Security

Kaspersky Lab, one of the biggest security software firms, says its own internal network was attacked by hackers. The company heavily implied that a national government was behind the hack. Owner Eugene Kaspersky says the hackers were able to access ... confidential internal data relating to research and development into new and improved security techniques. The attack didn't delete or change any data, or affect any performance. The company is also quick to stress that no customers were affected by the move and that it's products continue to work as designed. Attack Method Impressive, ... (view more)

A new security firm says it has come up with a way to stop malicious software before it reaches a user's computer. The "Isolation Platform" will initially be offered to business users, but remains to be seen how practical the solution is. According ... to makers Menlo, the main problem with most security tools are that they are based around the idea of examining programming code on a user's computer, and trying to determine if the code is malicious. Only if everything appears to be OK is a program allowed to run on the computer. Menlo says that's flawed because malware ... (view more)

Some of the largest tech firms are urging President Obama to drop plans to make it easier for law enforcement and security agencies to access Internet communications. They say the President should resist any idea for such firms to implement ... mandatory "backdoors." The proposal means that firms are only allowed to use encryption if they also build in a way that makes it possible for law enforcement groups to access the data in an unencrypted form. The "key" to unlock the data would effectively be split into two parts: one held by the Internet firm, and the other by the ... (view more)

Lenovo computer users have been warned to immediately check that they have installed a security patch to plug a significant risk of malware. Ironically, the risk is related to the way that Lenovo's automated software update system is updated. ... Independent security researchers discovered a flaw in the protection that is meant to ensure that Lenovo computers only automatically download and install genuine updates. The flaw means that a hacker can remotely install malicious software on a Lenovo computer simply by being on the same unsecured wireless network. Within the security community, ... (view more)

Tech giant Cisco has warned that a new strain of malware is designed to render a Windows computer virtually useless if it's discovered by security software - effectively executing a boobytrap payload that eventually destroys all user data on the ... hard drive. Cisco says that Rombertik has "multiple layers of obfuscation and anti-analysis functionality" meaning that it is hard to discover and hard to examine. It's able to hide itself from both static and dynamic analysis, which respectively scan a computer's files and its currently active applications. (Source: cisco.com ) ... (view more)

Four police departments in Maine have paid $300 to cybercriminals after being hit by so-called " ransomware ". Officials say they weighed up their response and decided they had no real choice but to pay up. Ransomware is a form of malicious software ... which restricts access to certain parts of a computer it infects. Victims then see on-screen messages stating that a ransom must be paid to regain access . In most cases, cybersecurity experts warn against paying such ransoms for three reasons. Firstly, it may mean getting added to a "suckers list" that can be sold on to other ... (view more)

AT&T will pay a $25 million fine after regulators held it responsible for thieves taking personal details of 280,000 customers. The breaches were said to have occurred around November 2013 and April 2014, with the FCC beginning its investigation ... around May of 2014. It's the biggest ever such fine in the communications industry. The stolen information included the customers' names, part or all of their social security numbers, and some details about their account. On its own, the data wouldn't be enough for criminals to immediately steal money from customer's bank accounts, but could ... (view more)

A security research firm says more than a thousand people accessed a dummy database of personal details that it released as an experiment, though that number is much likely higher. It says the would-be criminals acted far faster than most security ... breaches take to fix. The experiment was the work of BitGlass, a company that offers security services for cloud computing firms. The firm wanted to test how quickly a 'leaked' set of personal data would spread around the world; to do so, BitGlass made an Excel file that contained 1,568 sets of names, phone numbers, addresses, credit card ... (view more)

Yahoo has introduced an option to log in without needing to remember a password. It requires a cellphone and may trade security for convenience. Under the new system, which is optional, users can choose not to use a standard passwords for future ... log-ins. Once activated, the system will mean a button appears on Yahoo's site when the user is ready to log in to the account. When the user clicks this button, Yahoo sends a one-time only, four character password to the user's cellphone. Once the user logs in, the password field becomes inactive. The process is then repeated the next time ... (view more)

Microsoft has joined Apple and Google in releasing browser security updates to patch a bug dubbed FREAK. The bug could make it easier for hackers to decrypt data that intercept from website users. The vulnerability of FREAK doesn't allow hackers to ... see data in plain sight. Instead, it allows them to remotely change what's meant to be a secure website connection into an unsecure one, meaning that previously encrypted data would then travel without any encryption. To be of any use, a hacker would need to combine the FREAK exploit with another vulnerability that let them intercept data, ... (view more)