The online storage and productivity service Evernote said that it does not believe that the hack of its network that exposed information on 50 million users relied on an exploit of a Java vulnerability, as did recent attacks on Twitter and Facebook. In an e-mail response to questions from The Security Ledger about the hack, Ronda Scott, an Evernote spokeswoman, said that the firm does not believe that the hack used the Java exploit attributed to the other attacks, but said it was still investigating the incident. “It’s premature for us to comment on the methods used, the specific systems affected and/or origin and motivation,” she wrote. She said the company first became aware of the “unusual and potentially malicious” activity within its online service on February 28 and began notifying Evernote users of the need to reset their password the next day, March 1st. Scott maintained that Evernote hasn’t […]
Search Results for "cloud"
Malware’s Future Looks A Lot Like Its Present
SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]
Are Cyber Criminals Using Plus-Sized Malware To Fool AV?
Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes. A post on the French-language web site Malekal.com on Thursday described what may be a nascent trend towards ‘plus size’ malware executables. In at least two cases in recent days, the forum has seen evidence of Trojan Dropper programs that deposit very large files – between 16 megabytes and 200 megabytes – on infected systems. In one case, the author discovered an exploit kit that deposited a very large file – around 16 megabytes- on infected systems. In a separate incident, he […]
Update: Student’s Expulsion Exposes Computer Science Culture Gap
Editor’s Note: Updated to include comment from Dawson CS Professor Simonelis. – PFR 1/22/2013 The expulsion of a 20 year-old computer science major at Dawson College in Quebec, Canada has laid bare what one expert says is a culture gap between academic computer science departments and the ‘real world’ of application development. In the wake of news stories that have drawn attention to the case, Dawson’s faculty and administration have stood by their decision, saying that “hacking” of the type Ahmed Al-Khabaz was engaged in was an example of “unprofessional conduct” by a computer sciences engineer. This, even as private sector firms – including the company whose software Al-Khabaz exposed – have come forward with job offers and scholarships. Al-Khabaz was expelled in November by a school administration that looked askance at his security audits of a student portal web site dubbed “Omnivox,” accusing him of launching “SQL injection” attacks […]
Update: Plumbing Facebook, Researcher Finds Hole In Secure File Transfer Platform
Updated to include response from Accellion. 1/9/2013 A security researcher who was looking for vulnerabilities in Facebook’s platform instead stumbled on a much larger hole that could affect scores of firms who rely on a secure file transfer platform from Accellion. Writing on his blog on Monday, Israeli researcher Nir Goldshlager said he uncovered a security hole affecting Accellion’s Secure File Transfer service that could allow an attacker to take control of a user’s Secure File Transfer account with little more than the e-mail address associated with the account. Accellion Secure File Transfer is a service that allows enterprises to offer secure transfer and storage of large files (up to 100GB). In contrast to consumer-focused services like DropBox, Accellion offers comprehensive file tracking and reporting as well as data security features necessary to satisfy government regulations like HIPAA, GLBA, and SOX. Secure File Transfer is offered to companies as a private cloud, public […]