Late Sunday night, it was announced that multiple vulnerabilities were discovered in the widely used Wi-Fi Protected Access II protocol (WPA2) that could make it possible for attackers to eavesdrop on traffic passed between computers and wireless access points. While details are still being released, manufacturers of every wireless router/access point, and every device with wireless access are working towards defining updates that will resolve this vulnerability.
In potentially one of the worst cyberattacks in history, credit monitoring and reporting service Equifax was breached. The result was millions of consumer records being stolen from May to July, including personal, financial and credit card information.
Over the past several days, the big story in the US has been Category 4 Hurricane Harvey and the flooding and destruction it is leaving in its wake. As with most disasters, Harvey has stirred up the desire in many people to find a way to help with the relief efforts. Unfortunately, this also opens the doors to scammers who want to exploit the generosity of these people.
This week’s attack, called Petya and NotPetya in the media, is not necessarily a new form of ransomware; however, the way it evolved has experts questioning whether it is different enough from the original to be considered something other than a variant.
Earlier today, a phishing campaign spread across global inboxes. These emails were given legitimacy by appearing to be from someone the recipient recognized. There were a couple clues that could help users identify it as a non-legitimate request.
Popular payroll company ADP is warning of a sophisticated phishing attack using emails that impersonate ADP business. The attack email in question warns of a Past Due invoice. These emails appear as if an ADP.com account was used as the sender. Mytech has most commonly seen “billing.address.updates@ADP.com"; but other addresses including “Francisca.Hopkins@adp.com” are also common.
SUPERVALU announced on Thursday (7/14/2014) that it experienced a criminal intrusion into its payment card transaction network. The intrusion may have resulted in the theft of account numbers, expiration date, and cardholder’s names. The intrusion was identified by an internal team and quickly contained. Third-party data experts are assisting in determining the scope of the incident.
Illegitimate spam messages are not just annoying, they often contain threats to your network security. One particularly dangerous form of these threats is what has become known as "phishing" attack. This involves tricking people into clicking a hyperlink in their email that takes them to what appears to be a legitimate website. Once the user arrives at the fake site they are usually prompted to enter personal information, and then that personal information can be used by the attacker in a variety of bad ways.
Google has recently discovered a problem with a Certificate Authority (CA) in India that has been improperly issuing SSL certificates. The risk from this practice is that a browser might believe a malicious website is a legitimate site.