Tens of thousands of British Airways frequent flyer accounts have been compromised in a cyberattack, forcing the company to freeze the accounts and issue an apology, the media have reported.
British Airways sporadically responded to tweets from concerned customers, The Register reports. In one such exchange it said:
It has been a little while since we heard anything from the Syrian Electronic Army, but now the group has made an appearance once again. SEA has hacked five big-name hosting companies -- Bluehost, Justhost, Hostgator, Hostmonster and FastDomain -- all part of the Endurance International Group.
SEA launched the attacks on the five hosts for "hosting terrorists websites" (sic) adding to the list of high-profile names it has already targeted -- a list that includes names such as Skype, Facebook, PayPal, Twitter and Microsoft. No sites were mentioned by name for having gained SEA's attention.
GitHub is still in the throes of a massive DDoS attack which has blighted the site since Thursday. While the origins of and reasons for the attack is not yet fully known, the fact that two projects relating to Chinese anti-censorship have been targeted speaks volumes.
Now into its fifth day, the attack turned into something of a tug-of-war. Just as GitHub thought it had managed to wrestle back control of the site, a fresh wave was unleashed. The evolving attack is the largest in GitHub's history and engineers "remain on high alert".
Screenshot-sharing app Puush has inadvertently infected Windows users with malware. Over the weekend, the Puush server was breached and a fake, malware-infected program update was put in place. This means that anyone updating to version r94 of the software is infected.
The malware tries to grab passwords from infected systems, and was noticed after users complained on Twitter that the latest update had been flagged up by BitDefender. As a precautionary measure, the update server has been taken offline, and a clean update has been made available as a standalone download.
Edward Snowden is heralded as both a hero and villain. A privacy vigilante and a traitor. It just depends who you ask. The revelations he made about the NSA's surveillance programs have completely changed the face of online security, and changed the way everyone looks at the internet and privacy.
But just before the whistle was blown, it seems that the NSA was considering bringing its telephone data collection program to an end. Intelligence officials were, behind the scenes, questioning whether the benefits of gathering counter-terrorism information justified the colossal costs involved. Then Snowden went public and essentially forced the agency's hand.
You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.
Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.
Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.
Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.
A security flaw has been discovered in a number of UK news websites, potentially placing 24.5 million users at risk. The problem was found in websites run by Johnston Press, a UK media group that is responsible for scores of regional news websites.
Just a few days ago we reported about the findings of security researcher Brute Logic. He discovered an XSS vulnerability on Amazon that risked exposing user data and could be used to compromise accounts. Now the same researcher has discovered another cross-site scripting security flaw that could be used to redirect visitors to malicious websites -- and it's worryingly simple to exploit.
A couple of days ago Google launched a Chrome extension that compresses web pages. This is a feature that has been available for the iOS and Android versions of Chrome, but now it has hit the desktop. It's something that will be off interest to people whose ISP puts data caps in place.
Launched on March 23, the Data Saver extension is currently in beta (come on, this is Google… what did you expect?) and it helps to "reduce the amount of data Chrome uses". This might sound appealing, but it does mean that your traffic is routed through Google's own servers. Do you trust Google enough?
Data leaks due to security flaws and hacker activity constantly make the news, but they're not the only ones that businesses have to worry about. Leaks can stem from employee or industrial espionage activity too and of course there's always government snooping.
Whilst larger businesses with sensitive data or intellectual property to protect often check for old-style surveillance they may not be as aware of the potential for PCs and other gadgets to gather intelligence as well as leak data. We spoke to Andre Ross, Director of Australian digital forensics and information security company Elvidence to find out how businesses may be at risk and what they can do to combat it.
A month ago, Malwarebytes reported that adult site RedTube had been compromised and was infecting unsuspecting visitors with malware. That issue was swiftly fixed, but now the security firm reports another adult site, Xtube, is currently serving exploits.
While attacks of this nature usually come via malicious advertising (malvertising), in this instance the nasty snippet of code has been injected directly into Xtube itself.
Yes, I know, on Tuesday we reported on a study showing that DDoS attacks were down in frequency, though increasing in severity. But another report from Corero Network Security now suggests that they've actually increased in numbers.
Measuring the number of DDoS attacks is beginning to look like asking how long a piece of string is. Anyway, Corero says that attacks are up with its customers experiencing attack 3.9 attempts per day.
Half of all Android users are still vulnerable to a security flaw uncovered in the most-popular mobile operating system early last year, according to a new report from security firm Palo Alto Networks. The vulnerability in question allows an attacker to modify or replace Android apps with malware without the user's knowledge.
Google was informed of the vulnerability in February 2014, a month after its discovery, and has since come up with a patch, which it has included in later revisions of Android 4.3 Jelly Bean and newer distributions. According to the latest data from Google, that still leaves 49.9 percent of all Android users unprotected.
Errors in software, whether operating systems or applications, are usually the root cause of security issues, allowing hackers and cyber criminals a way in to systems.
In 2014, 15,435 vulnerabilities across 3,870 applications were discovered according to a new report from vulnerability intelligence specialist Secunia. That represents an 18 percent increase in vulnerabilities compared to the year before, and a 22 percent increase in the number of vulnerable products.
A serious XSS vulnerability left Amazon customers in "real danger" of having their accounts compromised. The man who made the discovery is Brute Logic, the current top security researcher at XSSposed.org and "light-gray computer hacker". We spoke to him about the security issue as well as talking about the responsibilities involved in exposing vulnerabilities.
The cross-site scripting vulnerability was discovered on March 21 and was left unpatched for two days. In this time, Brute Logic says there was a real risk that people "could have their Amazon account compromised or had their computer invaded by means of a browser exploit". He says it is the responsibility of sites to fix problems when they are highlighted by the hacking community.