Subscribe to this page now.

UPS Stores hit by 'malware intrusion,' customer data possibly exposed

08/21, 3:30pm

Stores in 24 states affected by breach, spanned up to seven months in some cases

The UPS Store, Inc. reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff" according to the New York Times.

more

Heartbleed suspected to be point of entry for CMS records breach

08/20, 5:15pm

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

more

Symantec condenses security line-up into one suite, Norton Security

08/20, 4:15pm

Software line drops nine different programs, new software launches September 23

Symantec announced earlier this week that it would be issuing a sweeping change to its line of antivirus software to offer consumers a single solution. Starting September 23, the company will begin offering Norton Security for around $80 per year. The change effectively ends releases of Norton Antivirus, the company's main product line that has seen annual releases since the early 90s.

more

Apple's iMessage accounts for 30 percent of all mobile spam messages

08/20, 1:28pm

AppleScript, multi-platform hooks make spamming easier

Over 30 percent of all mobile spam messages are now being sent through Apple's iMessage system, claims Tom Landesman, a security researcher at Cloudmark. Many of the messages are pushing fake luxury products such as sunglasses and handbags. Landesman explains that spammers are - or were - taking advantage of several aspects of Apple's ecosystem. However, Apple has responded to the charge and said that some countermeasures have been implemented.

more

New malware stealing advertising revenue from jailbroken iOS devices

08/20, 9:08am

Package changes developer ad ID with that of assailant with Cydia Substrate

A new piece of malware started infecting jailbroken iOS devices earlier this year. The "AdThief" or "Spad" package hijacks advertising clicks and revenue, and redirects them to the author of the package, rather than the developer who inserted the advertising in the first place. The malware is simple and low profile -- it replaces the developer's ID with the attacker's ID.

more

Gatekeeper changes unconnected to Dev Center hack, sources claim

08/19, 3:13pm

Re-signing mandatory for existing apps

Despite recent claims, a Dev Center security breach may not be why developers are being asked to re-sign Mac apps using OS X Mavericks, sources say. An alternative reason for the switch hasn't been mentioned, but unnamed sources are countering reports yesterday from other unnamed sources. In the earlier rumors, it was claimed that one or more hackers had managed to obtain not only Gatekeeper keys but "virtually every key Apple used for everything."

more

Apple seeds fourth beta of OS X 10.9.5 to developers, AppleSeed

08/19, 2:27pm

Gatekeeper added to testing list

Apple has posted a new beta of OS X 10.9.5 for developers and AppleSeed participants, identified as build 13F18. Testing areas remain largely the same -- including Safari, graphics, Thunderbolt, and USB/USB smart cards -- but with the addition of a significant change to Gatekeeper, Apple's app-signing security feature. "Signatures created with OS X version 10.8.5 or earlier ('v1 signatures') are obsoleted and will no longer be recognized by Gatekeeper," Apple reminds the developer audience. "To ensure your apps will run on updated versions of OS X, they must be signed using the codesign tool on OS X version 10.9 or later ('v2 signatures')."

more

Microsoft pulls four Windows 8.1 patches over instability, crashes

08/19, 12:42pm

Microsoft-provided fix involves registry modification, manual deletion

Plagued by crashes, Microsoft has retracted its Windows patches from August 12. Users that have installed patches 2982791, 2970228, 2975719 and 2975331 are at risk of system instability, or a "0x50 Stop" error on startup, which prevents the system from booting. A fix requires either a clean OS install, or registry modification to purge the afflicted updates.

more

Gameover Zeus resurrected with more robust control server connection

08/19, 10:07am

New malware not stealing info, passwords; just growing

The Gameover Zeus botnet has re-appeared in stronger form, with most of the infections taking place inside the US. The new botnet implementation doesn't rely on the peer-to-peer methodology of the parent strain, but instead relies on a more flexible, and harder to stop, domain generation algorithm (DGA) to determine how the malware botnet will connect with command-and-control servers.

