Google Apps leaks Whois data for over 280,000 protected domains
Private information relating to more than 280,000 domains registered via Google Apps has leaked, leaving the registrants open to risk of identity theft or spear phishing.
The ability to buy domain names from one of Google's partners is a feature offered by Google Apps to allow easier access to and management of services.
GCHQ does not engage in indiscriminate blanket surveillance
When Edward Snowden blew the whistle on the activities of the NSA, it sparked a global interest in how internet traffic is monitored. The UK's Intelligence and Security Committee of Parliament today published a report into online surveillance carried out by GCHQ, MI5 and MI6 after an 18-month inquiry.
Among the findings is the conclusion that surveillance is legal, but an overhaul is needed to increase transparency. The suggestion that GCHQ's interception of emails "does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance" is likely to be met with skepticism. But what's likely to raise more eyebrows is the revelation that the agency has apparently managed to crack encryption.
Cyber attacks rise as confidence in avoiding them falls
According to a new survey by the CyberEdge Group although IT security spending is increasing, confidence is falling, with the majority of respondents expecting to be breached in the next 12 months.
The survey of more than 800 security decision makers and practitioners finds that more than 70 percent of respondents' networks had been breached in 2014, which is a 62 percent increase from the previous year.
BetterCloud provides added security for Google Apps
There's no doubt that cloud office platforms offer gains in productivity and easier collaboration, but they also present challenges for information security teams who need to limit content sharing.
For organizations that must comply with industry regulations like HIPAA this can lead to significant legal risk which, until now, was extremely difficult to mitigate.
Panda Security identified itself as malware, quarantined its own files
Security software can be inherently dangerous. That appears to be a statement that doesn't seem to make sense, but it does none-the-less. We've seen it time and again, as well-meaning tools cause chaos with computers. The problems over the years have run the gamut from endless reboots to dead systems to files "accidentally" removed. The software has the best interest of the user in mind, but sometimes it goes too far, treading beyond the line of safety.
Such is the case in this latest incident which affected customers of the popular anti-virus program, Panda Security. It is not the first, nor likely the last, to cause these issues. By it's very nature, the programs search for files identified as malicious. The problem arises from the definitions it installs with each update. These are designed to search for malware, but can also appear as the culprit for which they are looking for.
The next generation of CryptoWall malware emerges
After a short-lived hiatus, the creators of CryptoWall have re-emerged with the next generation of the devious malware, coined "CryptoWall 3.0". Just as security experts thought they had a handle on the original threat, the emergence of version 3.0 sparks debate as to what signals to look out for and how to protect against the rise of ransomware variants.
So what's new? Since making its debut last fall and wreaking havoc on thousands of businesses and individuals globally, CryptoWall is the biggest name in ransomware threats. Its predecessor, Cryptolocker, started the snowball effect in 2013 as one of the first ransomware strains to enter the marketplace.
The pressures faced by professionals fighting cyber crime
IT security professionals faced increased pressure to secure their organizations in 2014 and expect that pressure to further increase this year.
A new report from managed security services company Trustwave reveals a number of issues including pressure to roll out IT projects such as cloud and mobile applications despite having unresolved security issues; the pressures of being understaffed while security threats mount; and increasing pressure from executives to protect information while being resource-constrained.
Microsoft reports the progress of its Superfish hunt
The hubbub surrounding Superfish has died down in the news now, but that doesn't mean the problem has been eradicated. Not only has the fiasco hurt consumers it has eroded the reputation of computer maker Lenovo. To its credit the company acted quickly, working with Microsoft and Superfish to alleviate the problem and attempt to regain consumer trust.
Microsoft aided on the Superfishing trip by adding the Win32/CompromisedCert to its Malicious Software Removal Tool, which is included in all modern versions of Windows. Many customers likely don't even know this tool is there, as there is no icon for it. It will run on its own in the background, but a manual launch can be accomplished by accessing "Run" and typing "MRT".
Dropbox SDK vulnerability puts billions of Office files at risk
A flaw in the Dropbox SDK for Android could potentially put large numbers of MS Office files stored in the cloud at risk.
