British Airways hackers used same tools behind Ticketmaster breach

The British Airways web hack wasn’t an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways attack, it was just a matter of customizing the … Read more...

NSA has yet to fix security holes that helped Snowden leaks

It would still be possible for someone to sneak out sensitive data.

Edward Snowden’s success in leaking NSA data was chalked up in part to the agency’s own security lapses, so you’d think that the agency would have tightened up its procedures in the past five years… right? Apparently not. The NSA Inspector General’s office has published an audit indicating … Read more...

Samsung patches multiple Smart Things Hub security flaws

Samsung’s SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean company to resolve the issues, allowing Samsung to release a firmware update that patches them for all affected customers. Talos admits in its report that some … Read more...

Regulations like GDPR will make Big Tech stronger

,

Well-intentioned regulations like GDPR and the EU copyright directive do a lot of things. Weakening big tech isn’t one of them.

Regulations designed to rein in the power of giant tech companies like Amazon, Google, and Facebook have been in the news a lot recently. First it was the general data protection regulation (GDPR) that flooded your inbox with brands … Read more...

Reminder: Google Flips To HTTPS by Default Tomorrow

Starting Tuesday, Google Chrome will begin warning users who visit unencrypted websites that their traffic is flowing to an insecure location. It’s a transition we’ve covered several times already this year, and while it might seem to be a minor shift, getting news out to folks so they aren’t freaked out by the switch from “secure” messaging to “insecure” messaging … Read more...

FBI to all router users: Reboot now to neuter Russia’s VPNFilter malware

The FBI is recommending that all small business and home router owners reboot devices, even if they’re not among the brands known to be affected.

The FBI is urging small businesses and households to immediately reboot routers following Cisco’s report that 500,000 infected devices could be destroyed with a single command.

The malware, dubbed VPNFilter, was developed by the … Read more...

Email encryption flaws can expose Apple Mail, Outlook, and Thunderbird messages

Ahead of a full release of details on May 15, European researchers and the EFFare providing an early warning that messages encoded with PGP/GPG and S/MIME are vulnerable to a set of serious security vulnerabilities — an issue impacting over 20 email clients. As there are “currently no reliable fixes for the vulnerability,” the researchers are advising users to … Read more...

Apple faces class action lawsuit over failing MacBook butterfly keyboards

,

Apple’s polarizing butterfly keyboard design is now causing the company some legal issues. A new class action lawsuit has been filed against Apple, alleging that the company knew about the reliability issues of the design before launch, yet released it anyway…

As outlined by AppleInsider, the lawsuit was filed in the Northern District Court of California and includes both

Read more...

Windows critical flaw: This security bug is under attack right now, says Microsoft

,

Microsoft patches two flaws that are already under attack, among the 67 bugs in May’s Patch Tuesday update.

Video: Microsoft’s reverse engineering unveils secrets of FinFisher government spyware

Microsoft’s Patch Tuesday update addresses a critical flaw in the Windows VBScript engine that attackers are using to compromise Windows machines through Internet Explorer.

The patch follows an alarm by researchers at … Read more...

Firefox 60 lands: It’s world’s first browser to give you password-free logins, says Mozilla

Firefox becomes first browser to support the Web Authentication API, taking the world closer to no-password logins.

Video: How Mozilla plans to win back Firefox users.

Mozilla has released Firefox 60 with support for a new option to sign in to websites without using a password.

That’s thanks to an emerging W3C standard called Web Authentication or WebAuthn, which … Read more...