A group of hackers from a security company in Portugal managed to hack into Uber and get their hands on a bunch of data that should remain hidden.
The team of three experts, Vitor Oliveira, Fábio Pires and Filipe Reis from Integrity, found a total of six flaws: they managed to use promotion codes, found private emails using UUID, found users’ phone numbers, created driver accounts, validated them, found where you went, who your driver was, and who you are and, ultimately, date of the trip, driver name and picture, the ID and the cost of the trip. The route map was also disclosed.
The golden rule of password security is never use the same credentials on multiple sites. The idea is if one site suffers a breach, hackers can try the now-stolen credentials on other sites. This makes sense, yet many people still do it. You know what? I don't blame them. It can be impossible to remember all of the unique passwords, and writing them down is frowned upon too. What can be done to fix this?
Enter biometrics. Rather than use a password, a user's face or fingerprint can be used. More and more smartphones, tablets, and laptops are offering biometics, but sadly, the web is lacking. Consumers are understandably frustrated, and according to a new survey, more than half of them would prefer biometrics to passwords for daily use.
An analysis of 200 second-hand hard disks and solid state drives purchased from eBay and Craigslist in the first quarter of 2016 reveals that 67 percent of them contained personally identifiable information.
In addition 11 percent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories. The study comes from mobile diagnostics and secure erasure specialist Blancco Technology Group.
Just over 30 percent of IT professionals admit to sometimes ignoring security alerts because of high volumes of false positives.
This is among the findings of a new survey from Skyhigh Networks conducted along with the Cloud Security Alliance which also reveals that 20 percent of companies have more than ten security tools that generate alerts.
The world of technology relies on encryption. Everything from private messages to online payments are secured in this way -- but how does it all work? Mozilla has come up with a way to teach people about encryption, combining gaming and emoji into a useful learning tool.
Codemoji is described as "a fun way to learn about ciphers", and while you might think that it's aimed solely at children, there's something here for all ages. The idea is very simple: letters and words are translated into emoji so they can only be read by those who understand the decryption technique.
Intel is looking for a buyer for its Intel Security. Intel Security, previously called McAfee, was bought from the security firm McAfee back in 2011 for $7.7 billion (£5.75bn).
Intel rebranded the company as Intel Security, and aimed to implement its security features at chip level, giving cyber-security a whole new dimension. It seems, though, six years later, the plan had failed.
We live in a surveillance state and we all know it. We sort of knew it before the Edward Snowden revelations, but afterwards had a real sense of just how far it went. Apparently it is still, to this day, trying to reach further, and in this case it affects people who simply travel to the nation, even for simple things like vacation or business.
If US Customs and Border Control has its way, people will have to hand over their Twitter handle right in the airport. While an argument can be made for such heavy-handed tactics -- looking for Jihadist tweets, etc -- it is largely unjustified.
Researchers at endpoint protection specialist SentinelOne have uncovered a new variant of the CryptXXX ransomware family which is being spread via spam and possibly other means.
The latest version fixes previous flaws in its file encryption methods which prevents use of free decryption tools and makes it impossible to decrypt files without paying the ransom.
A virtualized hybrid cloud infrastructure comes with the assurance of better business outcomes but the rapid transformation that accompanies cloud also leaves the infrastructure vulnerable to cyber attacks. This makes risk management critical for every enterprise. Since no two enterprises work exactly the same way, a standard risk tolerance profile cannot sustain the potential risks posed by technical hurdles.
Despite a cloud service provider’s best possible efforts, security issues are inevitable. With hybrid-cloud deployments you will also need to ensure that sensitive business data remains secure between private and public cloud. This is why hybrid cloud environment strategies need to take into account the possibility of regular movement of data between private and public clouds. Here are security issues to take into account when handling hybrid cloud security:
A new zero-day malware has been discovered in Australia that affects all of Microsoft’s Office 365 products including Word, Excel, PowerPoint and Outlook.
The malware was discovered by the cyber security company Check Point and comes in the form of an invoice sent by email. The attack is designed to catch unsuspecting victims according to security analyst Raymond Schippers who said: "The email sent to Office 365 users via Outlook gives the appearance of an invoice in the form of an Office document. When they go to open it, a message will appear telling people the document was created with a previous version of the software, so they will need to click something to enable the content".
Security researchers from Ben-Gurion University Cyber Security Research Center (CSRC) have unearthed a vulnerability in Google Chrome that can be exploited to make copies of DRM-protected video streams. The problem affects all Chromium-based browsers, and makes it possible to circumvent Widevine encryption technology Google uses to secure streams.
Widevine has been used in Chrome for a while, after Google acquired it back in 2010. It has been used to prevent piracy of premium YouTube channels, and is also used to protect Amazon Prime and Netflix streams. Google was informed about the problem back in May, but is yet to issue a patch.
Each new version of iOS is eagerly awaited, and at its Worldwide Developer Conference (WWDC) Apple unveiled a preview of iOS 10. Much has been made of the new features, but developers probing the operating system are making a surprising discovery. The kernel of iOS 10 is unencrypted.
In the current climate of security-awareness, this might seem like something of an unusual decision. But Apple says that the change has been made to improve performance, and it could even help to increase security.
Have you ever wondered if someone on LinkedIn is not really who they say they are? I’m not being paranoid here, this is a legitimate question.
If your answer is "No", you’re not alone. A vast majority of people never wonder if there are fake accounts requesting to connect on the professional social network, and almost a quarter accept requests from people they don’t really know.
When we take a look at the Android distribution updates that Google posts every month one thing seems to never change, and that is the overwhelming number of devices that run an outdated version of the operating system. As of early-June 2016, nearly 90 percent of the handsets with Google Play access are rocking Lollipop, Jelly Bean or another old distribution. Meanwhile, Marshmallow powers only 10.1 percent of Android devices.
And, as Trend Micro security researchers point out, that can be a serious problem in terms of security as there is a new family of malware, known as Godless, that affects "virtually any Android device running on Android 5.1 (Lollipop) or earlier". Using Google's figures, that's 89.9 percent of the Android handsets in use. What's really worrying is that this malware is actually linked to apps available in major app stores, like Google's Play, and it has already made 850,000 victims across the globe.
Ransomware has become a big problem in recent years, particularly crypto-ransomware, which encrypts data on users' systems. New research by Kaspersky Lab looking at how it’s evolved over the last two years points to just how big.
Among the findings are that the number of users attacked with crypto-ransomware rose 5.5 times, from 131,111 in 2014-2015 to 718,536 in 2015-2016. The total number of users encountering any type of ransomware between April 2015 and March 2016 also increased by 17.7 percent compared to the period April 2014 to March 2015.