At midnight ET last night, MyEtherWallet users started noticing something odd. Connecting to the service, users were faced with an unsigned SSL certificate, a broken link in the site’s verification. It was unusual, but it’s the kind of thing web users routinely click through without thinking.
But anyone who clicked through this certificate warning was redirected to a server in Russia, which proceeded to empty the user’s wallet. Judging by wallet activity, the attackers appear to have taken at least $13,000 in Ethereum during two hours before the attack was shut down. The attackers’ wallet already contains more than $17 million in Ethereum. MyEtherWallet confirmed the attack in a statement on Reddit.Read more
Ten years ago, Amazon introduced the Kindle and established the appeal of reading on a digital device. Four years ago, Jeff Bezos and company rolled out the Echo, prompting millions of people to start talking to a computer.
Now Amazon.com Inc. is working on another big bet: robots for the home. The retail and cloud computing giant has embarked on an ambitious, top-secret plan to build a domestic robot, according to people familiar with the plans. Codenamed “Vesta,” after the Roman goddess of the hearth, home and family, the project is overseen by Gregg Zehr, who runs Amazon’s Lab126 hardware research and development division based in California.Read more
Yet another hacker crew has been battering the healthcare industry in recent months.
But rather than just aim for the PCs, its also gotten footholds on the computers controlling X-Ray, MRI and other medical machines, according to a report from Symantec on Thursday. The hacker group, dubbed Orangeworm, is mainly targeting American healthcare organizations, though there are a number of victims worldwide, including in Asia and Europe. But rather than do anything destructive, Orangeworm is likely using leverage on those medical devices to learn more about them as part of an ongoing corporate espionage operation, Symantec said.Read more
Have you used a friend's laptop to charge your iPhone and gotten a prompt that says, "Trust This Computer?" Say yes, and the computer will be able to access your phone settings and data while they're connected.
And while it doesn't feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you'd think. In fact, the Symantec team has found that hacks exploiting that misplaced "Trust" comprise a whole class of iOS attacks they call "trustjacking." Once a user authorizes a device, they open themselves to serious and persistent attacks.Read more
A researcher with AdGuard discovered five fake ad-blocking extensions in the Chrome Web Store that used hidden scripts to manipulate users’ browsers. The good news is, after AdGuard published the report, the Chrome team removed all five of the extensions from its store.
Unfortunately, AdGuard’s Andrey Meshkov reports that the extensions he discovered had more than 20 million users. Posing as ad blockers, the malicious extensions simply copied code from real ad blockers and then added to them. “All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the ‘authors,’” Meshkov wrote.Read more
A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent.
Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.Read more
If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data.
A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let attackers compromise vulnerable devices and steal data stored on them. LG's Network Attached Storage (NAS) device is a dedicated file storage unit connected to a network that allows users to store and share data with multiple computers.Read more
Apple Inc. plans to integrate recently acquired magazine app Texture into Apple News and debut its own premium subscription offering, according to people familiar with the matter. The move is part of a broader push by the iPhone maker to generate more revenue from online content and services.
The Cupertino, California company agreed last month to buy Texture, which lets users subscribe to more than 200 magazines for $9.99 a month. Apple cut about 20 Texture staff soon after, according to one of the people. The world’s largest technology company is integrating Texture technology and the remaining employees into its Apple News team.Read more
Blockchain boosters rejoice: A major bank is using the distributed-ledger technology that makes bitcoin possible for international payments of fiat currency.
Santander, which had been testing it internally among its staff, launched the service today, making the Spanish banking giant among the few major financial institutions to go live with the extraordinarily hyped technology. The service is supposed to be cheaper and faster than existing systems, and will provide more certainty about when the money will arrive, according to a statement. Right now, it’s available for retail customers in Spain, UK, Brazil, and Poland and will roll out in other countries in coming months.Read more
Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates.
But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches.Read more