Safety Security & Privacy

Yahoo servers were infiltrated in the past two weeks by hackers who exploited the widespread Shellshock vulnerability, according to an independent security researcher. Yahoo said on Monday that no user data was at risk. The Internet addresses of the breached Yahoo servers indicate that one was a Yahoo Sports server, according to a report by Continue Reading →

It’s been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has Continue Reading →

JPMorgan Chase & Co., the biggest U.S. bank, said a previously disclosed data breach affected 76 million households and 7 million small businesses. Customer names, addresses, phone numbers and e-mail addresses were taken, the New York-based bank said today in a regulatory filing. Hackers also obtained internal data identifying customers by category, such as whether Continue Reading →

After a study on whether emotional manipulation in the News Feed could make people sad turned into a PR disaster, Facebook has now set up a formal review process for pre-approving research on its users, and Research At Facebook website to centralize all the academic work done on its enormous data set. Facebook admitting to Continue Reading →

Did you know that October is National Cyber Security Awareness Month? In a time when cyber security is at the forefront of everyone’s mind, Sticky Password, a password management software provider, recently announced a promotion. Sticky Password is offering retail customers a lifetime license of its software, which includes three software licenses and free lifetime upgrades for Continue Reading →

Over the weekend, the world wide web became a lot more secure. That’s because a San Francisco started called CloudFlare turned on a free service that will let its 2 million customers add SSL encryption to their websites. SSL—short for “secure sockets layer”—makes it harder for criminals to spoof sites, and it encodes site traffic Continue Reading →

Apple has just released a new download for users on OS X Mavericks to address the recently-discovered “Shellshock” bug. Apple previously noted that that only a few Macs were actually impacted by the bug and that most users were protected by default. The company promised to release an update shortly to address those who had Continue Reading →

Apple has responded to concerns about “Shellshock,” a pair of vulnerabilities in versions of the GNU Bourne-Again Shell (bash), issuing a statement that the company is “working to quickly provide a fix” to the vulnerability. However, a company spokesperson said that most Mac OS X users have nothing to fear. “The vast majority of OS Continue Reading →

Linux users got a nasty surprise on Wednesday, as a security team at Red Hat uncovered a subtle but dangerous bug in the Bash shell, one of the most versatile and widely used utilities in Linux. It’s being called the Bash bug, or Shellshock. When accessed properly, the bug allows for an attacker’s code to Continue Reading →

If you build it, they will come. And attack. Earlier this year, I was brainstorming with Greg Martin, the founder and chief technical officer of ThreatStream, a Google Ventures-backed security startup, about finding a way to show the global nature of attacks against industrial-control systems used in electrical grids, water systems and manufacturing plants. For Continue Reading →