Vulnerable mobile apps are not being patched -- millions of people at risk
Vulnerabilities in software are a fact of life; only a fool would say any code or method is perfect. The moment you fall into that trap of dangerous thinking, you have let your guard down.
So while vulnerabilities will happen, and must be accepted, how the developer responds to the flaw is the true test and measure of its security. In other words, if a vulnerability should always be expected, so too should a prompt patch to fix it. Sadly, McAfee Labs finds in a new study that this is not the case. Many insecure and vulnerable apps are found to not be patched, months after the flaw-discovery. Yes, months.
The billion dollar Carbanak bank heist could have been easily avoided
This month, the $1 billion bank heist affecting up to 100 financial institutions has highlighted a growing gulf of miscommunication between chief executives of large organizations and their IT departments.
Kaspersky Lab reports that, working with international law enforcement agencies Interpol and Europol, it discovered that the gang, dubbed Carbanak, used malware enabling it to see and record everything that happened on staff’s screens. These and other recent high profile cyber-attacks, such as that which recently saw 76 million customer accounts hacked at financial institution JPMorgan Chase, are forcing organizations such as banks to examine why cyber criminals see them as easy pickings. Some are rapidly reaching the conclusion that they need to plug any security holes not only in their own networks but also in those of their advisers and partner companies.
Old threats still dominate the security landscape
Most of the biggest IT security risks aren't new but are threats that have been around for years or even decades.
This is one of the findings of the latest HP Cyber Risk Report published today which looks at pressing security issues facing enterprises during the previous year and indicating likely trends for 2015.
Despite hack by NSA and GCHQ, Gemalto's SIM cards are safe, says the company
Gemalto, the world’s largest producer of SIM cards, which made headlines last week for reportedly gettings its encryption keys stolen by the mighty NSA and GCHQ spying agencies, says its SIM cards, as well as banking cards, passports and other products are secure, a conclusion it reached after conducting a round of initial investigations.
The Intercept published a detailed report last week based on confidential documents it gleaned from whistleblower Edward Snowden, in which it revealed that America’s NSA and UK’s GCHQ hacked the systems at Gemalto to steal the encryption keys. By getting access to the keys, the agencies were able to directly tap phone calls, and monitor messages, among other things, on millions of mobile phones.
OS X, iOS and Linux have more vulnerabilities than Windows
It might come as something of a surprise, but Windows is more secure than not only Apple's iOS and OS X, but also Linux. I'll just let that sink in for a moment...
Windows, the operating system ridiculed for its vulnerabilities and susceptibility to viruses is actually more secure than the supposedly Fort Knox-like Linux and OS X. This startling fact comes from the National Vulnerability Database (described as the "US government repository of standards based vulnerability management data") which details security issues detected in different operating systems and software titles.
Lenovo redeems itself with open source Superfish removal tool
What do you do when you are facing scrutiny in the media? Damage control. You see it all the time with celebrities. A famous actor or musician does something wacky or stupid and ends up crying to Oprah, or going to rehab.
If you are a respected computer manufacturer, what do you do to fix a tarnished image? Open source. Nothing makes computer nerds more giddy than hearing that software is open source and the source code is available to investigate. Today, Lenovo releases an official open source Superfish removal tool under the Mozilla Public License.
NSA and GCHQ hacked world's biggest SIM card manufacturer to steal your data
In mid-2013, Edward Snowden revealed that the government-backed agency NSA monitored everything happening on the Internet, including spying on individuals' phone calls, messaging, and emails to glean information and pinpoint suspicious activities in an attempt to stop the growing terrorist acts.
Since the revelations -- which changed everyone's perspective on privacy -- the leaked information from Snowden and acceptance from major technology companies have given us an understanding of how the NSA managed to get our data from the services we heavily rely on. Essentially, either providers agreed to turn over our data or the NSA found another way, a backdoor, to obtain it. But how it manage to tap our phone calls was mostly unclear. Last year, Vodafone did acknowledge that it allowed the NSA to place surveillance tools inside its data centers. But as it turns out, the agency had more ways to log our phone activities.
