Recent Posts

Bad Actor: With Update, LG Says No Monitoring, No Smart TV!

Customers of consumer electronics giant LG are raising alarm about a recent software update that asks owners to agree to have their viewing behavior tracked and monitored, or see their ‘smart’ TVs made dumb: with access to features like YouTube and Netflix disabled. Owners of some models of LG brand SmartTVs who have applied a recent firmware have taken to blogs to complain about a firmware update for their TVs that prompt them to agree to lengthy new Terms of Service and Privacy Agreements. The revised documents grant LG permission to monitor and record their viewing habits and their interactions with the device, including voice commands. Users who do not agree to the new terms find many of their smart TV features disabled, according to customer testimony and an analysis by one independent IT researcher. The prompt to read and accept a new “Legal Notice,” “Terms of Use” and “Privacy Policy” appears when SmartTV users first […]

Continue Reading

Akamai: New DoS Tool Leads To Resurgence of SNMP Attacks

The security firm Akamai issued an advisory to customers on Thursday warning that a new software tool for managing distributed denial of service (DDoS) attacks was leading to a resurgence in large-scale attacks that use Simple Network Management Protocol (SNMP) traffic to overwhelm web sites.   The Threat Advisory (reg wall) was issued by Akamai’s Prolexic Security Engineering and Response Team (or PLXsert). According to the advisory, Akamai began noticing a resurgence in DDoS attacks using SNMP on April 11. The company said that firms in industry verticals including consumer goods, gaming, online hosting and Software-as-a-Service and non-profits had all been targeted.   [Read more Security Ledger coverage of DDoS attacks here.] The company has identified new- and updated tools in the cyber underground, including one dubbed SNMP Reflector – that are enabling the attacks. Simple Network Management Protocol (SNMP) is a protocol that is used for managing devices on a network including […]

Continue Reading

eBay Hacked, Urges Millions To Change Password

The online auction giant eBay said on Wednesday that a compromise of an employee’s account led to the compromise of a database storing passwords and sensitive account data for 145 million customers, worldwide. The company issued a statement on Wednesday saying that it was asking all its users to update their password, following the discovery two weeks ago that an employee’s account had been compromised and used to gain unauthorized access to the database. The hack occurred in late February or March, according to a forensic examination by eBay. eBay conducted what it described as “extensive tests on its networks” and said it did not find evidence of unauthorized activity on eBay user accounts linked to the incident. The online auction firm said it also has no evidence of unauthorized access to financial or credit card information, which is stored separately and in encrypted formats. In the incident, unidentified cyber […]

Continue Reading

Cisco: Microsoft Silverlight Exploits Fueling Drive-By Attacks

Cisco Systems is warning that Silverlight exploits are being used in a rash of drive-by-download attacks, many tied to malicious advertising (or ‘malvertising’) campaigns. Writing on Cisco’s blog, Levi Gundert of Cisco’s Threat Research Analysis and Communications (TRAC) team said that Silverlight exploits are the “flavor of the month” and have been added to the popular Angler exploit kit since late April. “Since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits,” Gundert wrote. Attacks leveraging vulnerable instances of Silverlight are actually outstripping attacks against Java and Adobe Flash – the two platforms that have long been the preference of cyber criminal groups and exploit kit authors. Silverlight was the subject of a patch in March, MS04-014, to fix a vulnerability that could allow remote attackers to bypass a security feature. The vulnerability would allow an attacker who controls an attack website to launch specially […]

Continue Reading

China Hacking Indictments Day 2: Now For The Blowback

The big news yesterday was about the U.S. Justice Department announcing the first-ever criminal charges against a foreign country for cyberspying. The news today may well be about China (and other countries) taking retaliatory actions, including similar legal steps against individuals in this country, working on behalf of the NSA, CIA or other government agencies. The Justice Department on Monday announced that a grand jury in the Western District of Pennsylvania indicted five Chinese citizens (PDF) for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries. The indictment alleges that the five defendants conspired to hack into American companies on behalf of competitors in China, including state-owned enterprises.  The stolen information included intellectual property that would allow the Chinese firms to better compete with their American competitors. The hackers also stole confidential information regarding business negotiations and other deals that would aid the Chinese […]

Continue Reading
1 327 328 329 330 331 396