Month: February 2015

Vulnerability in Superfish puts Lenovo Laptop Users’ at Risk

Superfish, a little-known Silicon Valley startup, has been facing criticism for quite a long time for its software named Superfish that has exposed Lenovo laptop users to hackers. This software is unintentionally aiding hackers in stealing personal information of users. The pre-loaded program Superfish is available on Lenovo laptops, sold between September 2014 and January 2015. As per security researchers, the vulnerability discovered in Superfish,  can open doors for hackers to impersonate on shopping, banking and other websites and steal user’s personal information, including credit card numbers. Though Lenovo did not react on the number of user-owned laptops that are infected with the software, as per CNET reports, the Chinese company sold 16 million Windows computers between September 2014 and January 2015. Lenovo has since apologized for pre-loading computers with Superfish’s visual search software, which captures images of users’ online pattern and then shows them ads of similar products. As per Lenovo, the software was working fine until Superfish went for third-party software addition. This addition enabled Superfish software to easily spy on secured and encrypted websites visited by Internet users. What is Superfish Software?                      Superfish is basically an adware, which is meant to place advertisements in your web browser, but is no longer safe for use. It intercepts the traffic to open up your computer to man-in-the-middle attacks, which works in parallel to the Heartbleed security...

Read More

Cyber Crooks Con Banks, Steal $1B

As reported by Kaspersky Labs, the Russian computer security company, around 100 banks and many other financial institutions have been attacked by a gang of cybercriminals.  An estimate of $1 bn has been stolen in the attack so far. It is important to note that this attack began in 2013 and is still active! The ongoing cybercrime came to light after an investigation was initiated by the Kaspersky Labs along with other crime centers, including the Interpol and Europol. The Carbanak gang, as named by Kaspersky, includes criminals from Europe, including Russia and Ukraine, and China. How the crime was committed? This is the most intriguing part of this cybercrime. Instead of opting for illegitimate identities to withdraw money, they went a step ahead and picked up an unusual approach to commit the robbery directly from banks. Here’s how the cyber robbery worth $1bn was committed: At first, using illegal software, the hackers successfully managed to infiltrate the bank’s internal computer systems. Thereafter, they infected the bank’s internal computing system with malware that resided in its network for months. As the bank’s network became vulnerable, the hackers then collected information and forwarded it to their gangs to carry out the other nefarious acts as planned. Once they were ready to strike, they also succeeded in impersonating the bank staff online to transfer millions of pounds into their fake accounts....

Read More

Here’s All That You Need to Know about Anthem Hack

Anthem, the second largest health insurer in the United States recently witnessed a severe data breach instance. The hackers breached one of its IT systems to steal personal information of around 40 million U.S. customers. This online attack on Anthem by far has been termed as the largest breach in the industry. As stated by the company, the hackers did not appear to steal medical information or other financial details, such as bank account or credit card details. Rather, the nasty attack was executed to steal critical information like, birthdays, social security numbers, street addresses, e-mail addresses and other employee information, such as income data. The company has initiated investigation and reported the attack to the FBI (Federal Bureau of Investigation), which further hired cyber security Firm FireEye Inc FEYE to move ahead with the inquiry. Cause of Data Breach at Anthem Reasons for the successful execution of such a crucial data breach can be many. But, according to experts, lack in security is the prime cause behind the expose of Anthem’s customer records. As per the reports of Wall Street Journal, the healthcare insurance provider did not encrypt the social security numbers of its current as well as former customers. If the data was encrypted, the customer records would have been less vulnerable as the cyber crooks would have taken time to decrypt and potentially access the data....

Read More

Google’s New Security Reward Program Pays Up-Front Grants for Bug Hunters

Google comes up with a new reward program for security researchers interested in finding bugs in its high-profile applications and services. The program initiated by Google will offer up-front grants of up to $3,133.70 to selected security researchers who will receive rewards regardless of whether they find a bug or not. Since 2010, Google has been rewarding researchers for finding and fixing bugs in its products and services through its security reward programs. But the new initiative by Google will pay the selected researchers even before the research begins. It has been designed to keep the researchers focused on the company’s products in spite of the growing difficulties that researchers face while finding vulnerabilities, including financial barriers. Explaining the point, Google’s security engineer, Eduaro Vela Nava said, “It can…be discouraging when researchers invest their time and struggle to find issues. These are up-front awards that we will provide to researchers before they ever submit a bug.” Under the new reward program, Google will mention the particular types of vulnerabilities, products and services, for which the selected researcher will have to support with security research. To participate in the program, interested candidates can apply for a grant to look into those areas. Here’s how the newly designed reward program is expected to work: Google will publish different types of vulnerabilities, products and services for which the research will be supported....

Read More