It's around this time of year, with Black Friday looming and Christmas just around the corner, that online sales boom. Today security firm High-Tech Bridge has issued a warning to retailers and shoppers about a critical vulnerability in the popular Zen Cart shopping management system.
High-Tech Bridge has provided Zen Cart with full details of the security flaw which could allow remote attackers to infiltrate web servers and gain access to customer data. Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger.
In the span of just one year from 2012 to 2013, smartphone thefts in the U.S. nearly doubled to 3.1 million, and another 1.4 million were lost, according to Consumer Reports. For businesses and other organizations, every one of those losses and thefts could enable multiple security breaches. That’s because confidential data stored on the phone isn’t the only asset that’s vulnerable. As a trusted device, that phone also has access to corporate networks and the data stored on them.
More than half of North American and European companies are developing a bring-your-own-device (BYOD) policy, Forrester Research says. These policies implicate security risks because, for example, employees are reluctant to give their IT departments the power to remotely erase their smartphone or tablet when it’s lost, stolen, or the employee separates from the company. Part of employees’ fear is that the device will be wiped by mistake, costing them irreplaceable personal data such as photos.
We heard earlier this week that Hilton Hotels had been hit with malware designed to steal personal data and, even worse, credit card information. The breach affected point-of-sale systems. Sounds familiar? This same sort of beach happened to a number of major targets in 2015, mostly retail chains like Target and Home Depot.
Hilton has now responded to the issue and admits there was a problem. It's advising customers to keep a close eye on transactions on their accounts. Though customers are generally not held responsible for fraudulent charges it's a major hassle to go through.
Malwarebytes has issued a detailed report explaining the various tricks Vonteera adware uses to compromise your PC -- and it makes for uncomfortable reading.
Unwanted adverts, unknown Windows services, modified shortcuts, forced installation of uninstallable Chrome extensions, even a way to prevent you running antivirus software -- it’s all here.
There’s an adware out there which uses features for the visually impaired to install malicious apps on an Android-powered device. The worst part is that it doesn’t use a vulnerability in the system, but instead abuses a service’s legitimate features.
Researchers from mobile security provider Lookout have spotted the abusers and published a blog post about it.
Norton by Symantec has released the findings from its Cybersecurity Insights Report. This online survey was conducted across 17 markets and took into account the responses from 17,125 consumers over the age of 18.
Norton’s report has revealed how heavily British consumers have been affected by cybercrime and the stark differences between the ways in which Baby Boomers and Millennials protect themselves online.
Security problems are certainly nothing new, vulnerabilities seem to crop up just about everywhere. We've seen countless ones from software makers and large store chains, however shipping new computers with one built-in is less common. But, that's exactly what Dell has been doing, unintentionally of course.
A problem has been discovered in the eDellroot certificate, described as a vulnerability that allows hackers to install malware. To be fair, the problem is more than just Dell, it also lies with the makers of web browsers.
The UK's former defense secretary Des Browne has issued a stark warning that the country's nuclear weapons could be vulnerable to cyberattacks. The Trident program is already a highly-divisive subject, and Browne is seeking assurance from the Prime Minister that it is secured against attacks from hostile states such as China and Russia.
He has called upon the government to perform an end-to-end assessment of the system. The US had previously warned that it could not be confident that its own defenses and those of its allies would be capable of withstanding a cyberattack from a "sophisticated and well-resourced opponent".
In the panic that followed the attacks on Paris by ISIS there have been calls for various measures to be put in place to stop similar atrocities happening in the future. As well as calls for an increase in online surveillance, politicians have also suggested that encryption should be weakened or banned entirely.
Secure email service ProtonMail found itself the subject of unwanted attention when it transpired that ISIS recommended using it to evade detection. The company has remained silent about the post-Paris backlash; until now.
Europe is being urged to set up its own international cybersecurity agency to tackle the growing threat posed by cyberattacks. Jose Luiz Gilperez, security chief at Telefonica, said that cyberthreats have developed in recent years to pose just as significant a danger as physical threats.
Of particular concern is a fundamental change in the types of individuals perpetrating cyberattacks. While the stereotypical image of the lone hacker may have held true in the past, cyberattacks are now being carried out by hacking collectives, gangs of organized criminals or even national governments. Gilperez stressed that in order to counter this new threat, cybersecurity must become "a matter of business, and a matter of states".
A common recommendation for securing a mobile device is to set up a passcode. Having a PIN or password will make it harder for a third-party to have access to personal information, which lowers the chances of data theft or loss but also incrimination or blackmail.
But, when that third-party is a government agency looking to retrieve data from someone's Android device, it might be easier than you think to get in. On top of all the resources they have at their disposal, government agencies can also turn to Google to have the passcode remotely reset.
Exploit acquisition platform Zerodium has just published a price chart for different classes of digital intrusion techniques and software targets that it buys from hackers and later resells in a subscription service to its clients.
This is important as it is the first time someone has publically put a price tag on hacking.
Hacktivist group Anonymous, which has recently declared "war" on ISIS, has released a guide on how to find and take out ISIS-related websites and social media accounts.
The group posted three different guides, to be used within #OpParis, the online campaign against the Middle-Eastern militants.
When faced with the chance of clinching a major deal people are willing to throw security controls out of the window.
This is according to research by contextual security company Balabit which asked over 380 European IT executives, CIOs, CISOs, auditors and other IT professionals about their thoughts on IT security and business flexibility.
Digital assistants such as Siri are billed as great time-savers, and there's no denying that Apple's voice-activated feature can be a real help. But security experts at Trend Micro warn that it also poses a serious privacy risk for iPhone owners.
Even if your iPhone is protected with a PIN or passcode, it could still be possible for someone else to use Siri to learn personal information about not just you, but your relations and other contacts, as well as details about your schedule. Described by Trend Micro as a 'flaw', Siri actually acts as a backdoor that enables anyone with physical access to your phone to bypass security features.