Recent Posts

EverNote Latest Site Hacked In Coordinated Attack

The online personal and business productivity service Evernote.com said on Saturday that it is the victim of a hack that exposed encrypted user password information, forcing password resets across a broad swath of the service’s 50 million registered users. The Redwood City, California-based firm revealed in a blog post that its internal security team discovered “suspicious activity on the Evernote network” that “appears to have been a coordinated attempt to access secure areas of the Evernote Service.” The company said it sent password reset messages to its users as a “precaution” but didn’t believe that stored information in users’ accounts or payment information had been exposed. The hack is just the latest of a prominent online firm. In recent weeks, Twitter, Facebook, Apple and Microsoft have all reported compromises of their internal networks. Those intrusions were linked to attacks aimed at developers and relied on exploits of previously unknown “zero day” […]

Craigslist Founder Has Twitter Account Hacked

Craig Newmark, the founder of the massively popular online bulletin board Craigslist, had his Twitter account compromised and used to distribute malicious links, according to a post on Thursday. Newmark, the 60 year-old software developer who launched Craigslist as an online information sharing site in the 1990s, posted three messages through his Twitter account late Thursday after he received messages from some of his 63,000 followers that they were receiving spam messages via Twitter Direct Messages. “Twitter account compromised? Just received this from you: “Have you seen this pic of you? lol,”  wrote follower Tristan Justras (@tristanjutras). The post included a shortened link. Newmark’s first post, around 3:00pm Pacific Time Thursday, suggested he initially believed that the problems were due to his Twitter client. “Folks, thanks! I see the problem now, and I’m guessing it has to do with Twitter user tokens from other Twitter clients I’ve used,” Newmark wrote. […]

RSA Security Conference 2013

Malware’s Future Looks A Lot Like Its Present

SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]

Bit9: 32 Pieces of Malware Whitelisted In Targeted Hack

The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was  aimed a firms in a “very narrow market space” and intended to gather information from the firms.   The analysis, posted on Monday on Bit9’s blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012.  In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said  32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The broad outlines of the story about the hack of Bit9, which sells […]

Browser Security Still A Sore Spot For Companies (Podcast)

Podcast: Play in new window | Download (3.9MB) | EmbedSubscribe: Apple Podcasts | Google Podcasts | Stitcher | Email | TuneIn | RSS | https://www.securityledger.com/subscribeClueless “end users” are a common straw man (or woman) in the security industry. They’re blamed for everything from data breaches to malware infections. Accepted wisdom is that companies “get it” when it comes to security – consumers (their employees) don’t. But what if it is the other way around? That’s one tantalizing bit of data you could take away from Qualys’s Browser Check service. The free online vulnerability scanning service has assessed millions of endpoints in its two years of existence. And, by and large, it has found that consumers – not corporate users – are following good security practice by migrating to more modern, and secure web browsers. In  our inaugural Security Ledger Podcast, we sat down with Wolfgang Kandek, the Chief Technology Officer […]