Phishing attacks just got a whole lot easier. A German security researcher named Sabri Haddouche has recently discovered a set of email vulnerabilities that have been collectively dubbed "Mailsploit." At the root, these vulnerabilities stem from the way most email systems interpret addresses encoded with a 1992 standard called RFC-1342. The standard is that all information in an email header must be an ASCII character. If a non-ASCII character is encountered, it gets converted. … Read more
Some Websites Can Force Your Computer To Mine Cryptocurrency
Researchers at Malwarebytes have discovered a new exploit that allows malicious website owners to use your PC to mine various forms of cryptocurrency, even if you exit the browser window the malicious site was displayed on. The exploit relies on a smart pop-under trick. A code on the website determines your monitor's resolution and places a ghost browser session sitting behind the clock on the MS Windows task bar, where it continues to mine cryptocurrency, utilizing a portion of your CPU's … Read more
Some Computer Manufacturers Are Disabling Intel Chip Firmware
Intel is catching some flak for releasing CPU technology that's filled with security flaws. At issue is Intel's Management Engine (ME), which is designed for Enterprise use and is of no real value on equipment designed for personal or home use. Although many popular PC and laptop manufacturers, including Acer, Panasonic, Lenovo, Fujitsu, HP, and others are selling equipment with Intel ME enabled, so far, three hardware vendors have opted to disable the firmware. These three vendors are … Read more
Ransomware Attackers Are Increasing Their Attacks On Businesses
The ransomware ecosystem is maturing. Strains are divided into "families" and the number of new families that have been discovered in 2017 is half what it was in 2016. Even so, the total number of attacks targeting businesses have risen by 26 percent over last year's totals, according to the latest statistics released by Kaspersky Lab. Rather than inventing wholly new software strains, hackers around the world seem content to modify existing strains, with the number of modifications growing … Read more
Paypal-Owned Company Sees Breach Of 1.6 Million Customers
TIO Networks, a cloud-based, multi-channel bill payment platform purchased by Paypal for $233 million in 2017, was breached earlier this year, exposing PII (Personally Identifiable Information) for an estimated 1.6 million of the service's users. TIO Networks primarily does payment processing and accounts receivables for cable, utility, wireless and telecom companies in North America. If you do business with TIO, it's possible that your company or personal information may have been … Read more
Former Employees Pose Serious Risk To Security
The Department of Health and Human Services' Office for Civil Rights (OCR) has reminded those who deal with PHI and PII of the dangers that terminated employees can pose to system security in their monthly cyber security newsletter. Their advice is as timely as it is excellent, and includes the following: "Making sure that user accounts are terminated so that former workforce members don't have access to data is one important way Identity and Access Management can help reduce risks posed by … Read more
Many Consumers Would Withdraw Business From Companies If Data Breached
You've probably heard the phrase "the customer is always right" a thousand times. It's a truism in the business world, except when it isn't. A recent survey released by Gemalto reveals a dismaying dichotomy that's costing businesses around the world big money. Only 27 percent of consumers surveyed feel that businesses do enough to protect customer data, and an overwhelming 70 percent of them say that they'd take their business elsewhere if a company suffered a data breach. Unfortunately, … Read more
Windows 10 Now Installed On Over 600M Machines
When Microsoft first released Windows 10, the company boasted that it would try to get its new OS running on a billion devices by 2018. Time and circumstance have conspired to make that lofty goal unlikely, and the company has since retreated from it. However, according to statistics released at a recent shareholder's meeting, there are now more than 600 million devices utilizing it, including PCs, tablets, HoloLens headsets, Surface Hubs and Xbox One consoles. It's an impressive number, … Read more
Look And Feel May Change In Future Windows 10 Update
Microsoft is experimenting with a new feature that may change the look and feel of Windows 10 in some future update. The new approach is referred to as "Sets," which borrows from the playbook of modern web browsers and groups related applications into tabbed sets, with the groupings defined by project type. The applications you need to make use of on any given project will be grouped together, even if the last time you used a given app was several weeks prior. Essentially, this approach is … Read more
Fake Symantec Blog Post Is Spreading Mac Malware
Sometimes hackers opt for a stealthy approach. Other times, their attempts are downright brazen. That's definitely the case with a newly launched malware campaign that seeks to spread "Proton Mac," a strain of malware designed to steal passwords from Mac users. The hackers registered a domain very similar to Symantec's blog, mirrored its content and then created a fake post about a new version of CoinThief, which was moderately successful back in 2014. After going into a bit of faux … Read more
