Security

Cybersecurity forces align as FireEye acquires Mandiant

Two well-known companies that deal with Internet security have joined forces.

Anti-malware firm FireEye announced Thursday that it acquired data breach responder Mandiant for roughly $1 billion, based on the current value of FireEye shares. This deal could have broad implications for competing cybersecurity firms and even for governments that have been criticized for monitoring users on the Web.

"Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats," FireEye CEO David DeWalt said in a statement. "Together, the size and global reach of FireEye and … Read more

NSA spyware gives agency full access to the iPhone -- report

The US National Security Agency can reportedly sniff out every last bit of data from your iPhone, according to leaked NSA documents published by German magazine Der Spiegel.

Known as DROPOUTJEEP, the spyware is said to be one of the tools employed by the NSA's ANT (Advanced or Access Network Technology) division to gain backdoor access to various electronic devices. On Sunday, leaked documents obtained by Der Spiegel showed how these tools have reportedly been used to infiltrate computers, hard drives, routers, and other devices from tech companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, and Samsung.

Those … Read more

New malware roosting place: Inside your SD Card?

Security researchers have found a way to hack SD Cards, the most common form of flash-memory cards used to store data mobile phones and digital cameras, and run software that intercepts data.

Andrew "bunnie" Huang and Sean "xobs" Cross disclosed the approach Sunday in a blog post and talk at the Chaos Computer Congress (30C3). With the attack, a person could run malicious software on the memory card itself. That's because the cards have tiny built-in computers called microcontrollers that are used to oversee the details of data storage.

The result is a "perfect … Read more

Hacker tried to sell access to BBC server -- report

A Russian hacker wasn't exactly in the Christmas spirit when he reportedly tried to sell access to a BBC server on December 25.

Apparently first spotted by cybersecurity firm Hold Security, the recent attack hit a BBC FTP server and was conducted by a "notorious Russian hacker" known as "Hash" and "Rev0lver," Reuters reported on Sunday. No evidence has turned up indicating that the hacker stole any actual information.

But "Hash" attempted to make a Christmas Day profit out of his exploits, according to Hold Security founder Alex Holden. The hacker … Read more

NSA reportedly planted spyware on electronics equipment

A new report from Der Spiegel, based on internal National Security Agency documents, reveals more details about how the spy agency gains access to computers and other electronic devices to plant backdoors and other spyware.

The Office of Tailored Access Operations, or TAO, is described as a "squad of digital plumbers" that deals with hard targets -- systems that are not easy to infiltrate. TAO has reportedly been responsible for accessing the protected networks of heads of state worldwide, works with the CIA and FBI to undertake "sensitive missions," and has penetrated the security of undersea … Read more

Target: Encrypted PINs stolen but not encryption key

Target is again trying to calm customers in the wake of the recent hack that snatched credit card information for as many as 40 million account holders.

A Target spokeswoman revealed on Friday that strongly encrypted credit and debit card PINs were stolen by the hackers. But she said that those personal identification numbers cannot be decrypted without the right key, which could not have been taken during the data breach as the company does not store that information. The PINs are encrypted at the point-of-sale keypad, stay encrypted in the system, and continued to remain encrypted when obtained by … Read more

Snowden's Christmas message: Privacy counts

Edward Snowden, the National Security Agency whistleblower, delivered a video message on Christmas Day via UK's Channel 4 with a simple theme: "privacy matters."

"A child born today will grow up with no conception of privacy at all. They'll never know what it means to have a private moment to themselves -- an unrecorded, unanalyzed thought," Snowden said in the 1-minute, 43-second message. "And that's a problem because privacy matters. Privacy is what allows us to determine who we are and who we want to be."

Snowden referenced George Orwell's &… Read more

Researchers report security flaw in Samsung's Galaxy S4

Here's some Grinchy news for those of you who put Samsung's Galaxy S4 on your holiday wish list: Israeli researchers have identified a vulnerability in the smartphone that allegedly allows a hacker to easily intercept secure data.

Samsung told CNET and other news outlets that it's looking into the issues and thus far doesn't believe the problem is as serious as the researchers present in their findings.

"Based on the information we currently have, the threat appears to be equivalent to some well-known attacks," Samsung said. "KNOX already includes mechanisms, such as per-app … Read more

Security firm RSA took millions from NSA: report

What's an encryption backdoor cost? When you're the NSA, apparently the fee is $10 million.

Intentional flaws created by the National Security Agency in RSA's encryption tokens were discovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.

Two people familiar with RSA's BSafe software told Reuters that the company had received the money in exchange for making the NSA's cryptographic formula as the default for encrypted key generation … Read more

Target data stolen in hack showing up on black market

As if the Target hack ordeal couldn't get any worse -- data from the retail chain's massive security breach stolen between November 27 and December 15 is popping up in huge quantities on the black market, The New York Times reported Friday.

After Target conceded Thursday that its in-store point-of-sale systems were indeed hacked, compromising as many as 40 million debit and credit card accounts, fraud industry experts are seeing the information flood online card-selling markets to the tune of a "ten- to twentyfold increase" in high-value cards.

The hack, which affected only shoppers who made … Read more