New vulnerabilities kick off 2015
There's always that tiny glimmer of hope that in some way a new year is going to be somehow different from and better than the one that went before.
Usually it's extinguished quite quickly and it seems that, in software terms at least, 2015 is no exception according to the latest vulnerability report from Secunia released today.
Worldwide Equation Group hid undetectable spyware on hard drives
In a new twist to the on-going NSA story, security firm Kaspersky Lab has discovered that a threat actor of previously unknown complexity and sophistication has been embedding surveillance software on hard drives produced by a number of well-known manufacturers. With names such as Western Digital, Seagate and Toshiba mentioned, and the reach of the spy program stretching to dozens of countries, it's not clear quite how many people may be affected.
Although Kapersky does not go as far as naming the NSA, or even specifying which country is responsible for the advanced surveillance, it seems that the spying campaign is somehow related to Stuxnet -- the tool used by the NSA to attack Iran -- and the Flame group.
Microsoft leads the way with adoption of first international cloud privacy standard
The gradual push of just about everything to the cloud means that security and privacy are of greater concern than ever before. This is true for everyone who makes use of cloud services like OneDrive and Azure, but it is of particular interest to enterprise customers.
Today Microsoft has become the first major cloud service provider to adopt ISO/IEC 27018, the world’s first international standard for cloud privacy. The idea is to ensure that there is a global standard that determines how personal data privacy is handled in the cloud. The standard equips people with a number of assurances.
Malware on the increase as Android and Windows battle for 'most infected' top spot
According to a new report from telecommunication company Alcatel-Lucent's Motive Security Labs security threats to mobile and residential devices and attacks on communications networks all rose in 2014.
It estimates that 16 million mobile devices worldwide have been infected by malware. It also points out many retail cyber-security breaches in 2014 were the result of malware infections on cash registers or point-of-sale terminals, not online stores, so shopping offline isn't guaranteed to keep your details safe.
Valve blocks talk of Kickass Torrents in Steam chat
If you want to chat about the relative merits of Kickass Torrents, it seems that Steam chat is not the place to do it. The censoring of words deemed offensive is nothing new, but gamers have found that any messages they post which included references to Kickass Torrents or the URL http://kickass.so are stripped.
Like the Pirate Bay, Kickass Torrents has fallen victim to domain name seizures, but even though the site has been taken offline, it would appear that Steam does not want its users to discuss it. A ban on mentioning the site has been described by some gamers as "covert censorship".
Security concerns will determine which Internet of Things products come to market
The Internet of things (IoT) will overhaul the way in which we use technology and its proliferation will offer endless advantages from being able to turn on your washing when you are in the office to alerting your doctor that your heart rate has risen.
However, the premise of connecting all things to the Internet carries with it a corollary statement; everything that can be connected to the Internet can be hacked which raises a host of security questions.
Google relaxes Project Zero bug disclosure policy after Microsoft complaints
Google managed to ruffle a few feathers recently by disclosing bugs and security problems in widely used software. Project Zero is used to encourage companies to fix issues that have been detected by imposing a 90-day deadline before details of the vulnerabilities are made public.
Microsoft was angered a month ago when Google published details of a security issue in Windows 8.1 just a few days before a patch was due to be released. A few days later, two more bugs were revealed leading to complaints not just from Microsoft but from software users. Now Google has backed down and announced a slight relaxing of its previously strict 90-day disclosure policy.
Kaspersky Lab says malware is used to steal millions of dollars from banks
However much money you have flowing through your bank account, you probably take measures to keep it secure. You protect your PIN, you use secure passwords for online banking, and ensure that your computer is free from keyloggers and malware. It's only right that you expect your bank to be similarly eagle-eyed about security... right?
A new report from security firm Kaspersky Lab shows that banks' security is not up to the standard that many would expect. In fact Kaspersky says that sophisticated malware has allowed criminals to help themselves to up to $1 billion. Has your bank been hit? The affected financial institutions are now aware of the attacks, but non-disclosure agreements and on-going investigations prevent them from being named.
Google sticks to its guns, will continue to publicly disclose security vulnerabilities
Google risks incurring the wrath of its competitors after announcing it will continue to disclose any security vulnerabilities that are not fixed within 90 days.
The search engine giant’s "Project Zero" identifies high-profile bugs with the aim of creating more secure products for customers everywhere. However, recently the scheme has been criticized as a way for Google to embarrass its technology rivals.
Apple boosts iMessage and FaceTime security with two-factor authentication
It's something that has been supported by iCloud for a while now. Bringing two factor authentication to iMessage and FaceTime means that messages and video chats are now locked behind an extra layer of protection.
If you log out of your iMessage or FaceTime account, the next time you try to sign in you will be prompted to activate two factor authentication. This means you'll have to log into your account and generate an app-specific password before you can continue.
US likely responsible for Iran's cyber warfare know-how
Iran might have learned advanced cyber warfare from the US, recently revealed government documents have shown.
Leaked National Security Agency (NSA) documents published by The Intercept show fears that the American cyberattacks on Iran might have helped that country develop sophisticated cyber tactics and strategies.
Business security and dating apps don't match
People using the same smartphones privately and for work are putting their company’s security at risk, a new study shows.
According to a study by IBM, millions of people are using company smartphones for dating sites and apps, and are exposing themselves -- and their companies to theft, hacking and spying.
When you die Facebook will grant your 'legacy contact' access to your account
Have you prepared for the day you die? Let people know if you want to be stuck in a hole in the ground, cremated and scattered in an awkward place, or just left at the side of the road to be picked at by passing foxes? While you may have considered what happens to your lifeless meatsack and your worldly belongings, what about things in the digital realm?
Facebook has just taken a step that will make it easier for a designated loved one to take control of your account. Your 'legacy contact' will be able to set up a memorial to you and download your account archive.
Antivirus tools miss almost 70 percent of malware within the first hour
Threat protection company Damballa has released its latest State of Infections report for the fourth quarter of 2014 which highlights the limitations of a prevention-focused approach to security.
The report finds that within the first hour of submission, AV products missed nearly 70 percent of malware. Further, when rescanned to identify malware signatures, only 66 percent were identified after 24 hours, and after seven days the total was 72 percent. It took more than six months for AV products to create signatures for 100 percent of new malicious files.
Hacker finds vulnerability in Facebook, can delete your photo albums
Like it or not, Facebook has become almost ubiquitous in today's world. Most people you know, both young and old, are on there. Worse, some folks keep memories of their lives stored on the service, including precious photos that, in some cases, may not be backed up in any way. It feels safe, after all, Facebook wouldn't lose them, right? Not so fast.
This is less about Facebook losing them, I'm sure it has backups, but more about a third-party taking them away. That sounds scary, but a security researcher has proven it's possible. Laxman Muthiyah posted his findings along with details of how the exploit works.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.