Computers running all supported releases of Microsoft Windows are vulnerable to FREAK, a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites.
The flaw was previously thought to be limited to Apple's Safari and Google's Android browsers. But Microsoft warned that the encryption protocols used in Windows were also vulnerable to the flaw. The FREAK flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours.
Read moreTech firms are rushing to fix a disastrous security flaw, stemming from the US government’s requirement of lower encryption standards, that for over a decade left millions of users visiting 'secured' websites exposed to potential attacks.
Experts have discovered a massive flaw that allows attackers to decrypt HTTPS-protected traffic passing between millions of websites and users of vulnerable devices, including Android and Apple smartphones and tablets. Researchers found that some websites that use SSL or TLS protocols, including government ones, are vulnerable and could be tricked into setting up a connection through weak encryption keys.
Read moreOne more piece of malware adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014.
Experts reported that malvertising installs its own certificate and breaks SSL connections by creating a man-in-the-middle vulnerability that can be exploited by anyone to sniff traffic. Superfish makes Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. However, a new malware adware doesn’t contain the exact vulnerability as Superfish, it likely presents a bigger mess for users.
Read moreFile integrity monitoring, patching, key defence. Criminals are ransoming database backups, after compromising web applications to change databases' encryption settings. Security consultancy claimed the attacks start with an attack on a web site that yeilds acess to a database server.
Once in, attackers change the encryption settings used by the database and store the key on an HTTPS server somewhere, an operation that apparently escapes some admins' attention. To pull off the attack, the attackers remove the key from the remote server, at which point the website operator notices their site is down.
Read moreWith the continuous advancements made in technology, our online experiences are becoming more streamlined and seemingly user friendly.
We no longer require stationary desktop computers to access the Internet, but instead can reach the web through our laptops, smartphones, tablets and now, televisions. Smart TVs are one of the latest additions to the family of fun gadgets millions of people have their eyes on, but are they secure? In January 2014, there was a deeper dive into the safety of smart TVs by inspecting the televisions of major manufactures. Journalists were able to crack into the devices by messing with their SSL certificates.
Read moreThe Chrome browser is generally considered the most secure Web browser, and it also tends to do the best in hacking competitions. This is in part thanks to the solid security architecture of Chrome, and to its security engineers, who keep adopting strong security designs and policies.
There's always a compromise between security and flexibility/freedom to do something. Security is very much about reducing the attack vectors, which generally means reducing the freedom to use some features. Some of those security decisions can go too far sometimes, such as the decision to only allow Chrome extensions to be installed from the Chrome store, when there could have been alternative solutions that are not as restrictive.
Read moreUnkillable nasty still climbs out of the grave to this day. The Asprox botnet was responsible for about a lot of attack sessions recorded during October 2014, impacting different organisations.
The Asprox malware family is continuing to plague businesses, despite multiple attempts to disrupt its infrastructure. The Asprox botnet, which first surfaced around six years ago in 2008, has been linked to phishing scam messages as well as the distribution of secondary malware infections. The zombie network also acts as a platform for hack attacks. Asprox spreads through vulnerable websites, using SQL injections attacks to plant malicious code.
Read moreNearly half of all web application cyber attack campaigns target retail applications, a study has shown. The retail sector is the most heavily targeted by this type of attack, according to the latest web application attack report by security firm.
The warning comes as online retailers gear up for the two busiest days of the online shopping year in the US and increasingly in the UK too. Websites containing consumer information, which require some form of log-in credentials, suffer from the attacks. Consumer information, such as personal details and credit cards, are a valuable and tradable black market piece of information.
Read moreMicrosoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks.
Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site that the attacker controls. Public-key pinning helps prevent those attacks by binding a set of public keys issued by a trusted certificate authority to a specific domain. With that defense in place, if the user visits the site and is presented with a key that’s not part of the pinned set, the browser will reject the secure connection.
Read moreThe prototype real time social media monitor will only look at publicly available data though, according to the plans. Germany's foreign intelligence agency reportedly wants to spend on technology that would let it spy in real time on social networks outside of Germany.
The system for real time social network monitoring is still in the construction phase. But a prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs. The program should filter out and discard data in the German language. Moreover, a plan to monitor Internet exchanges outside Germany is also in the works.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland