Professional hackers at SkyCure have discovered a major security vulnerability in iOS, that allows a malicious WiFi hotspot to launch a DDoS (Distributed Denial-of-Service) attack. The ‘No iOS Zone’ flaw, works by exploiting the SSL security certificate of iOS 8 that leaves a device wide open. The SkyCure CEO said, “This is not a denial-of-service […]
Security firm Cylance has discovered a security flaw in all versions of Windows (including Windows 10) that has existed for two decades, called the “Redirect to SMB” vulnerability. Microsoft has downplayed the vulnerability, however, in theory it could allow for the theft of usernames and passwords from millions of PCs, servers and tablets. Read More
According to Symantec’s 2014 Internet threat report, organized cyber crime is on the rise. Here are some statistics from the study: Cyber breaches increased by 23% year-over-year 37% of affected companies were in the healthcare sector, compared to 11% in retail and 10% in education 60% of all email is spam Read More
A security researcher, Kamil Hismatullin, discovered a major flaw in the YouTube API that allowed people to delete any videos on YouTube. He was searching for YouTube vulnerabilities to report to Google for a cash reward when he found this code: POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_event=1 event_id: ANY_VIDEO_ID session_token: YOUR_TOKEN In order for someone to delete the video, all […]
The business chat application, Slack, has been hacked. The data breach lasted about 3 days, during which hackers obtained access to usernames, email addresses and passwords. The company said a “very small number of Slack accounts” were affected, but no specific numbers were released. Since news of the hack, Slack has rolled out a new […]
CSO put together a list of the largest corporate data breaches in 2014. They used 1 million records exposed as the cutoff for companies to make the list. Included in the list are JPMorgan Chase, Nieman Marcus, Staples, Home Depot and the IRS. View the list here on CSO Online.
Twitch, the world’s leading video platform and community for gamers, announced yesterday that they suffered a data breach. Twitch posted a notice on their blog, alerting users that all passwords and stream keys have been expired: “We are writing to let you know that there may have been unauthorized access to some Twitch user […]
A new security vulnerability has been found in Facebook by bug hunter Laxman Muthiyah that exposes private photos, and it put millions of users potentially at risk. The bug was found in Facebook Photo Sync, a feature that automatically uploads every photo taken on your mobile device to your Facebook account, but marks them as […]
Premara Blue Cross has been the target of a sophisticated cyberattack where unauthorized access was gained to the Premera Blue Cross IT systems. A Premara spokesman confirmed that about 11 million individuals may be affected, and the data compromised may include Social Security Numbers and bank account information. If you use Blue Cross insurance, we recommend contacting the […]
On Sunday, Yahoo launched a new service called “on-demand” passwords, which lets someone log into a Yahoo account using a unique, one-time code that is delivered via text message. It’s basically two-factor authentication without the first step. Sounds interesting, but it begs the question, how secure are on demand passwords? The whole point […]