Macro-malware attacks are on the rise, particularly in the United States and the United Kingdom, Microsoft has reported in a blog post.
The post Macro malware attacks on the rise, says Microsoft appeared first on We Live Security.
Tag Archives: Threats
Zero-day lets hackers hijack WordPress through rogue comments
A vulnerability in the WordPress blogging platform has been uncovered which allows hackers to hijack websites with a comment containing malicious JavaScript, The Hill reveals.
The post Zero-day lets hackers hijack WordPress through rogue comments appeared first on We Live Security.
Mobile apps: The privacy insanity
Security expert Troy Hunt took a look at three apps (one of them being the Paypal one) and the results are shocking: While they were all way too invasive most of the tested apps had serious security issues as well.
When it comes to your privacy especially Paypal seems to want far more information from you than necessary. Hunt took the time to point out the extra personal requests on his blog:
- BSSID: This is the unique device ID of my home router which is the same as the MAC address. Google got themselves into hot water for siphoning this up via their mapping vehicles a little while back because that one unique ID ties back to my precise device.
- Device model and name: You could argue that comparable information is sent via your browser courtesy of the user agent, but that would only apply to the model and not the name of the device which is explicitly not passed in requests. This is private – it’s my device name.
- Internal IP address: The internal address assigned to my iPhone via the router when it associated to the network. This can give a sense of how many devices are on the network.
- Location: There’s my lat and long again and for all the same reasons I don’t really want to share it with Aussie Farmers, I also don’t really want to share it with PayPal.
- SSID: We’re talking about the name of my internal network here. I name mine in a non-identifying fashion because frankly, I want to keep it somewhat private and that’s from those in my immediate vicinity, let alone those on the other side of the world.
- Storage space: Ok, so it’s a 128GB iPhone, do they really need to know that? Back to the user agent comparison, this is not the sort of stuff that’s typically “leaked” by generic requests to the web because it’s an internal metric of no external consequence.”
In addition to that the security of two of the tested apps was so bad that he concluded: “Perhaps I should just stick to the browser that doesn’t leak this class of data yet one would assume is still sufficiently secure.”
Do you want to find out more? Then take a look at the whole in-depth article.
The post Mobile apps: The privacy insanity appeared first on Avira Blog.
Student wanted to improve grades, got jailed instead
Nowadays, with all the technological advances and everything being stored on a PC or even online, committing such a crime is actually easier than ever if the school isn’t prepared for it and has no security measures in place to prevent incidents as this one. But crime doesn’t pay even if it is “only” in order to change one’s grades, as Imran Uddin had to discover.
According to The Independent, the 25 year old student hid four logging devices into computers at the University of Birmingham. He apparently wanted to steal staff logins and then use the information to access the grading system to improve his own grades.
Fortunately the students trick was discovered, the police got involved, and – after pleading guilty to six offences under the Computer Misuse Act – he has been jailed for four months. While this might sound harsh to some let’s not forget that he actually committed a real crime that would have provided him with false qualifications would he have been successfull.
Detective Constable Mark Bird, from the Regional Cyber Crime Unit, said: “The audacity of Uddin to install not just one but four of these devices showed how determined he was to cheat his way to a better degree.”
You can read the whole article over here.
The post Student wanted to improve grades, got jailed instead appeared first on Avira Blog.
Hack on the track: Signaling flaw leaves UK trains vulnerable
UK train services could be vulnerable to being hacked, hijacked and crashed, due to the trial of new digital signaling system designed to make lines safer.
The post Hack on the track: Signaling flaw leaves UK trains vulnerable appeared first on We Live Security.
The positive side of security threats
For years, experts have been telling the public to take these things seriously, but oftentimes, their advice and suggestions are ignored. That’s not because people necessarily disagree with the importance of security and privacy, but it’s just that developing new habits can be hard, especially when they’re preventative.
The good news is that those security habits appear to be improving, and we partially have Edward Snowden to thank for that. As reported by Computerworld at the end of last year, an international survey of Internet users revealed that more than 39% have done things to protect their online privacy and security because of what he revealed about the NSA. When you dig deeper into the numbers, that means that somewhere around 700 million people actively made changes to their security habits that they might not have made otherwise. By any standard, that’s a whole lot of people.
This survey primarily focused on reactions to the news about the NSA’s practices, but you don’t have to stop there. When you add the growing list of high-profile data breaches by hackers to the spying activity by governments, then things really start to snowball. More than ever before, people are starting to understand security threats in a very real way, and the resulting changes by 700 million people are only the beginning.
When talking about security issues, it can sometimes be easy to just focus on them in a negative way, but these numbers show us that there can actually be somewhat of a positive side to the story, too. Without the publicity of surveillance and hacking efforts, many Internet users would probably continue to stick with their bad security habits, but now that they see what’s possible, they can better protect themselves from the next big security story that starts to circulate.
The post The positive side of security threats appeared first on Avira Blog.
Minecraft exploit makes it “easy†for hackers to crash servers
A security researcher has posted a Minecraft flaw that makes it “easy” for hackers to crash the game’s servers.
The post Minecraft exploit makes it “easy” for hackers to crash servers appeared first on We Live Security.
USB Type-C: Could new laptop ports be a malware entry point?
USB Type-C will both charge your laptop battery and offer fast data transfer speeds, but what does this mean for security?
The post USB Type-C: Could new laptop ports be a malware entry point? appeared first on We Live Security.
Vulnerability in common hotel routers threatens guest devices
A vulnerability in the Wi-Fi routers used in hundreds of hotels across the world has been uncovered by security researchers, Wired reports.
The post Vulnerability in common hotel routers threatens guest devices appeared first on We Live Security.
Humans the weak link in alleged White House hack
Earlier this week, it emerged that Russian hackers have successfully managed to infiltrate the computer systems at the White House.
Given the highly sensitive nature of information held within any government’s systems, we have to assume that the breach is significant. Although full details of the breach have not yet been made public (and maybe never will) some news sources indicate that President Obama’s schedule was among the information accessed.
It’s hard to see America taking this intrusion lightly, given the history between the countries and I expect to see them double down on security in the coming weeks.
Some are asking questions of the US government’s security policies and rightly so. Although protecting such a vast network of computer systems is a very complex operation. I was not surprised to learn that the attackers gained access to the system via a form of “spear phishing” attack targeting the end user.
Governments, just like any organization, are only as secure as their weakest link. Sadly, when it comes to security the weakest link is always a human. We as people are susceptible to social engineering and as such can unknowingly undermine even the most sophisticated of security technologies.
All hackers need to know is who to target and how – and then they can start to build out a profile of their victim and work out how to target them. It can take a long time but it’s often worth the wait, especially in an attack like this.
It will be interesting to see how this plays out in the coming months.
