data leakage

Revenue Service breach may have leaked data on 20,000 employees

Personal data for around 20,000 workers for the U.S. Internal Revenue Service (IRS), including names, social security numbers and addresses may have been exposed, after an employee plugged a thumb drive into a computer on an unsecured home network.

Low tech Romney tax return hack could be lesson in physical security

So, we read that one or more hackers claim to have gained access to Mitt Romney’s tax records, reported first in a Nashville paper, then in the tech/business press. The hack allegedly took place at the Franklin office of PriceWaterhouseCoopers just outside of Nashville, and PWC has alleged that no such thing happened. We have

Apache/PHP web access holes – are your .htaccess controls really safe

If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare

Passwords of Plenty*: what 442773 leaked Yahoo! accounts can tell us

If a service leaks your credentials, your options are limited, but changing all your passwords to something harder to guess/break is never a bad idea.

ACAD/Medre.A Technical Analysis

For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to

ACAD/Medre.A 10000′s of AutoCAD files leaked in suspected industrial espionage

The malware news today is all about new targeted, high-tech, military grade malicious code such as Stuxnet, Duqu and Flamer that have grabbed headlines. So imagine our surprise when an AutoCAD worm, written in AutoLISP, the scripting language that AutoCAD uses, suddenly showed a big spike in one country on ESET’s LiveGrid® two months ago,

Guarding against password reset attacks with pen and paper

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

The security of unlocking an Android based device, the future is near?

In a recent survey of people in America who use their smartphone for work, less than a third said they employ the password protection on their smartphones. Although everyone will agree that not protecting your smartphone isn’t smart, it is all about memorizing.  Everyone that has an Android-based device knows they do not have to

SKYPE: (S)ecurely (K)eep (Y)our (P)ersonal (E)-communications

SKYPE: Securely Keep Your Personal E-communications From time to time people get new computer equipment and need to (re-)install all their favorite programs. Often a painful and time-consuming job, but afterwards it should ease the way of working with the new equipment. Even security gurus have to undergo this procedure at regular intervals. In November

Windows Phone 8: Security Heaven or Hell?

Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with

CarrierIQ-style data gathering law to require mandatory notification/opt-in?

As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices. You may recall that a company called CarrierIQ recently became the center of attention after a user

EU – data breaches to be reported within 24 hours

In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in

Zappos.com breach – lessons learned

We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to

Passwords, Stratfor, and Newton’s 3rd Law of Motion

Dazzlepod is saying … if your account name comes up, change your current password … why not assume that your account is compromised and go ahead and change it anyway and everywhere?

Stratfor hack – lessons learned

Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also,

2012 predictions: online data brokers come under fire

In 2011 we saw an increase concern about, and scrutiny of, what exactly social networking sites do with the data you input, both internally as well as what gets shared with third parties. But in 2012 some of that scrutiny will shift to those third parties as more people ask: What are they doing with

CarrierIQ, keylogging and mobile payment systems

Recently we see allegations that CarrierIQ is quietly collecting more information than Android users bargained for. In one case, Trevor Eckhart thinks he proved that they register users’ keystrokes without the users’ knowledge for reasons subject to ongoing speculation. We certainly had no trouble finding the CarrierIQ software on an HTC phone, where it possessed

October: Facebook Facepalm, Feeling Safe Online, and a Small Tsunami

ESET’s Threat Reports for September and October include some quality articles on Facebook, safety online, and backup strategy.

Another Massachusetts Health Services breach – at least they HAVE to report it

We see yet another breach hitting the headlines from a Massachusetts Healthcare Service provider, Spectrum Health Services. It seems during a break-in a hard drive was stolen, which contained names, addresses, phone numbers, dates of birth, Social Security numbers, diagnostic codes and medical insurance numbers. It is interesting because, unlike other states, Massachusetts law requires

U.S. Government – Security incidents up 650% over 5 years

Citing weaknesses in security controls at 24 major agencies, a new report by the U.S. Government Accountability Office (GAO) charts the stellar rise in incidents, and tries to highlight what went wrong. Just today my colleague Stephen Cobb also posted a government-related incident in the health care sector. The timeframe of the study, starting in

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

2 articles related to:
Hot Topic
19 Mar 2014
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.