more

Report: Dev Portal security breach prompted Gatekeeper change

08/18, 11:00pm

Enterprise Signing Key, Activation Lock keys could have been compromised

An unidentified Twitter user is claiming that recent changes to Gatekeeper in OS X Mavericks and OS X Yosemite which has forced developers to re-sign their app credentials is actually the result of a security breach that successfully pilfered the Gatekeeper keys and possibly "many other keys for many other things," according to the user. A corraborating source was located by TUAW that has allegedly confirmed the breach and tied it to the recent alleged Activation Lock hack.

more

Community Health Systems admits breach, 4.5 million patients affected

08/18, 6:34pm

Personal information including social security numbers stolen, no medical information

Today, in a filing with the United States Securities and Exchange Commission (SEC), medical services provider Community Health Systems (CHS) revealed that it was the victim of a cyber attack that spanned a three-month period. According to the filing information, personal information from around 4.5 million patients was stolen, including Social Security numbers.

more

Google reportedly implementing child-friendly services, protection

08/18, 5:05pm

Child-focused version of YouTube allegedly in development

Google is adapting its services to cater for a younger audience, as the company attempts to make a play for a new generation of user, a report claims. The search company is allegedly working on various child-friendly services which children under the age of 13 will be able to use, provided it receives permission from the child's parent or guardian beforehand.

more

Supermarket chains Supervalu, AB Acquisition LLC announce breaches

08/17, 2:21pm

Breaches target 209 Supervalu stores, AB Acquisition stores in 21 states

Last week, supermarket chain Supervalu announced that it discovered an intrusion into part of its computer network, specifically for the portion that processes payments with debit and credit cards. The company believes that card data may have been stolen from 209 of its standard and franchise stores. A day prior, AB Acquisition LLC announced that its systems were breached, but was said it had yet to determine if any cardholder data had been stolen.

more

Chinese iCloud data now being housed on China Telecom servers

08/15, 10:57am

Apple tries to assuage privacy concerns

Apple is now hosting Chinese iCloud content on a mainland datacenter operated by China Telecom, the company has confirmed to Reuters. Questions were raised when the city of Fuzhou posted a notice on its website confirming the transfer of content to the datacenter, but then retracted the statement. The message indicated that Apple actually began the project 15 months ago, but only finished it on August 8th.

more

Anonymous attacking St. Louis police, shooter's name released [u]

08/14, 11:03am

Collective has already released information on Ferguson police chief

[Updated with release of police respondent's name, which may be incorrect] Hacker collective Anonymous has allegedly penetrated the St. Louis County police dispatch computer system, and has released audio excerpts from the day that an unarmed African-American man was shot by police. The "OpFerguson" event underway by Anonymous has crippled Ferguson City's website, and already leaked some details about local police -- a very recent tweet by Anonymous has given the city very little time to respond, and has now released the officer's name involved in the shooting. However, the St. Louis police department claims the collective is wrong, and the person named is an "innocent citizen."

more

Safari updated for Lion and higher with security patches

08/13, 7:01pm

WebKit vulnerability, memory corruption, other issues addressed

Seven potential security and stability flaws in the WebKit engine that drives Safari have been identified and fixed in a new update for the default Mac web browser, which was released on Wednesday. The patch updates the version numbers to 6.1.6 for older OS versions going back to Lion (OS X 10.7.5), and to 7.0.6 for Mavericks (10.9.4). Problems with a WebKit vulnerability that could cause crashes, alongside some memory corruption issues, prompted the update.

more

Snowden, declassified documents reveal more of NSA's activities

08/13, 2:50pm

Two-day Syrian Internet blackout blamed on failed NSA hack

The National Security Agency (NSA) was behind the two-day Internet blackout of Syria in 2012, claims whistleblower Edward Snowden. The accusation, alongside claims that the NSA is working on an automated malware killer, from Snowden comes at the same time as a separate report appearing to show the NSA collected far more information than was legally allowed.

more

Android BlackPhone hacked at DefCon, BlackBerry 10 next?

