“We were already positively dumbfounded when Equifax reported that a security breach resulted in the personal information of over 140 million Americans — including social security numbers – has been stolen via a website security vulnerability,” Brandon Hill reports for HotHardware. “What was even more unfathomable is that the attack went undetected for months, and that it took a few more months for Equifax to disclose the magnitude of the breach.” “Now we’re learning that Equifax has done it again. Just when we thought we couldn’t think any less of the company, Randy Abrams, an independent security analyst, discovered that Click Here to Read more
On Wednesday, Apple unveiled a new web site dedicated to information about how it handles customer’s privacy and what it does (and doesn’t do) with that information. The site covers such information as its finger print technology, your personal data, Apple Pay, and more. For more information, just go to: https://www.apple.com/privacy/
Other Apple-related web sites are reporting that Apple’s developer web site has been offline for hours. What seemed to be a standard maintenance issue now has turned into a possible security breech. Some registered developers are reporting that their email addresses have been changes to those from Russia and other countries. No official word from Apple has been released. Stay tuned for further updates. Update: The web site is back up with no comment from Apple.
It turns out Google knows a lot about you – an awful lot, in fact. But exactly how much is “an awful lot”. Many are left wondering exactly what the global search giant knows – and how they know. The good news is you can see all this information for yourself. And, more importantly, you can switch it off. There are a few steps to follow, but it means you can decide how much of your personal data the company gets to use, reports the Mirror. 1. Find ‘My Activity’ To see everything you’ve been using Google for, you’ll first Click Here to Read more
(FoxNews.com): Real-life pirates are holding Disney’s most valuable pirate for ransom. Digital hackers have reportedly gotten their mitts on a copy of Disney’s new “Pirates of the Caribbean” film. Deadline reports the hackers are demanding a lot of Bitcoin loot, or they will release the film online before its May 26 premiere date. According to the Hollywood Reporter, Disney will not pay the ransom and is working with the FBI. A rep for Disney did not return Fox News’ request for comment. Walt Disney CEO Bob Iger said during a town hall meeting with ABC employees Monday that hackers claimed to Click Here to Read more
An update to this story can be found here. LONDON (CNN) – Hospitals in the UK were crippled by a “large-scale” cyber attack on Friday that forced operations to be canceled and ambulances to be diverted. Health workers reported being locked out of their systems and seeing messages demanding ransom payment to regain access. NHS England described the incident as a “ransomware” attack. At least 16 organizations connected to the National Health Service (NHS) in England reported being affected. “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” NHS Digital said in a statement. Click Here to Read more
Over the weekend, a hacker group by the name of “Thedarkoverlord” claimed that they had broken into Netflix and downloaded the entire new season of the Orange Is The New Black season and that it will upload it to file sharing sites unless Netflix paid the “modest” ransom demand. Netflix has not commented on the situation nor have they given into the hacker’s demands.
(PCWorld.com): Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation. SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers. Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers. Their internet scans revealed hundreds of thousands of devices Click Here to Read more
PHILADELPHIA (CBS) – The Internal Revenue Service says the personal data of as many as 100,000 taxpayers may have been compromised. They say hackers posed as students using an online “data retrieval tool” to apply for financial aid. The tool is used by families to import tax information on applications. The IRS shut down the retrieval tool last month, they say it will be secure and operational by this fall.
With all of the discussion on popular services being hacked, we here at CompuScoop are continuing to show our readers how to protect their accounts from being taken over. This week, we’ll focus on how to add two factor verification to an iCloud account. What IS two-factor verification? Two factor verification means that nobody would be able to login to iCloud from an unknown (new) device, even if its you. When this happens, a window will pop-up with a map showing where the computer is from. If the person verifies the location of the login, they will then be giving a special ID number Click Here to Read more
Unless you’ve been under a rock, you probably heard about the Twitter message that was put out by McDonald’s about President Donald Trump. The company later removed the Tweet and issued a statement apologizing for it. The company then said that their account was “compromised.” That hack has sparked a discussion here at CompuScoop on securing your Twitter (and Facebook) account with what is known as a two step verification process. While it can become a pain-in-the-ass to set up and use, it can help avoid situations such as the one above. Here’s what to do: 1. Login to your Twitter Account. 2. Click Here to Read more
“A company that sells ‘smart’ teddy bears leaked 800,000 user account credentials — and then hackers locked it and held it for ransom,” Lorenzo Franceschi-Bicchierai reports for Motherboard. “A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange heartfelt messages left more than 800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen,” Franceschi-Bicchierai reports. “Since Christmas day of last year and at least until the first week of January, Spiral Toys left customer data of its CloudPets brand on a database that wasn’t behind Click Here to Read more
(MacRumors.com): A number of Mac apps failed to launch for users over the weekend because of a change to the way Apple certifies apps that have not been bought directly from the Mac App Store. Several users of apps including Soulver and PDFPen who had downloaded the apps from the developers’ websites all reported immediate crashes on launch. Developers of the apps quickly apologized and said that the issue was down to the apps’ code signing certificates reaching their expiration date. Apple issues developer signing certificates to assure users that an app they have downloaded outside of the Mac App Store is legitimate, comes Click Here to Read more
Forbes reports that security researchers at Elcomsoft discovered that Apple was retaining an iCloud record that kept deleted web history “by accident.” Using software developed by Elcomsoft only released today, researcher Vladimir Katalov downloaded his own data, and discovered records going back to Nov. 2015. Other information retrievable by the forensics tool on an iCloud-synced iPhone with Safari history retention turned on, were full Google search terms back to 2015, and “cleared” Notes for the last 30 days. According to an unnamed forensics expert contacted by Forbes separate from Elcomsoft, the retention isn’t malicious. The second expert noted that the failure by Apple Click Here to Read more
A new vulnerability has been discovered in all Netgear Routers and Modems, which could let a hacker gain control of a network and install a botnet, or even gain control of an entire network. The issue has already been submitted to the U.S. government’s National Vulnerability Database, and acknowledged by Netgear, which has put up a list of exposed models. The company has also issued updated firmware which should close the vulnerability, but only on some devices. The full list of patched hardware includes: R8500 R8300 R7000 R6400 R7300DST R7100LG R6300v2 WNDR3400v3 WNR3500Lv2 R6250 R6700 R6900 R8000 R7900 WNDR4500v2 R6200v2 WNDR3400v2 D6220 D6400 Click Here to Read more