Zaid Shoorbajee – Page 16 – WindowsTechs.com

Pentagon’s websites need better security, Wyden says

Posted on May 23, 2018 by Zaid Shoorbajee

If you try visiting certain Department of Defense websites, like the one for Strategic Operations Command or the Navy’s Blue Angels, you might be met with a browser message telling you that your connection is not secure and that malicious actors could be trying to steal your information. Sen. Ron Wyden, D-Ore., wants the Pentagon to fix this issue. In a letter written to DOD Chief Information Officer Dana Deasy on Tuesday, Wyden calls for the department to implement proper encryption and protection on all of its public-facing websites. Wyden writes that a “small number” of DOD websites, such as the Army, Air Force and NSA homepages by default use trusted certificates and HTTPS encryption, the web protocol that ensures secure connections and prevents man-in-the-middle attacks. But many others, Wyden says, like the CIO’s own website, either don’t employ HTTPS or issue basic certificates. “Many mainstream web browsers do not consider these […]

The post Pentagon’s websites need better security, Wyden says appeared first on Cyberscoop.

Continue reading Pentagon’s websites need better security, Wyden says→

Hackers steal PII and payment info of thousands of California residents in company breach

Posted on May 21, 2018 by Zaid Shoorbajee

A Delaware company that provides business, legal and brand services is notifying several thousand California residents that their personally identifiable information was stolen by hackers who accessed the company’s network. The Corporation Service Company sent a notice through legal representatives on Thursday to the California attorney general’s office informing it of the incident along with a copy of the letter it is sending to 5,678 affected customers. California law requires organizations to send such notifications to any resident whose data is accessed by an unauthorized party. It’s not clear from the notice if the incident affected customers outside of California. CSC — which says Fortune 500 companies, law firms and large banks are among its clients — did not respond to a request for comment. CSC discovered “during routine security monitoring,” that an unauthorized third party accessed its network, the notice says. The company says that it determined on April 5 […]

The post Hackers steal PII and payment info of thousands of California residents in company breach appeared first on Cyberscoop.

Continue reading Hackers steal PII and payment info of thousands of California residents in company breach→

Fake ‘Fortnite’ apps for Android spread adware, cryptojackers and spyware

Posted on May 18, 2018 by Zaid Shoorbajee

With all the hype around the wildly popular video game “Fortnite,” it should come as no surprise that people are taking advantage of the excitement to spread malware. Researchers with cybersecurity company Zscaler have uncovered a slew of Android apps posing as the official “Fortnite” app for Android. The various malicious apps’ capabilities include spyware, cryptojacking and adware, among other things. “Fortnite,” a multiplayer online battle and survival game, has about 45 million players on Playstation, Xbox, PC, MacOS and iOS. The company behind the game, Epic Games, has said that support for Android devices is “coming within the next few months,” but has not put out an official timeline. “A version for the Android mobile platform has not been announced, leaving Android users—eager to play this game on their devices—searching for it. Such situations involving popular games always seem to attract malware authors looking to spread their payloads disguised […]

The post Fake ‘Fortnite’ apps for Android spread adware, cryptojackers and spyware appeared first on Cyberscoop.

Continue reading Fake ‘Fortnite’ apps for Android spread adware, cryptojackers and spyware→

LocationSmart bug allowed for leak of location data for nearly any U.S. phone

Posted on May 18, 2018 by Zaid Shoorbajee

A company that provides other companies with cell phone location-tracking services had an API on its website that inadvertently allowed anyone to freely look up the location of almost any cell phone in the United States. The bug was in a demo that the company, LocationSmart, posted on its website. The demo was to show people that it could approximate their phones’ locations using nearby cell towers. A report published Thursday by independent security journalist Brian Krebs shows that it would have been easy for someone to abuse the demo to secretly locate nearly any U.S. phone. LocationSmart is a location-as-a-service company that gives its customers the ability to “track assets, connect with employees and engage with customers through one secure interface,” according to its website. The demo sent a text message to a device to get permission from its owner before pinging the nearest cell phone tower in order to send […]

The post LocationSmart bug allowed for leak of location data for nearly any U.S. phone appeared first on Cyberscoop.

Continue reading LocationSmart bug allowed for leak of location data for nearly any U.S. phone→

‘TeleGrab’ malware again shows how hackers can evade encryption to read private messages

Posted on May 17, 2018 by Zaid Shoorbajee

Researchers with Talos, Cisco’s cybersecurity division, have identified malware that allows a hacker to steal information from victims using the messaging service Telegram. Detailed in a Talos blog post published Wednesday, Talos says the TeleGrab malware targets Russian-speaking victims and is designed to hijack chat sessions and capture contacts and previous chats. It’s worth noting that the malware only affects Telegram’s desktop and browser client, which does not have the same security features as the mobile app. “The malware abuses the lack of Secret Chats which is a feature, not a bug,” the researchers write, referring to Telegram’s client-to-client encrypted chat feature. Telegram’s desktop clients don’t have the feature because they don’t support local storage, according to a Telegram FAQ page. For that reason, Talos says the malware does not exploit any vulnerability. “The problem is the lack of transparency, users are never warned that by using Telegram Desktop their […]

The post ‘TeleGrab’ malware again shows how hackers can evade encryption to read private messages appeared first on Cyberscoop.