08/12, 11:24am

Device hacked enabling root access, SecureCircle apps unaffected

The "super-secure" Android Blackphone has been hacked by an attendee at the DefCon conference. In less than five minutes, the Google-backed device surrendered root access without unlocking the Android bootloader. Initially contested by the manufacturer, the company, Geeksphone, later thanked "Justin Case" for pointing out the flaw.

more

California passes mandatory 'kill switch' legislation for smartphones

08/12, 1:57am

Brown likely to sign into law; iOS devices are already compliant

The California state Senate has passed a bill requiring cellphone manufacturers to implement, and providers to activate, a "kill switch" that can be triggered remotely in the case of theft that renders the phone inoperable and unable to be reactivated. Owners of the iPhone are long familiar with these abilities, as Apple has offered them as opt-in features for some time, but the requirement that it be activated when users sign up for service will be new to many.

more

Microsoft dumping support for old Internet Explorer versions in 2016

08/11, 1:43pm

Most recent version of Internet Explorer required for updates, support for IE8 dropped

Microsoft announced last week that it would be changing its support policy in regard to Internet Explorer. Outlined in the change is migration guidance for versions of Windows past XP, which excludes any further support for Internet Explorer 8. The software giant is urging users to enable Windows Updates to keep up with the most recent updates to Internet Explorer.

more

Xiaomi pushing out update over privacy, data reporting concerns

08/10, 5:07pm

Executive outlines technology tied to server reporting, changes including ability to opt-in

Since last month, Chinese phone and tablet manufacturer Xiaomi has been under suspicion of data practices that could be considered harmful to its user base, including the discovery of spyware installed in the Star N9500. Recent reports, and testing by a security firm, indicates that Xiaomi's smart phones, including the RedMi 1S, are reporting information back to servers in China.

more

Google, Microsoft, others throw in with Facebook in NY privacy appeal

08/09, 9:55am

Amicus briefs filed with NY Supreme Court decry overly broad warrants

Facebook is battling the New York courts over what it says are overly-broad warrants to examine user profiles and data. Supporting the social media giant, Dropbox, Foursquare, Google, Kickstarter, LinkedIn, Meetup, Microsoft, Pinterest, Twitter, Tumblr, and Yelp have all filed amicus curae ("friend of the court") briefs with courts in support of the Facebook effort, complaining that services like Facebook are multi-faceted and require more granular warrants, rather than a sweeping motion to collect all data about a targeted user.

more

Researchers discover cryptocurrency hack costing mining pools $83,000

08/08, 12:52pm

Network compromise redirected mining pool traffic to alternate server

Security researchers have discovered a vulnerability in the way cryptocurrencies, such as Bitcoin, are stored in mining pools, allowing for funds to be stolen. Discovered by the Dell SecureWorks Counter Threat Unit, the exploit has allegedly already been used at least once, with one attacker said to have acquired approximately $83,000 using the technique.

more

Chinese government officially denies banning Apple procurements

08/08, 9:27am

Apple never applied to be on energy-saving list, all parties say

The Chinese Central Government Procurement Center -- as well as the Finance Ministry, and Apple itself -- have all denied a recent Bloomberg report claiming that Apple had been deliberately excluded from procurement lists for security reasons, according to Reuters. It had been said that Chinese government agencies were newly banned from buying devices like iPads and MacBooks. All three parties involved now say, however, that Apple never applied to be on the list in question to begin with.

more

Skype confirms abrupt drop of older OS X systems support

08/08, 2:44am

Minimum Intel processor, 10.6 requirement follows eight years of updates

As a confirmation of earlier reports that Skype was locking out users of very old Macs with OS versions below 10.6 Snow Leopard, Microsoft on Thursday issued a memo that confirmed and clarified that it no longer supported the nearly seven-year-old OS X 10.5.8 or any lower releases on the Mac, and that Skype's service now requires a minimum of an Intel processor and 10.6 or later in order to work. How long Snow Leopard will be supported is unclear.

more

Russian hackers collect more than 1.2 billion unique credentials

08/08, 12:00am

Nearly 4.5 billion records in total collected, 542 million unique emails addresses

The New York Times reported earlier this week that a hacker group has collected 1.2 billion unique username and password credentials from 420,000 websites. The records, which were verified by a security firm, is thought to be one of the largest collections of Internet identity information reported. The publication had the data analyzed by another expert, who verified the authenticity of the collection but has not commented on the validity of the data.

