New Tool Detects Ransomware on OS X
Ransomware has become a serious threat for both businesses and consumers, and security researchers have had a difficult time addressing it, both in detection and cleanup. But now one researcher has developed a tool that he believes can work as a generic detection mechanism for ransomware on OS X systems. Known as RansomWhere?, the tool provides […]
Lieu Pushes for Congress to Look at SS7 Security Flaw
Rep. Ted Lieu, who has been one of the loudest voices in Congress on security and privacy issues, is urging the House Committee on Oversight and Government Reform to look into the vulnerabilities in the SS7 phone protocol that allowed researchers to track and compromise Lieu’s phone in a demonstration this week. The letter comes […]
Tech Coalitions Urge Reconsideration of Burr-Feinstein Bill
Several large groups of technology vendors and communications companies have written a letter urging Sens. Diane Feinstein and Richard Burr to reconsider the anti-encryption bill they have drafted, saying it would lead to “unintended, negative consequences for the safety of our networks and our customers.” The letter was signed by members of Reform Government Surveillance, […]
Google Report Shows 30% of Android Devices Don’t Get Regular Patches
A series of new security and privacy features added to Android in the last year have reduced the number of potentially harmful apps installed from Google Play by 40 percent, Google said in a new report on Android security. The company released its second annual Android Security Report on Tuesday, and there is a multitude […]
BlackBerry CEO: ‘We Are the Gold Standard’ in Security
In a response to reports that Canadian police have had the private key to decrypt BlackBerry Messenger messages for years, the company’s CEO said BlackBerry complies with “lawful access requests” and is still committed to customer privacy. In a blog post that only addressed the BBM encryption issue obliquely, BlackBerry CEO John Chen said that […]
GitLab Fixes Authentication Bypass Flaw
GitLab has patched a serious authentication vulnerability that enabled any user to take over another user’s account with two-factor authentication enabled. The vulnerability was a result of the way that GitLab’s authentication flow produced one-time passwords for accounts with 2FA enabled. An attacker who knows a victim’s username and can capture network traffic could sign in […]
U.S. Firm Hit For Nearly $100M in Email Scam
Fraudsters employing an increasingly common scheme known as business email compromise victimized a United States company for more than $98 million, according to a suit filed by the U.S. Attorney’s office in Manhattan Thursday. The civil forfeiture lawsuit is an attempt to recover $25 million in funds held in a variety of overseas accounts, money […]
What a Future of Backdoored Crypto Looks Like
The debate over the use of strong encryption in mobile devices and other communications methods can be a difficult one to understand for casual observers. Encryption is the most complex of security disciplines, but there can be no clearer picture of what a backdoored encryption system would like than what’s emerged this week from a complex […]
Bill Requiring Phone Crypto Backdoors Dies in California Assembly
A California bill that would require backdoors in phone encryption has died in the state assembly after failing to gain enough support to move out of committee. The bill, proposed in January, would have required that device manufacturers have the capability of decrypting and unlocking any phone sold in California after Jan. 1, 2017. A […]