Author: Attila Seress

The cybersecurity of connected medical devices – notoriously poor for decades – should finally start to improve. That is genuinely good news. But it is tempered by the reality that it will not happen quickly. The long-overdue change is coming thanks to the federal Food and Drug Administration’s (FDA) announcement in June that it was adopting UL 2900-2-1 as a new “consensus standard” for better software security in new devices, in order for them to qualify for “premarket certification.” That is expected to have a major impact – for good – on both the Continue Reading

I’m not sure if you check the Dark Web as often as I do – you know, the black market of the Internet where rogue military groups, drug and human traffickers do all their business. Either way, I came across an interesting breach earlier this week from Exactis that is potentially the scariest I’ve seen. Exactis you ask? I hadn’t heard of them either. But they are just one of many data aggregation companies that create profiles about people based on their browsing patterns, social media, shopping and even driving patterns, Continue Reading

When you’re browsing a website and the mouse cursor disappears, it might be a computer glitch — or it might be a deliberate test to find out who you are. The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors’ physical movements as they use websites and apps. Some use the technology only to weed out automated attacks and suspicious transactions, but others are Continue Reading

A new scam is afoot you should know about as it is targeting local Hawaii businesses. The Judiciary has notified the State Procurement Office (SPO) regarding an unknown third party (Perpetrator) impersonating a government employee. The perpetrator is contacting vendors by phone or by email and is issuing fraudulent purchase orders, which appears as if signed by a government employee. On acceptance of the purchase order, the goods are sent to an unknown third party, typically a forward shipping company. Fortunately the vendor in this instance, determined the purchase order Continue Reading

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in Continue Reading

The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One type of marketplace is called a remote desktop protocol (RDP) shop, which provides access to stolen systems for a small fee. Found in one of these RDP shops by McAfee’s ATR team: a major international airport’s security Continue Reading

Right now, your mobile phone could be hosting invisible software that’s helping hackers commit crimes across the globe and you’d have virtually no way of knowing it. That’s one of the key findings released today by a team of researchers at Distil Networks, a San Francisco security firm. Data engineers say they made an alarming discovery of bot networks, infecting millions of mobile devices worldwide. While researching customer account abuse and takeovers they suddenly realized that a lot of mobile requests were coming in. That observation led to further scrutiny of mobile Continue Reading