long-running dispute over Chinese exports of telecoms equipment, resolving one of the most divisive issues between the major trade partners, the EU's top trade official said on Tuesday. EU Trade Chief Karel De Gucht told Reuters he would ask fellow commissioners to back his proposal to end the dispute over an annual 1 billion euros ($1.27 billion) of imports by Huawei and the smaller ZTE. ...
A dangerous bug in Windows 8.1 and older versions could be used to spy on you
- Russian hackers have apparently identified a previously unreported bug in Windows, also known as a zero-day attack, which was then used to spy on several Western governments, NATO and the Ukrainian government, The New York Times reports. FROM EARLIER: WSJ: JPMorgan Chase hackers failed to infiltrate other banks The news comes from security firm iSight Partners, which discovered that several European energy and telecommunications companies, as well as an academic organization in the U.S., have been targeted as well. While hacking activities have been traced back to 2009, the zero-day bug has been used starting in late summer 2013. The security issue apparently affects various Windows versions from Windows Vista to Windows 8.1, and Microsoft is expected to release an update on Tuesday to
Russian hackers target NATO, Ukraine and others: iSight
- By Jim Finkle BOSTON (Reuters) - Russian hackers exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber intelligence firm iSight Partners. ISight said it did not know what data had been found by the hackers, though it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecom issues, based on the targets and the contents of phishing emails used to infect computers with tainted files. ...
Social media: More hindrance than help in banks' cyber crime fight
- By Steve Slater LONDON (Reuters) - Banks are fighting an uphill battle to protect themselves and their client accounts from cyber attacks, and the sometimes careless use of social media by customers and staff isn't making the fight any easier. British police and banks this week warned customers about the rise in criminals using social media to strike up a relationship and then try to get money from them. ...
South Korea identity thefts forces ID overhaul
- SEOUL, South Korea (AP) — After an avalanche of data breaches, South Korea's national identity card system has been raided so thoroughly by thieves that the government says it might have to issue new ID numbers to every citizen over 17 at a possible cost of billions of dollars.
Aaron's rent-to-own business to pay $28 million
- LOS ANGELES (AP) — The nation's second-largest chain of rent-to-own furniture and appliance stores has agreed to pay $28.4 million to settle a case in which it allegedly violated California's consumer protection and privacy laws, attorney general Kamala Harris announced Monday.
Photo-saving service Snapsaved.com claims hackers stole Snapchat images
- SAN FRANCISCO (Reuters) - Snapsaved.com, a website which allows users to save images sent via Snapchat, claimed on Monday that hackers had breached its servers and made off with some 500 megabytes of photographs. The claim by the little-known website sheds some light on reports in past days that hackers were preparing to unleash some 13 gigabytes of photographs sent via SnapChat, a mobile app popular among teenagers that promises users that any pictures relayed to other users will be deleted in a matter of seconds. However, users can employ special websites and third-party apps like Snapsaved. ...
Danaher to combine communications unit with NetScout
- By Supantha Mukherjee and Anya George Tharakan (Reuters) - U.S. healthcare technology group Danaher Corp is combining its communications unit with NetScout Systems Inc, scaling up the business at a time when companies are spending aggressively on cybersecurity. Danaher shareholders will get NetScout shares worth $2.6 billion, giving them majority stake in the company, while NetScout will have operational control. Danaher's communications business sells cybersecurity products and tools to manage networks, while NetScout makes products that monitor software applications on networks. ...
Kmart confirms month-long credit card data breach
- Kmart on Friday confirmed that its systems were breached by hackers who were able to steal credit and debit card data for customers shopping in its retail stores since early September to October 9, when the breach was discovered. It’s not clear at this time how many customers may have been affected or how many Kmart stores have been hit, as the company is yet to announce any numbers. FROM EARLIER: Home Depot didn’t take data security seriously, report reveals However, Kmart did say that “based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible.” The company said there’s no evidence
Sears says Kmart stores hit by data breach
- By Jim Finkle and Nathan Layne (Reuters) - Sears Holdings Corp said it was the victim of a cyberattack that likely resulted in the theft of some customer payment cards at its Kmart stores, the latest in a series of computer security breaches to hit U.S. companies and dealing a fresh blow to the struggling U.S. retailer. The U.S. Secret Service confirmed it was investigating the breach, which occurred in September and compromised the systems of Kmart, which has about 1,200 stores across the United States. The breach did not affect the Sears department store chain. ...
Kmart becomes latest retailer hit by data theft
- Sears Holdings Corp. said Friday that a data breach at its Kmart stores that started last month may have compromised some customers' credit and debit cards. The data theft at Kmart is the latest in a string ...