more

AgileBits announces sale, free update on 1Password for iOS

08/07, 9:07pm

Forthcoming iOS 8 upgrade with Touch ID support will be free for current owners

According to a new announcement from AgileBits, makers of the iOS and Mac password management app 1Password, the forthcoming version for iOS 8 will be a free update to existing users. In conjunction with that, and a new report that Russian hackers may -- or may not -- have collected over a billion unique email account credentials, the company has opted to put its iOS version on sale for $10, a cut of $15 from its normal $25 price. The iOS 8 update for 1Password, expected this fall, will add extensions and Touch ID support to the password manager.

more

Google warns lack of HTTPS use by sites will impact search rankings

08/07, 10:54am

HTTPS use by sites will give slight improvement to Google search results in future

A website's usage of HTTPS to secure a connection with its visitors will soon play a role in search rankings, Google has announced. Websites actively adopting HTTPS by default for all traffic could rank higher in results listings to sites which do not use it, as the company continues to push other services online into adding more security to their sites.

more

Mozilla warns of accidental disclosure of developer network database

08/06, 7:33pm

About 76,000 email addresses, 4,000 encrypted passwords were publicly accessible

At the beginning of the month, Mozilla issued a release on its security blog that there had been an investigation into accidental disclosure of its database for the Mozilla Developer Network (MDN). The company discovered a problem after a web developer found out that the data sanitization process it runs on the MDN database had been failing. The result was that 76,000 email addresses of account holders, as well as the "passwords of about 4,000 users" were able to be accessed publicly.

more

Synology unable to aid decryption of SynoLocker afflicted devices

08/06, 1:40pm

Malware strikes un-updated Synology NAS units

Synology product users affected by the SynoLocker attack may have lost their files to the cryptoware. Representatives from Synology have informed Electronista that at this time, they are unable to provide assistance recovering data that has been forcibly encrypted by the malware.

more

Security firms provide free decryption keys to CryptoLocker victims

08/06, 11:59am

Decrypt CryptoLocker to help recover files lost to malware

Victims of the CryptoLocker ransomware may be able to unlock their files without having to pay. Security experts from FireEye and Fox IT are hosting Decrypt CryptoLocker, a site dedicated to providing keys for affected systems, allowing for encrypted files to become available to users who chose not to pay the malware creator's ransom demand.

more

China excludes Apple products from government procurements [u]

08/06, 9:31am

Cites security concerns

[Updated with Chinese government denial] The Chinese government has excluded 10 Apple products from its latest procurement list dictating which products can be bought using public funds, according to officials cited by Bloomberg. Among the banned products are all variations of the MacBook and the iPad, but not the iPhone or other Mac models. The products were on a June version of the list, but are said to have been left out as of July due to security worries, though another report quotes government officials as denying this.

more

Briefly: Parallels' service alert, Keeper Secure File Storage for iOS

08/05, 2:50pm

Parallels notifies Desktop 8 for Mac users that software will not run on Yosemite public beta

Parallels has released a service notification for users of Parallels Desktop 8 for Mac. Users considering installing the OS X Yosemite public beta 10.10 will not be able to launch Windows applications, or directly use files through Parallels Desktop 8. Parallels Desktop allows for Windows applications to run on OS X without rebooting in systems up to and including 10.9 Mavericks. In order to avoid service disruption, Parallels encourages users to upgrade to version 9 of its software. Upgrading is available for $50, with Parallels Desktop 9 for new users priced at $80.

more

Synology users plagued by SynoLocker encryption malware [u]

08/05, 2:30pm

SynoLocker demanding 0.6 bitcoin to release encrypted data

[Updated with additional info] Network attached storage device manufacturer Synology is reporting that a new form of malware is spreading to some of its customers. Dubbed the SynoLocker cryptoware, the malware encrypts data on the network peripheral, and the perpetrators are demanding 0.6 bitcoin ($350) to get the key to retrieve the files.

more

Apple to require developers to re-sign, update older apps

08/04, 9:42pm

Essentially requires all apps be recompiled for Mavericks to avoid Gatekeeper trap

