Protecting Call Centers at Government Agencies
Fraud poses a substantial risk to the integrity of federal programs and weakens the public’s trust in government. Though government agencies have made great strides in online security over the past few years, they have neglected to implement similar protections for the phone channel. Fraudsters commonly use the call center as a first step in […]
OpenSSL Fixes Critical Bug Introduced in Patch Last Week
Four days after releasing a new version that fixed several security problems, the OpenSSL maintainers have rushed out another version that patches a vulnerability introduced in version 1.1.0a on Sept. 22. Last week, OpenSSL patched 14 security flaws in various versions of the software, which is the most widely used toolkit for implementing TLS. One of […]
Researchers Say iOS 10 Backup Passwords Easy to Crack
Apple seems to have made a curious security choice in iOS 10, one that enables attackers to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9. Researchers at Elcomsoft, a Russian security company, discovered the issue, which is related to the choice of hashing algorithm in […]
On the Wire Podcast: Nick Sullivan
There is an effort underway by some of the larger Internet infrastructure companies to encrypt as much of the network as possible. Google has been working on this for several years, making HTTPS connections the default for many of its services, and CloudFlare has done a lot of work on this as well. This week […]
500 Million Users Affected by Yahoo Data Breach
Yahoo today confirmed that state-sponsored attackers compromised the company’s network in 2014, stealing data belonging to 500 million users. The stolen data includes names, email addresses, phone numbers, hashed passwords, dates of birth, and security questions and answers, some of which were unencrypted. Yahoo officials said it doesn’t believe that bank account data, payment card […]
No Surprise Google is Storing Allo Messages
The launch of Google Allo came with a big surprise. The surprise isn’t that Allo stores users’ messages indefinitely by default, the surprise is that people were surprised by that. When the company announced Allo in May, Google officials touted its security and privacy features, emphasizing the end-to-end encryption built into the app and the Incognito mode […]
As Attacks Continue, SWIFT Looks For New Ways to Fight Fraud
SWIFT, the payment network that supports financial institutions and banks around the world, continues to see attacks compromising its customers’ networks as attackers look for new ways to drain money from the global financial system. The SWIFT network has been hit with a number of high-profile attacks in the last few months, many of which have […]
Nearly All Top Global Companies Have Leaked Credentials Online
Many CSOs live in fear of waking up to an email reporting a data breach at their company, but the threat to an enterprise isn’t limited to a compromise of that specific organization. A new report shows that there are leaked employee credentials online for 97 percent of the top 1,000 global companies, many of which […]
macOS Sierra Release Fixes Dozens of Security Flaws
Apple has fixed nearly 20 code-execution vulnerabilities in macOs, including a number that could allow an attacker to run code with kernel privileges. The patches come as part of the release of macOs Sierra, a major update of the Mac operating system released Tuesday. Many of the more serious flaws fixed in Sierra are memory […]