IBM's X-Force Application Security Research team has discovered a severe vulnerability in Dropbox's software development kit (SDK) used by Android app developers to connect to Dropbox so users can tap into their files via an app.
How to thwart spear phishing attacks
Many of the recent, large data breaches such as Target, Anthem, and Sony started with a sophisticated spear phishing attack: an email targeted at specific individuals within a corporation that is engineered to look legitimate and fool even tech-savvy users. The email either has a malware-laced attachment or a malicious link that when opened installs malware in order to attempt to gain system access and steal data.
Unfortunately, since stealing data is lucrative nowadays, these spear phishing attacks are often very sophisticated and hard to spot since they have been composed with considerable effort and target only a small number of individuals. The emails look legitimate so regular spam filters cannot identify them and not all anti-malware engines will always be able to detect the malware in the attachment. So what can companies do to protect themselves against spear phishing attacks?
The sky is falling and the FAA isn't ready
According to a new report by the US Government Accountability Office (GAO), the US airspace system is incredibly vulnerable to hacking and a state-sponsored hacking effort could paralyze air traffic over North America. Very scary stuff. And as a licensed pilot for 45 years, I can tell you that it’s both true and not true, that the system is horribly hackable but that very vulnerability might be what we need to stimulate real airspace innovation.
Ask any American pilot how they feel about the US Federal Aviation Administration (FAA) and you’ll get variations on the same negative theme. It’s not that pilots love-hate the FAA: there’s no love about it. Pilots tend to hate-ignore the FAA, which is generally viewed as a vindictive regulatory agency caught-up in internal politics and bullshit (that’s a technical term for bureaucratic lethargy). Nobody loves the FAA.
Xiaomi Mi 4 flagship riddled with malware and uncertified Android version, or is it? [Update]
Updated at 18:00 IST: Bluebox and Xiaomi are now confirming that the handset the security firm tested was a counterfeit product purchased through an unofficial channel. You can read Xiaomi's full statements below.
Xiaomi’s Mi 4 is one of the best smartphones you cannot purchase so easily -- but it might be for the best, it seems. Don’t get me wrong: The Mi 4 packs in top-of-the-line specifications, the latest Android-based operating system, and is incredibly cheap, but if data security firm Bluebox's latest report is to be believed, it also comes with malware and a host of other issues. The handset seems to have been tampered with by an unidentified third party, however. We’ll have more details on this later today.
Down but not out, VBA malware makes a comeback in Microsoft Office
While malware for Microsoft's Office platform has been around just about as long as the suite, we've heard less about it in recent times. That is changing though as new threats surface, altering the landscape a bit. The latest problems are really just a new iteration of the older ones, utilizing a tried and true attack vector.
That line of attack comes from the code itself, using Visual Basic for Applications (VBA). Security firm Sophos is reporting a rise in incidents of this across various parts of the suite. The code is unfortunately open to these flaws.
Reports that uTorrent silently installs Bitcoin crapware are... crap
Sometimes it's easy to be swayed by what's being written online. At the moment there are lots of stories creeping out about the iPad Pro and Apple Watch, none of which are founded in any fact whatsoever. Still, making stuff up, popping it in quotes and attributing it to an anonymous source is great fun, right?
It may be fun, but it's not really fair on the reader. Another story which popped up on my radar today was about uTorrent -- the popular BitTorrent client that's loved and hated in equal measure. Stories on Trusted Reviews, Engadget and the Verge suggest a Bitcoin mining tool called Epic Scale is installed without permission, and is a tricky blighter to remove. There's an easy way to find out; let's just install it.
Financial companies seek cloud strategy for secure relationship
Cloud technology is being adopted across a wide range of industry sectors and financial companies are no exception. But a new report from the Cloud Security Alliance suggests that many of them are still looking for the right strategy.
The survey targeted executives from banking, insurance and investment firms around the world. Whilst it found that cloud computing is becoming more and more prevalent throughout the financial sector, many respondents still don't have a firm strategy.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.