A upcoming change in the way the OS X security feature Gatekeeper works is essentially going to force developers to re-build and re-"sign" their applications and submit updates to Apple for programs that need to run in Mavericks or Yosemite. The upcoming change for security purposes only affects those running the forthcoming 10.9.5 or later, but cause cause apps that aren't updated to "break" (not launch) except through bypassing Gatekeeper, which most users will be loathe to do. The change will not force users to update their OS versions.

more

China increases domestic security suppliers, removes foreign software

08/04, 1:38pm

Kaspersky, Symantec said to be excluded from procurement lists, could be due to security concerns

One of China's state-sponsored media channels is indicating that the government has removed all foreign-made software from its list of approved security software purchases. Newspaper The People's Daily posted on Twitter yesterday, indicating that Kaspersky and Symantec are now excluded from the country's government procurement channels.

more

NetShade 6 adds KeyShade password manager, UI improvements

08/01, 9:57am

Adds AppleScript, TCP-over-HTTPS support

Rayner Software has released Netshade 6, an update of its proxy/VPN client for the Mac. The main addition is actually KeyShade, a tool for storing passwords, notes, and bank and credit card info. Data is encrypted using AES-256, and synced across devices. Rayner says that a standalone version of KeyShade will be "coming soon" to Mac and iOS, but that for now it's tied to NetShade.

more

Square announces expansion into EMV chip card readers for business

07/31, 8:05pm

Payment service jumps ahead of Visa, Master Card dates to shift to chip cards

Square, a company that helped open mobile payments up to the masses, released news today that it would be expanding its device offerings with a reader for chip-based credit cards, now frequently used outside the US. While the company states that typical Europay, Master Card and Visa (EMV) solutions are costly, it will release an affordable model to enable sellers to accept the secure payments.

more

BitTorrent announces Bleep, pre-alpha decentralized chat application

07/31, 7:30pm

Company releases first chat application Bleep, currently only available for Windows

BitTorrent is making an attempt to diversify its offerings even more. While the company has said it was adding pay options to its Bundles early in the month, it has now launched a server-less chat client called Bleep. BitTorrent says that the app is created in a way that the experience is decentralized, only exposing messages and phone calls to people users choose to trust.

more

Judge upholds warrant, orders Microsoft to produce overseas emails

07/31, 6:43pm

Department of Justice warrant to obtain emails valid, judge gives Microsoft chance to appeal

A United States District Court judge ruled today that a warrant issued to Microsoft requesting emails stored in Dublin, Ireland is valid. The judge stated that the company must follow the order to produce emails involved in a criminal investigation, in spite of foreign law. The order was temporarily stayed to give Microsoft the opportunity to appeal through the Second United States Circuit Court of Appeals.

more

CIA blames employees, apologizes to Senate for searching computers

07/31, 3:37pm

Senate Intelligence Committee's computers were accessed states internal investigation

It turns out that the Central Intelligence Agency (CIA) did in fact access Senate computers in an improper fashion, as they have been accused of earlier this year. Back in March, Senator Diane Feinstein (D-CA) claimed that the intelligence agency had accessed the computers of the Senate Select Committee on Intelligence, searching for a document relating to research into the agency's detention and interrogation program.

more

Researchers: USB firmware exploitable for computer malware install

07/31, 11:18am

New research to be published at Black Hat points out inherent insecurity of USB

A pair of researchers are going to discuss a giant security flaw that illustrates how the Universal Serial Bus (USB) firmware can be exploited. Security researchers Karsten Nohl and Jakob Lell have developed "BadUSB," a malware package resident in USB firmware that can be used as an attack vector to install any manner of software on a PC, with little or no warning to the user, and - as of now -- no effective way to stop the attack or spread of the malware.

more

AgileBits' 1Password previews iOS 8 extension, Touch ID support

07/30, 9:07pm

Password vault app could work with third-party apps, merchants

AgileBits, makers of the security and password vault 1Password, are among the first to implement and preview an iOS 8 extension and third-party Touch ID support, allowing other app makers to utilize the program's stored passwords outside of the 1Password app itself. Apple announced the concept of iOS extensions at June's Worldwide Developer Conference, which enables one app to use tools or services found in a different app in a secure manner.