Lenovo loads dangerous Superfish adware onto new computers -- this fish stinks
Buying a new Windows computer can be a really fun moment. When you say goodbye to your aging and slow machine, and start fresh with a new model, everything seems faster and peppier. Unfortunately, many manufacturers pre-load unwanted software on these computers, causing headaches and wasted time for the consumer. It can take hours to uninstall all of the stuff you do not want.
Sadly, Lenovo has crossed a line when it comes to this practice. Along with all the the usual added software (bloatware), was a piece of adware called Superfish. From a security standpoint, it could potentially put customer data at risk with man in the middle attacks, which in turn threatens the manufacturer's reputation.
Large enterprises targeted by mobile Trojans
Mobile cyber threats are more common and more sophisticated than ever before, with a number of high profile threats in the past year.
According to a new report from security companies Check Point and Lacoon Mobile Security, this means mobile devices are growing into a serious threat to the enterprise.
Fighting cyber threats hampered by disconnect between IT and business
A disconnect between systems leaders and business leaders coupled with a lack of resources is keeping enterprises from properly addressing cyber threats.
This is according to a new study commissioned by defense and security company Raytheon and conducted in conjunction with the Ponemon Institute.
SOAP vulnerability leaves Netgear routers open to hackers
Owners of Netgear routers are warned that their wireless security keys and admin password could be accessed by hackers. A security vulnerability has been found in the SOAP service embedded in some Netgear network devices that could be abused with specially designed HTTP requests.
Routers can be tricked into executing commands even if they originate from an unauthenticated session, potentially exposing sensitive information to hackers. For anyone with remote management enabled on their router, there is the added worry that all of this could be carried out by someone without physical access, or who is not in close proximity, to the network. A number of Netgear routers are affected.
Samsung lied -- its smart TV is indeed spying on you and it is doing nothing to stop that
About 70 years ago, English novelist George Orwell wrote 1984, a controversial novel which visioned of a fictional dystopian place called Oceania where people had no real privacy. As Orwell described, residents of Oceania had two-way telescreens so that they may be watched or listened to by government authorities. The book was written way ahead of its time, and while it didn't make much sense back then, a lot of assumptions Orwell made in 1984 are coming true now.
Samsung's smart TVs are in the news once again. Not for impressive sales figures -- something the South Korean technology conglomerate would definitely appreciate -- but for jeopardizing its users’ privacy.
Your Android device may be spying on you even when it's 'off'
Much is made of the "Android malware problem", but the truth is, there isn't a very bad problem. That does not mean there is no problem though. Visuses for Google's mobile platform do exist and some folks manage to let phones and tablets contract a virus. Now a new and interesting bug seems to be floating around.
According to security software maker AVG this latest malware comes with a unique feature -- it can spy on you when you think your device is shut off. It does so by mimicking the shutdown screen, but not actually powering off the handset.
Don't go to RedTube without protection -- the adult site could give you a nasty infection [updated]
Yesterday I reported how Jamie Oliver’s website was serving up malware to unsuspecting visitors. It was a problem that was quickly fixed, but a worrying one seeing as the website has over 10 million visitors a month.
Now today, Malwarebytes -- which first discovered the Jamie Oliver exploit -- reports another compromised site that’s even more popular. Adult website RedTube.com sees over 300 million visits a month (some shorter than others), and currently has a malicious iframe in its source code.
Celebrity chef Jamie Oliver serves up an unpleasant malware surprise
Most web-based threats come from malicious adverts placed on websites (aka malvertising), but Malwarebytes has discovered a well hidden malicious injection on the official website of Jamie Oliver which redirects unsuspecting visitors to an exploit kit.
The compromised site -- www.jamieoliver.com -- is currently ranked 519 in the UK (5,280 in the world), according to Alexa, with around 10 million visitors a month, which makes it a valuable target for hackers.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.