Panera Bread company is the latest to find itself in hot water. Recently, security researcher Dylan Houlihan discovered that the company had failed to encrypt (or otherwise protect) a file containing usernames, email addresses, physical addresses, phone numbers and loyalty account numbers for a staggering thirty-seven million of its customers. The file was found stored as plain text, and accessible to anyone who bothered to go looking for it. The good news is that no one appears to have … Read more
No Spectre Fix For Certain Intel Processors
The bad news just doesn't seem to stop where Intel and the Speectre vulnerability are concerned. The latest bit of news comes directly from Intel, as the company admits that it's just not possible to address the Spectre vulnerability in some of its older hardware. This means that nine families of chips and more than 230 models of computers (mostly manufactured between 2007 and 2011) will remain vulnerable to Spectre forever. The company has stopped Spectre mitigation development on the … Read more
Microsoft Helping With Ransomware In Office 365
Microsoft recently made small but significant changes to its Office 365 subscription service and to OneDrive, which are often used in tandem. The goal is to make it easier for users whose files have been encrypted by ransomware (or otherwise corrupted) to recover them. The most significant of the changes is a new button that Office 365 users will see a new "File Restore" function in both applications. If you've saved your Office 365 files to OneDrive, you'll be able to restore files in a … Read more
Most “Wannacry” Hacks Were On Windows 7 Machines
Last year's Wannacry attack was bad, but in many ways, it was a self-inflicted wound. According Webroot's recently published "Annual Threat Report," almost all of the machines that succumbed to the Wannacry attack were running Windows 7. That attack is estimated to have caused in excess of $4 billion in total losses. The central problem is that businesses have been much slower than individuals to make the shift from Windows 7 to the much more secure Windows 10. For example, in January … Read more
Hackers Zone In On Microsoft Products To Attack
Congratulations to Adobe Flash Player for not being the software most targeted by hackers. Security vendor "Recorded Future" has just published their annual list of the software hackers most commonly focus on when targeting computers and handheld devices for attack. For the last several years, Adobe's Flash Player has topped the list, but this year they have been dethroned. Microsoft now has the embarrassing honor. There are multiple Microsoft programs on this year's list, with some of them … Read more
Huge Spike in Malware With Mining Capabilities
There's a new type of hacking attack to be concerned with, and it's growing by leaps and bounds. Called "Crypto-Jacking," it's a process by which malicious code is placed on websites. When the sites are visited, the code secretly siphons off a portion of the affected user's PC, laptop, or smartphone's processing power and uses it to mine for various cryptocurrencies so that the hackers can profit from it. Kevin Haley, the Director of Symantec's Security Response Team, had this to say about … Read more
MyFitnessPal User Information Data Breach Affects 150 Million
Another week, another high-profile data breach. This time, it's Under Armour in the hot seat. Under Armour acquired the MyFitnessPal app back in February 2015, and the company recently announced that their new acquisition was hacked in late February 2018. So far, the company is taking all steps we've come to see as usual in these circumstances. They've notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users. In conjunction with the … Read more
Another Google Service Is Going Away
If you are a fan of, and regularly use Goo.gl (the URL shortener service), brace for impact. The company has announced that as of March 30, 2019, the service will be shut down for good. Long before then, beginning April 18th of this year, only existing users will be able to shorten links via goo.gl. No new signups will be allowed. The company had this to say about the recent announcement: "The URL Shortener has been a great tool that we've been proud to have built. As we look towards … Read more
Remote Desktop Flaw Affects Every Windows Version
Researchers at Preempt Security recently discovered a critical flaw in Microsoft's Credential Security Support Provider protocol (CredSSP for short) that impacts every version of Windows in existence. It could allow a hacker to remotely exploit Windows Remote Desktop to execute malicious code and steal any data stored on the machine. The flaw, logged as CVE-2018-0886 would allow a hacker to execute a man in the middle attack, (provided that they had Wi-Fi or physical access to the machine) … Read more
RottenSys Malware Has Infected 5M Android Devices Since 2016
There's a new threat on the horizon, according to security researchers from Check Point. A group of hackers in China are busy building a massive botnet that so far, totals almost five million Android smartphones. The hackers are quietly taking control of these devices using a strain of malware known as "RottenSys." While the malware is flexible and can be adapted to any number of purposes, in its present incarnation, it's being used to display copious numbers of advertisements. This … Read more
