By now, you've almost certainly heard of "Spectre," one of two recently discovered security flaws that impact every chip made by Intel in the last ten years. The story of Spectre, and Intel's response to it has been an interesting one. In response to the flaw's discovery, Intel rushed a firmware patch, but quickly had to take it back and recommend that users not install it, because it created as many problems as it solved. Intel has since released a better, more stable patch, but hasn't … Read more
Massive Malware Attack Stemmed From Bittorent App
According to a Microsoft security researcher, a massive malware attack attempted to install a cryptocurrency mining software on more than 400,000 computers in less than twelve hours. The failed campaign is noteworthy because of the attack vector used. It was a supply chain attack implemented by compromising Bittorrent, a highly popular program used to share and download files. Until recently, security professionals discounted the very possibility of supply chain attacks, regarding them as … Read more
New Freemium Offer Mines Cryptocurrency
Freemium software is certainly nothing new. They are free apps that offer premium features if you don't mind ads displaying while you're using it or paying a small fee to have the ads removed. At least one company is trying a new business model on for size, albeit with limited success. The company is Qbix, and their freemium app is called "Calendar 2." It's a solid calendar app with more features than Apple's default app, and the Qbix offers its users premium features if they're willing to … Read more
Attacks on Health Organizations Increasing At Alarming Rate
It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world. Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target: Health Organizations. According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017. It gets … Read more
Beware Fake Craigslist Email Could Contain Ransomware
If you post ads on Craigslist for short term employment, be aware that there's a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users. By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist's "Gigs" section for short term employment. The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are … Read more
New And Potentially More Dangerous Intel Vulnerability Discovered
The "Spectre" vulnerability that impacts literally every Intel chip made over the last decade keeps finding new ways to make the news. In this instance, researchers at Ohio State University have discovered a new variant of the vulnerability that they have dubbed "SGX Spectre." To understand how it's different, a bit of explanation is in order. SGX stands for "Software Guard eXtensions," and is a feature only found in the latest Intel processors. It allows applications to create "data … Read more
Microsoft To Help Intel With Security Issues
By now, you've almost certainly heard of the "Spectre" and "Meltdown" security flaws that affect every Intel chip produced in the last decade. Users have been waiting for a fix for both of these since January, when the issues were first discovered. From the beginning, Microsoft agreed to include the fix for Spectre in its regular software updates but insisted that Intel and PC manufacturers would have to push the Meltdown fix on their own. Unfortunately, the overwhelming majority of users … Read more
Trustico CEO Leaks HTTPS Certificate Keys Through Email
The CEO of Trustico, a TLS certificate reseller based in the United Kingdom, finds himself at the center of a controversy that raises a number of disturbing questions about browser-trusted security certificates. The email in question was sent to Jeremy Rowley, an executive Vice President at DigiCert. The catalyst that prompted the fateful email was that officials at Trustico notified DigiCert that 50,000 certificates originally issued by Symantec and resold by Trustico had been compromised … Read more
Another 2.4 Million Users Hacked In Equifax Breach
It looks like it's going to be another bad month for Equifax. The company just can't seem to get out of its own way. In 2017, the company announced a massive data breach that (it initially claimed) impacted some 140 million users. Several months after the official announcement, the company was forced to revise the number of impacted users upward, as the forensic investigation into the breach continued. Now, the company has announced a further upward revision of 2.4 million, bringing the … Read more
Mi-Cam Baby Monitor Video Feeds Vulnerable To Hacking
Do you have a Mi-Cam in your home? Even if you don't have kids, you may have one. They're a highly popular, inexpensive means of keeping tabs on the comings and goings inside your home when you're not around. As with so many such devices these days, users have the option of installing either an Android or iOS app on their phones so they can peek in remotely, any time they like, and therein lies the problem. It's no secret that the IoT is filled with "smart" devices that don't live up to … Read more