more

Tor compromised earlier in year, relay attack to 'deanonymize' users

07/30, 3:42pm

The Tor Project announced on its blog today that the service suffered two different types of attacks in an attempt to uncover information that could remove the anonymity of sources accessing hidden services. Tor states that the attackers are so far unknown, but it says that anyone that accessed any hidden services from the beginning of February through July 4 should assume they've been affected by the attack.

more

Russia asks Apple, SAP to turn over source code as anti-spy measure

07/30, 1:07pm

Companies will likely be hesitant to comply

The Russian government has proposed that two Western companies, Apple and SAP, grant access to their source code so it can determine whether or not products are tools for spying on state organizations and/or the public, Reuters reports. Russia's communications minister, Nikolai Nikiforov, is said to have made the request when he met last week with Apple's local general manager, Peter Nielsen, and SAP's local managing director, Vyacheslav Orekhov. In an official Communications Ministry statement, Nikiforov comments that "Edward Snowden's revelations in 2013 and US intelligence services' public statements about the strengthening of surveillance of Russia in 2014 have raised a serious question of trust in foreign software and hardware."

more

BlackBerry acquires German security firm Secusmart

07/29, 12:48pm

Company turnaround underway, says CEO in wake of deal

At its annual BlackBerry summit, the beleagured smartphone manufacturer has announced a deal that will see it acquire Germany's Secusmart to enhance its own security offerings. BlackBerry CEO John Chen said of the deal that it "creates that much more distance between [BlackBerry] and competitors" in the battle for corporate and governmental business share.

more

Long-standing Android 'Fake ID' bug gives malware root access

07/29, 9:10am

App masquerading as Flash, others, can break Android sandboxing

Mobile device researchers Bluebox Security have discovered a serious flaw in Google's Android operating system that dates back to version 2.1, and is still present (albeit weakened) in the new 5.0 preview. The "Fake ID" security flaw allows a fake app to include an invalid security certificate, claiming that it is an app with sandbox-breaking privileges, in essence, giving the malicious app root access to the phone and all its contents.

more

Chinese officials make surprise visits to four Microsoft offices

07/28, 4:13pm

Visit tied to investigation, Microsoft states that it will cooperate with officials

Officials from the China's State Administration for Industry and Commerce (AIC) showed up at four Microsoft offices in the country unannounced earlier today. Offices in Beijing, Chengdu, Guangzhou and Shanghai received the sudden visits, that could be tied to the start of an antitrust investigation for a presently-unknown reason. The visits come at a time when Microsoft faces scrutiny in the country, over spying allegations and government refusal of Windows 8.

more

Uber closes Javascript hack exposing driver review of passengers

07/28, 9:40am

Review score of customers by Uber drivers pulled from view

Cab-hailing service Uber has patched a hole which allowed passengers to find out their average score based on reviews from Uber drivers. A Javascript hack which surfaced over the weekend polled Uber servers for the passenger score, giving a response between 1.0 and 5.0, though Uber has been quick to close the loophole in order to protect its driver review system.

more

Cellphone unlocking bill without bulk unlock ban passed by House

07/25, 4:10pm

Bill headed to oval office, with Obama willing to sign

In an unexpected move -- and avoiding a potential fight -- the House of Representatives has passed bill S517, aiming to make cellphone unlocking legal. The amended bill, passed by the Senate last week, was passed with no changes. A controversial clause of the bill previously passed by the House, prohibiting bulk unlocking by companies, was removed from the final passed version.

more

Electronista Sponsor

Electronista Newsletter

Free Technology and Gadgets Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    Sponsor

    Recent Reviews

    Life n Soul 8 Driver Bluetooth headphones

    When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

    Tesoro Tizona G2N Elite gaming keyboard

    The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

    GX Gaming DeathTaker mouse

    Gaming is a serious endeavor for many people, driving them to look for the best performance in their system and interface devices. Fro ...

    Sponsor

    toggle

    Most Commented

     
    toggle

    Popular News