New Chrome extension spots unencrypted tracking
A new Chrome extension highlights tools embedded in websites that could pose privacy risks by sending data unencrypted over the Internet. It’s hard to find a major website that doesn’t use a variety of third-party tracking tools for online advertising, social media and analytics. But if the trackers send data unencrypted, it is possible for […] more…Ubisoft yanks keys for online games purchased via unauthorised parties
Far Cry 4 and other games disappeared over the weekend, leaving a trail of ex-Ubisoft fans in their wake, stripped of games Ubisoft thinks were “fraudulently” bought on third-party sites. more…Not So Spooky: Linux “Ghost” Vulnerability
Researchers at Qualys have found a vulnerability in the GNU C Library (alternately known as glibc), which can be used to run arbitrary code on systems running various Linux operating systems. The vulnerability (assigned as CVE-2015-0235) has been dubbed GHOST and is the latest vulnerability to receive a “friendly” name, joining others like Heartbleed, Shellshock, […] more…How the Obamacare website healthcare.gov leaks private data
HealthCare.gov, the US insurance exchange website that is a central component of Obamacare (the Affordable Care Act), is sending personal information on users to third parties including Facebook, Google, and web analytics companies. more…Lack of security in small companies means big risk for the enterprise
“I’ve been in the security business for 25-years. The industry spent the first 20 of those developing perimeter security products. Then five years ago, we simply let everybody in, building an ecosystem of third-party vendors and service providers that are now part of our federated enterprise,” says Mo Rosen, COO, Xceedium. Once attackers enter these […] more…Security Budgets Going Up, Thanks To Mega-Breaches
Sixty percent of organizations have increased their security spending by one-third — but many security managers still don’t think that’s enough, Ponemon study finds. Mega-breaches like those at Target and Sony are good for one thing: they help security departments get greater buy-in and bigger budgets from the powers that be. In the wake of […] more…WhatsApp issues 24 hour ban for WhatsApp Plus users
WhatsApp has started giving out day-long bans to those using a third party Android app to send and receive messages through its service. more…Looking Back (and Forward) at PoS Malware
2014 became the year that placed PoS (point-of-sale) threats in the spotlight. Make no mistake—PoS threats have existed for years. However, the Target data breach last January was the first incident that made the general public notice this threat. 2014: the Year of PoS Malware While the Target breach may have been the first PoS-related […] more…Report: NSA not only creates, but also hijacks, malware
In addition to having its own arsenal of digital weapons, the U.S. National Security Agency reportedly hijacks and repurposes third-party malware. The NSA is using its network of servers around the world to monitor botnets made up of thousands or millions of infected computers. When needed, the agency can exploit features of those botnets to […] more…Advertising company Turn will stop using Verizon’s mobile tracking ID
Online advertising company Turn said Friday it will stop using a controversial tracking method by early next month that aids serving targeted advertisements to Verizon’s mobile customers. Turn was criticized for using a persistent numerical identifier that Verizon attaches to the Internet traffic of its mobile customers to recreate a history of a person’s web […] more…Thieves hijack miles from American and United Airlines accounts
Usernames and passwords stolen from a third party were used to book free trips or upgrades on American and United Airlines: yet another sad tale of password reuse! more…Recent Crypto-Ransomware Attacks: A Global Threat
We noticed a recent influx of crypto-ransomware spreading in Australia. This recent wave rings similar to the hike of infections in the Europe/Middle East/Africa (EMEA) region we wrote about in early December. Upon further research and analysis, we concluded that the attackers behind these incidents could possibly belong to the same cybercriminal gang due to the similarity in their IP addresses. Infection […] more…AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported […] more…United, American airlines account fraud highlights hacker focus on travel industry
More than 20 travel-related websites have experienced data breaches in the past two months, according to a security expert who tracks the trade in stolen data. Data from those websites is being sold on underground forums by cybercriminals, said Alex Holden, CTO of Hold Security, a company that specializes in monitoring the illegal trade and […] more…Stolen credentials used to access United Airlines’ MileagePlus accounts
Three dozen loyalty accounts belonging to United Airlines customers saw fraudulent transactions after hackers used login credentials collected from an unknown source. The Mileage Plus accounts, which are part of United’s rewards program, were accessed early last month, said Luke Punzenberger, a United spokesman, on Sunday. The program has about 95 million participants. Punzenberger said […] more…Bitcoin Value Plunges Following $5M Bitstamp Heist
The new year has started rather badly for the Bitcoin world. On January 4th, a cyber-attack against Bitstamp, one of the biggest bitcoin exchanges in the world, resulted in the loss of almost 19,000 BTC – the equivalent of more than $5 million. While very little is known at the moment about how the attackers […] more…More information
- 61-Year-Old Hacker Convicted in Texas
- T-Mobile, Amazon, and others are backing out of CES 2022 amid COVID resurgence
- R3’s Corda Blockchain Platform Goes Open-Source
- Exploited Script in WordPress Theme Sends Spam
- Android is almost impenetrable to malware
- FileZilla warns of large malware campaign
- Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?
- Researcher for Snowden journos leaves White House, denied security clearance
- Countering Cyber Threats By Modeling "Normal" Website Behavior
- Thieves Planted Malware to Hack ATMs