Virtual keyboard app exposes personal data of 31 million users
The developer’s keyboard apps boast 40 million users across Android and iOS, but “only” Android users were affected by the security lapse.
data theft
Data breach – European bank’s info “held to ransom”
The European Central Bank has revealed that information including email addresses and contact data has leaked in a data breach - and that the unknown attackers demanded “financial compensation” from the bank in return for not releasing the information, according to the BBC’s report.
Evernote forum hacked, revealing users’ passwords and email addresses
Note-taking and archiving app Evernote has announced that its discussion forum has been hacked, compromising some users’ passwords, dates of birth and email addresses.
Low tech Romney tax return hack could be lesson in physical security
So, we read that one or more hackers claim to have gained access to Mitt Romney’s tax records, reported first in a Nashville paper, then in the tech/business press. The hack allegedly took place at the Franklin office of PriceWaterhouseCoopers just outside of Nashville, and PWC has alleged that no such thing happened. We have
Blizzard Entertainment hacked this time for real (lessons learned)
In May we read that game maker Blizzard, developer of a series of popular games including World of Warcraft, Diablo III and Starcraft, was hacked, but that turned out to just be individual compromised accounts from some of its users. Now we read, from Blizzard itself rather than a third party, that they have been
Apache/PHP web access holes – are your .htaccess controls really safe
If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare
Offensive / Proactive tactics, will they really work? Blackhat day 1
Blackhat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Jeff mentioned working for a former
Cybercrime and the small business: Basic defensive measures
Evidence that criminals are targeting the computer systems of small businesses continues to mount. The Wall Street Journal recently drew attention to the way cybercriminals are sniffing out vulnerable firms. The article highlighted the fact that about 72% of the 855 data breaches world-wide last year that were analyzed in Verizon's Data Breach Investigation Report
Sharing versus Security: Driving without Brakes
Does the enterprise still have a choice about sharing information?
ACAD/Medre.A Technical Analysis
For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg’s blog post. For technical details from analysing the worm’s source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to
Guarding against password reset attacks with pen and paper
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard
The security of unlocking an Android based device, the future is near?
In a recent survey of people in America who use their smartphone for work, less than a third said they employ the password protection on their smartphones. Although everyone will agree that not protecting your smartphone isn’t smart, it is all about memorizing. Everyone that has an Android-based device knows they do not have to
SKYPE: (S)ecurely (K)eep (Y)our (P)ersonal (E)‑communications
SKYPE: Securely Keep Your Personal E-communications From time to time people get new computer equipment and need to (re-)install all their favorite programs. Often a painful and time-consuming job, but afterwards it should ease the way of working with the new equipment. Even security gurus have to undergo this procedure at regular intervals. In November
Windows Phone 8: Security Heaven or Hell?
Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with
EU – data breaches to be reported within 24 hours
In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in
Zappos.com breach – lessons learned
We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to
Merchants push back on credit card breach fines
We've noted the often staggering fees associated with a credit card breach, normally accompanied by a slew of bad press. We've seen Stratfor, in light of their recent hack, dealing with public exposure issues due, in part, to unencrypted payment card information (for which, to their credt, they’ve publicly apologized for). Now we see a
Passwords, Stratfor, and Newton’s 3rd Law of Motion
Dazzlepod is saying ... if your account name comes up, change your current password ... why not assume that your account is compromised and go ahead and change it anyway and everywhere?
Stratfor hack – lessons learned
Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also,
What would a credit card breach cost your company?
We’ve noted recently that many companies store credit card information in an unencrypted form, sometimes several years' worth. So what happens if your systems get hacked before you get around to securing that credit card data? Sure, there’s the embarrassment of telling your customers their data has been exposed–a legal requirement in more than 40