search widget

Massive database containing over 560 million passwords discovered

Tuesday, May 16, 2017

Looks like it’s time to change passwords again. Security researchers have discovered a massive database of login credentials — over 560 million emails and passwords — put together by an unknown person. All of the information is insecure.
The database was discovered by the Kromtech Security Research Center, who ran the information with Troy Hunt. Most of the information is already on Hunt’s Have I Been Pwned site, which allows users to see if their accounts have been compromised in previous data breaches.

That means most of the information contained on this database was compromised during other incidents at sites such as LinkedIn, LastFM, Tumblr, and Dropbox. So if you didn’t change your password during the original breach on any of those sites, now (when the information is floating around) is definitely the time to do it.
No one knows who actually put the database together, but the researchers are calling them “Eddie” after a user profile name in the data.

Curled from: TNW
Read more ...

Global Ransomware Attacks 74 Nations - Used NSA Hacking Tools 'At A Scale Never Seen Before'

Friday, May 12, 2017

A massive ransomware campaign appears to have infected a number of organisations around the world.
Computers in thousands of locations have apparently been locked by a program that demands $300 in Bitcoin.
There have been reports of infections in more than 70 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Many security researchers are linking the incidents together.
The UK's National Health Service (NHS) was also hit by a ransomware outbreak on the same day and screenshots of the WannaCry program were shared by NHS staff.
One cyber-security researcher tweeted that he had detected many thousands of cases of the ransomware - known as WannaCry and variants of that name - around the world.

"This is huge," said Jakub Kroustek at Avast.

Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it "quickly escalated into a massive spreading."

Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).
A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.
Some security researchers have pointed out that the infections seem to be deployed via a worm - a program that spreads by itself between computers.

'Turn off PCs'

A number of Spanish firms were among the apparent victims elsewhere in Europe.
Telecoms giant Telefonica said in a statement that it was aware of a "cybersecurity incident" but that clients and services had not been affected.
Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.
There were reports that staff at the firms were told to turn off their computers.
At least one local authority in Sweden also appears to have been a victim.
"We have around 70 computers that have had a dangerous code installed," the mayor of Timra, a town to the north of Stockholm, told the Reuters news agency.

Explaining the global ransomware outbreak

Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harboring the attack code.
By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. This perhaps explains why its impact is so public - because large numbers of machines at each victim organisation are being compromised.

Screenshots of WannaCry with text in Spanish were also shared online.
In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.
Bitcoin wallets seemingly associated with the ransomware were reported to have started filling up with cash.

'Spreading fast'

Another firm that confirmed it had been caught out was delivery company FedEx, though it did not clarify in which territories it had been hit.

"Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware," it said in a statement.

"We are implementing remediation steps as quickly as possible."

Portugal Telecom also confirmed it was struck: "But none of our services were affected," a spokeswoman told Reuters.

And a spokesman for Megafon, the second largest mobile phone network in Russia confirmed some of its computers had been infected also.

"This is a major cyber attack, impacting organisations across Europe at a scale I've never seen before," said security architect Kevin Beaumont.

According to security firm Check Point, the version of the ransomware that appeared today is a new variant.
"Even so, it's spreading fast," said Aatish Pattni, head of threat prevention for northern Europe.

Curled from: BBC
Read more ...

Webroot Antivirus goes berserk, labelling Windows core files as Virus

Tuesday, April 25, 2017

Webroot's security tools went berserk today, mislabeling key Microsoft Windows system files as malicious and temporarily removing them – knackering countless PCs in the process.
Not only were people's individual copies of the antivirus suite going haywire, but also business editions and installations run by managed service providers (MSPs), meaning companies and organizations relying on the software were hit by the cockup.
Between 1200 and 1500 MST (1800 and 2100 UTC) today, Webroot's gear labeled Windows operating system data as W32.Trojan.Gen – generic-Trojan-infected files, in other words – and moved them into quarantine, rendering affected computers unstable. Files digitally signed by Microsoft were whisked away – but, luckily, not all of them, leaving enough of the OS behind to reboot and restore the quarantined resources.
We understand that all versions of Windows were affected by today's gaffe, and that a kill switch within Webroot's systems kicked in to halt the mass quarantining before any long-lasting damage was done. Webroot boasts it has 30 million users. Its software also, weirdly, misidentified Facebook and Bloomberg's websites this week as phishing sites, blocking access to them.
For those hit by Webroot's assault on Windows files on Monday, there are official fixes suggested for those using the Home edition and Business editions of the antivirus suite.
"We understand that this is a consumer and business issue," a Webroot rep confessed in a on its support forums. "We understand that MSPs will require a different solution. We are currently working on this universal solution now."
Suffice to say, there are a wedge of furious and confused folks on the support boards, with angry IT admins reporting thousands of endpoints going nuts.
Webroot, whose slogan is "smarter cybersecurity," is working on a solution for all. The timing of the file classification blunder couldn't be worse for at least one employee. Gary Hayslip was hired earlier this month as Webroot's chief information security officer, and this can't be a fun first few weeks on the job.
The biz is also looking to hire a senior software engineer for its Windows line. Based on today's kerfuffle, they might want to consider upping the headcount a bit more in this area to ensure that customers don't get hammered in the same way again, in light of February's little snafu that also left Windows users borked.
A Webroot spokesperson told The Reg: "We know how important internet security is to our customers, and the Webroot team is dedicated to resolving the issue. We will provide updates as soon as they are available." ®


Webroot has now released an application for its business and managed service providers to fix the issues crashing Windows machine.
"For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue," Mike Malloy, EVP of products and strategy at Webroot.
"Our entire Webroot team has been working around-the-clock on this repair and is implementing additional safeguards to prevent this from happening in the future. We apologize to our customers affected and appreciate their patience during this challenging issue."

