Articles about Security

British Airways frequent flyer Executive Club accounts compromised

british-airways-900x506

Tens of thousands of British Airways frequent flyer accounts have been compromised in a cyberattack, forcing the company to freeze the accounts and issue an apology, the media have reported.

British Airways sporadically responded to tweets from concerned customers, The Register reports. In one such exchange it said:

Continue reading

Syrian Electronic Army hacks Hostgator, FastDomain and more for hosting terrorist sites

Syrian Electronic Army hacks Hostgator, FastDomain and more for hosting terrorist sites

It has been a little while since we heard anything from the Syrian Electronic Army, but now the group has made an appearance once again. SEA has hacked five big-name hosting companies -- Bluehost, Justhost, Hostgator, Hostmonster and FastDomain -- all part of the Endurance International Group.

SEA launched the attacks on the five hosts for "hosting terrorists websites" (sic) adding to the list of high-profile names it has already targeted -- a list that includes names such as Skype, Facebook, PayPal, Twitter and Microsoft. No sites were mentioned by name for having gained SEA's attention.

Continue reading

GitHub hit by its biggest DDoS attack ever

GitHub hit by biggest DDoS attack ever

GitHub is still in the throes of a massive DDoS attack which has blighted the site since Thursday. While the origins of and reasons for the attack is not yet fully known, the fact that two projects relating to Chinese anti-censorship have been targeted speaks volumes.

Now into its fifth day, the attack turned into something of a tug-of-war. Just as GitHub thought it had managed to wrestle back control of the site, a fresh wave was unleashed. The evolving attack is the largest in GitHub's history and engineers "remain on high alert".

Continue reading

Fake Puush update steals passwords from Windows users

Fake Puush update steals passwords from Windows users

Screenshot-sharing app Puush has inadvertently infected Windows users with malware. Over the weekend, the Puush server was breached and a fake, malware-infected program update was put in place. This means that anyone updating to version r94 of the software is infected.

The malware tries to grab passwords from infected systems, and was noticed after users complained on Twitter that the latest update had been flagged up by BitDefender. As a precautionary measure, the update server has been taken offline, and a clean update has been made available as a standalone download.

Continue reading

Snowden's leaks served only to strengthen the NSA's resolve

Snowden's leaks served only to strengthen the NSA's resolve

Edward Snowden is heralded as both a hero and villain. A privacy vigilante and a traitor. It just depends who you ask. The revelations he made about the NSA's surveillance programs have completely changed the face of online security, and changed the way everyone looks at the internet and privacy.

But just before the whistle was blown, it seems that the NSA was considering bringing its telephone data collection program to an end. Intelligence officials were, behind the scenes, questioning whether the benefits of gathering counter-terrorism information justified the colossal costs involved. Then Snowden went public and essentially forced the agency's hand.

Continue reading

The FBI wants your computer and mobile to be insecure

The FBI wants your computer and mobile to be insecure

You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.

Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.

Continue reading

Slack is tardy to the two-factor authentication party

Slack is tardy to the two-factor authentication party

Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.

Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.

Continue reading

Exclusive: Widespread security flaw affects hundreds of UK news sites

Exclusive: Widespread security flaw affects hundreds of UK news sites

A security flaw has been discovered in a number of UK news websites, potentially placing 24.5 million users at risk. The problem was found in websites run by Johnston Press, a UK media group that is responsible for scores of regional news websites.

Just a few days ago we reported about the findings of security researcher Brute Logic. He discovered an XSS vulnerability on Amazon that risked exposing user data and could be used to compromise accounts. Now the same researcher has discovered another cross-site scripting security flaw that could be used to redirect visitors to malicious websites -- and it's worryingly simple to exploit.

Continue reading

Google has a new data compression extension for Chrome -- do you trust it?

Google has a new data compression extension for Chrome -- do you trust it?

A couple of days ago Google launched a Chrome extension that compresses web pages. This is a feature that has been available for the iOS and Android versions of Chrome, but now it has hit the desktop. It's something that will be off interest to people whose ISP puts data caps in place.

Launched on March 23, the Data Saver extension is currently in beta (come on, this is Google… what did you expect?) and it helps to "reduce the amount of data Chrome uses". This might sound appealing, but it does mean that your traffic is routed through Google's own servers. Do you trust Google enough?

Continue reading

Is your computer bugging you? [Q&A]

PC surveillance camera

Data leaks due to security flaws and hacker activity constantly make the news, but they're not the only ones that businesses have to worry about. Leaks can stem from employee or industrial espionage activity too and of course there's always government snooping.

Whilst larger businesses with sensitive data or intellectual property to protect often check for old-style surveillance they may not be as aware of the potential for PCs and other gadgets to gather intelligence as well as leak data. We spoke to Andre Ross, Director of Australian digital forensics and information security company Elvidence to find out how businesses may be at risk and what they can do to combat it.

Continue reading

Don't go to Xtube without protection -- the adult site could give you a nasty infection

xtubeMBAE2-965x395

A month ago, Malwarebytes reported that adult site RedTube had been compromised and was infecting unsuspecting visitors with malware. That issue was swiftly fixed, but now the security firm reports another adult site, Xtube, is currently serving exploits.

While attacks of this nature usually come via malicious advertising (malvertising), in this instance the nasty snippet of code has been injected directly into Xtube itself.

Continue reading

DDoS attacks are up -- and getting more sophisticated

DDoS attack

Yes, I know, on Tuesday we reported on a study showing that DDoS attacks were down in frequency, though increasing in severity. But another report from Corero Network Security now suggests that they've actually increased in numbers.

Measuring the number of DDoS attacks is beginning to look like asking how long a piece of string is. Anyway, Corero says that attacks are up with its customers experiencing attack 3.9 attempts per day.

Continue reading

Half of all Android users vulnerable to year-old security flaw

Android danger sign

Half of all Android users are still vulnerable to a security flaw uncovered in the most-popular mobile operating system early last year, according to a new report from security firm Palo Alto Networks. The vulnerability in question allows an attacker to modify or replace Android apps with malware without the user's knowledge.

Google was informed of the vulnerability in February 2014, a month after its discovery, and has since come up with a patch, which it has included in later revisions of Android 4.3 Jelly Bean and newer distributions. According to the latest data from Google, that still leaves 49.9 percent of all Android users unprotected.

Continue reading

Software vulnerabilities up 18 percent in 2014 and Microsoft isn't to blame

Software analyst testing

Errors in software, whether operating systems or applications, are usually the root cause of security issues, allowing hackers and cyber criminals a way in to systems.

In 2014, 15,435 vulnerabilities across 3,870 applications were discovered according to a new report from vulnerability intelligence specialist Secunia. That represents an 18 percent increase in vulnerabilities compared to the year before, and a 22 percent increase in the number of vulnerable products.

Continue reading

Amazon patches huge XSS vulnerability that left user data exposed for two days

Amazon patches huge XSS vulnerability that left user data exposed for two days

A serious XSS vulnerability left Amazon customers in "real danger" of having their accounts compromised. The man who made the discovery is Brute Logic, the current top security researcher at XSSposed.org and "light-gray computer hacker". We spoke to him about the security issue as well as talking about the responsibilities involved in exposing vulnerabilities.

The cross-site scripting vulnerability was discovered on March 21 and was left unpatched for two days. In this time, Brute Logic says there was a real risk that people "could have their Amazon account compromised or had their computer invaded by means of a browser exploit". He says it is the responsibility of sites to fix problems when they are highlighted by the hacking community.

Continue reading

© 1998-2015 BetaNews, Inc. All Rights Reserved. Privacy Policy.