Continue reading ‘TeleGrab’ malware again shows how hackers can evade encryption to read private messages→

Tanium gets $5 billion valuation after $175 million investment

Posted on May 16, 2018 by Zaid Shoorbajee

Cybersecurity company Tanium has been infused with a $175 investment from Investment firm TPG, Reuters reported Wednesday, which would put the company’s valuation at about $5 billion. Reuters cites sources familiar with the investment who said that that TPG’s funds will not go directly to the company, but will instead be used to buy the stock of early employees. TPG declined to comment and Tanium did not respond to a request for comment on the reported investment. The California company provides endpoint protection services and boasts that its customers include 12 of the top 15 banks, 6 of the top 10 retailers and four of the U.S. armed forces. The new funding reinforces Tanium’s position the most well-funded cybersecurity startup. Tanium was previously valued at about $3.75 billion a year ago when it received a $100 million investment, also from TPG. CEO and co-founder Orion Hindawi spoke about Tanium’s growth […]

The post Tanium gets $5 billion valuation after $175 million investment appeared first on Cyberscoop.

Continue reading Tanium gets $5 billion valuation after $175 million investment→

Election day website crash in Knox County coincided with more direct hack, report says

Posted on May 14, 2018 by Zaid Shoorbajee

An investigation into an apparent distributed denial-of-service attack on a Knox County, Tennessee, primary election earlier this month revealed that hackers aimed to gain unauthorized access to a county web server. When Knox County held its Republican mayoral primary on May 1, its website, where it was reporting results, went down. Officials at the time said that heavy traffic overwhelmed the website that that it was “highly suggestive” of a DDoS attack. The county hired cybersecurity firm Sword & Shield to investigate the incident. The company’s report, released late last week, reveals that not only was the county website subjected to an unmanageable level of traffic, but hackers also actively sought to exploit a vulnerability in the website. David Ball, the county’s deputy director of IT, told CyberScoop by email that the hackers did successfully access the server but didn’t do much else. “There is evidence that hackers were able […]

The post Election day website crash in Knox County coincided with more direct hack, report says appeared first on Cyberscoop.

Continue reading Election day website crash in Knox County coincided with more direct hack, report says→

Payment info exposed in Chili’s ‘data incident’

Posted on May 14, 2018 by Zaid Shoorbajee

Your baby back ribs may have come with a side of credit card theft. Chili’s Restaurant & Bar customers might have had their payment information exposed at certain restaurants, the casual dining chain’s parent company, Brinker International, disclosed on May 12, a day after learning of a “data incident.” Brinker said it learned on May 11 that payment card information was compromised at some Chili’s locations. The incident that exposed the information was likely limited to March and April 2018, the company said, but it continues to “assess the scope” of what happened. “We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected,” Brinker said in a statement. On May 11 we learned that some of our Guests’ payment card information from certain restaurants was compromised. We value our relationship with our Guests and are committed to sharing details as we know more here: https://t.co/xWnJ1a7Auy […]

The post Payment info exposed in Chili’s ‘data incident’ appeared first on Cyberscoop.

Continue reading Payment info exposed in Chili’s ‘data incident’→

Symantec’s stock plummets after announcement of internal audit

Posted on May 11, 2018 by Zaid Shoorbajee

Stocks for cybersecurity giant Symantec took a sharp decline Friday a day after the company disclosed an internal investigation, while providing little information on the subject of the probe. In a quarterly earnings report Symantec released on Thursday, the company said that an audit committee of its board of directors is looking into “concerns raised by a former employee.” The investigation is in its “early stages,” the company said, adding that its financial results could end up changing based on its outcome. The company, which counts the popular Norton anti-virus software among its products, published its report minutes after markets closed on Thursday. Its stock prices closed at $29.18 per share and opened Friday morning at about $20 — roughly a 30 percent plummet. Rosen Law Firm, which specializes in investor rights, announced on Thursday that it is launching a class action lawsuit for of Symantec shareholders who’ve suffered losses […]

The post Symantec’s stock plummets after announcement of internal audit appeared first on Cyberscoop.

Continue reading Symantec’s stock plummets after announcement of internal audit→

Senate report on Russian hacking highlights threats to election tech vendors

Posted on May 9, 2018 by Zaid Shoorbajee

Lawmakers are concerned about a major blind spot in the government’s ongoing effort to protect U.S. elections from hackers. Agencies like the Homeland Security Department have little insight into the cybersecurity practices of election technology vendors. This lack of visibility opens the door to supply chain attacks, according to the Senate Intelligence Committee, which could be otherwise potentially detected or stopped by government cybersecurity experts. The Senate committee’s first installment of a larger report on Russian targeting of the 2016 presidential election was released late Tuesday night. It focuses on assessing the federal government’s response to security threats and provides recommendations for future elections. Most of the infrastructure used to process votes today is comprised of equipment and software sold by private vendors. Government agencies are not allowed to enter and defend private computer networks unless they’re given direct consent, which in turn limits the defensive support options immediately available to the […]

The post Senate report on Russian hacking highlights threats to election tech vendors appeared first on Cyberscoop.

Continue reading Senate report on Russian hacking highlights threats to election tech vendors→