Source: TheRegister
Read more ...

Are Cryptocurrency Micropayments The Future Of Content Marketing?

Thursday, April 20, 2017

Clickbait, fake news, yellow journalism – media today is in a poor state.

Audiences are sick of sub-par content getting jammed down their throats, but they’re not always willing to pay for good content. It’s always going to be easier for clickbait to go viral and generate revenue based on traditional ad models. Other funding models, such as subscriptions and paywalls, have been implemented to mixed success – after all, on the Internet, there’s always the option of free, ad-supported content. Readers also like to consume their content from a range of sources and don’t want to be tied down to a single publisher.

So we need a new way of thinking when it comes to funding good content. Could the future of content lie in cryptocurrency micropayments? 

What Are Micropayments?
Micropayments offer an alternative option that has the potential to support high-quality content without locking users into a single, long-term subscription. The concept behind micropayments is that you spend a small amount each time you view content.
Paying per article incentivizes publishers to produce high-quality content that satisfies the audience–if the audience constantly feels ripped off by a content source, they will stop making purchases. Because we do not pay for ad-supported content, we have no recourse if we feel like clickbait has wasted our time.  

What’s Holding Micropayments Back?
Bitcoin and many other cryptocurrencies are prone to scaling problems. Billions of minuscule transactions would take up a lot of computing power and incur significant fees. If you are only sending a few milliBTC(mBTC) for an article and a significant proportion gets eaten up in fees, it becomes an ineffective way of funding content.
To get around the inefficiencies and expense of writing small transactions to the blockchain, several organizations are using channels. Rather than recording every single transaction to the blockchain and incurring fees for each one, channel payments are recorded as a collection. The best way to think of it is like keeping a tab at the bar with your credit card. Rather than charging you for each drink, the bartender takes note of everything you order and only charges you at the end.

When a micropayment channel is created, a certain amount of bitcoin is locked into it and each individual payment is signed by the sender. The receiver can either withdraw each individual signed amount, or wait until the channel is closed and withdraw the total. If the receiver waits until the channel is closed and only records this amount to the blockchain, it minimizes the number of transactions, making it more efficient and cheaper. 

This startup is one of many that are looking to change the economic model for content creation. Coinetize bills itself as an online paywall and resource management system. It allows websites to use their service as a filter that only lets users access content if they pay a fee. Users buy Coinetize Credits with either Bitcoins or their credit card. When they visit websites that use Coinetize, the user pays for restricted content with their prepurchased credits.
Coinetize is easy for websites to set up. There are several different linking methods; DNS, reverse proxy, page directs and secret folders. These can be set up for free in minutes, without any credit or ID checks. The service charges customers a 1.8% fee, but they also offer 24 hour email support.

The Brave web browser has already achieved renown for bringing lighter ads and faster use to browsing. As part of their service, they now offer Brave Payment, which gives users a way to privately pay their favorite websites. Users can link their external Bitcoin wallet or their credit card to a wallet within the Brave system. If they want to use Brave Payments, they must fund a minimum of $5 each month.
Each month, the contributions are split among the sites that Brave users visit, based on the number of times visited, as well as the amount of time spent on each site. According to Brave’s founder, Brendan Eich, users can “reward the sites whose content they value and wish to support,” all without being tracked. 

Can Micropayments Bring Back High-Quality Content?
Just like with Uber and AirBnb, you can make a side-hustle with your content. Imagine for a second, that every single blogpost, video and or podcast you publish your fans globally from their phone can send 25 cents, 50 cents or even a dollar for each piece of content. It seems small but it adds up! And above all, it puts the power back into you and your fans. Say, goodbye to depending on ads for revenue.
Although the rise of the internet may have coincided with the decline in content quality, things might not stay this way forever. Peer-to-peer micropayments are an emerging model of funding that show the potential for success.
Coinetize and Brave are just examples. The Dutch app, Blendle, has already demonstrated that some consumers are willing to spend money for the content that they want. Patreon, a platform that allows patrons to donate a set amount of money every time a piece of content is published, has funded over 50 million dollars to its creators.
Micropayments may never topple free content, but hopefully, they can provide a niche market for consumers who want excellent quality without the ads.

Curled from: HuffingtonPost
Read more ...

Subscribe to Email Updates

Most Recent Articles



Email *

Message *