Cybersecurity - itbusinessdirect

Fitness app Strava exposes the location of military bases

January 29, 2018 Dianne Jacobs

Strava, the popular app for tracking running, cycling and swimming, is not the most obvious go-to for exposing national secrets, but a heatmap of activity from users has been found to unearth the locations of U.S. military bases worldwide. The company’s review of 2017 showed all routes taken by its users across the world. It was released back in November 2017, but it came to the fore this weekend when Australian student Nathan Ruser noticed that trails from Strava users in certain countries made it possible to identify military from the U.S. and…

Former Employees Confirm that Lyft Staffers Spied on Passengers

January 26, 2018 Dianne Jacobs

Just like Uber’s scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup’s passengers. One source that formerly worked with Lyft says that widespread access to the company’s back end let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.” When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what…

Hackers can see your Tinder photos and figure out your matches

January 24, 2018

Tinder isn’t using encryption to keep your photos safe from strangers who are sharing the same coffee shop Wi-Fi as you, security researchers have found out. Researchers from the Tel Aviv-based firm Checkmarx found that Tinder’s iOS and Android mobile apps still lack basic HTTPS encryption, meaning that anyone sharing the same Wi-Fi as you can see your Tinder photos or add their own into the photostream. The firm built a proof-of-concept app called TinderDrift, demoed on YouTube, that can reconstruct a user’s session on Tinder if that person is…

Intel tells users to stop installing chip patches

January 23, 2018 Dianne Jacobs

Software patches issued to fix serious security flaws on Intel chips should no longer be applied, the company has said. The patches tried to tackle flaws called Meltdown and Spectre that, if exploited, could expose important data. Many reported that their machines slowed down or stopped working when they applied Intel’s updates. Intel said it now knew what caused these problems and was developing fresh patches that would work better. In a statement, Intel spokesman Navin Shenoy said it had been investigating why the earlier patches caused “higher-than-expected reboots and…

Hackers breach National Bank systems making off with Ksh 29m

January 22, 2018 Dianne Jacobs

Hackers have breached the National Bank of Kenya systems making away with Ksh 29 million. Confirming the incident through a statement on their twitter handle, @National_Bank, National Bank confirmed the incident stating that indeed there was an attempt fraud in normal course of business on 17th January but the bank’s monitoring and security resources frustrated the attempt “The amount of attempted fraud is about Ksh 29 million and we are confident we will recover most of that money,” read the statement. The bank also confirmed that security are in pursuit…

Data-stealing spyware traced to Lebanon

January 22, 2018

A security bug that has infected thousands of smartphones has been uncovered by campaign group the Electronic Frontier Foundation (EFF). Working with mobile security firm Lookout, researchers discovered that malware in fake messaging designed to look like WhatsApp and Signal had stolen gigabytes of data. Targets included military personnel, activists, journalists and lawyers. Researchers say they traced the malware to a Lebanese government building. The threat, dubbed Dark Caracal by the researchers, looks as if it could come from a nation state and appears to use shared infrastructure linked to…

New Intel security flaw allows remote access to corporate laptops by hackers

January 16, 2018

Remember the latest “Spectre” and “Meltdown” vulnerabilities recently found in the micro-chips that are used in almost all computers, tablets and smartphones today? A new security flaw has been found in Intel hardware by Finish company F-Secure. The new vulnerability could enable hackers to access corporate laptops remotely. F-Secure said in a statement that the flaw was an issue within Intel Active Management Technology (AMT), “which is commonly found in most corporate laptops, (and) allows an attacker to take complete control over a user’s device in a matter of seconds,”…

Rush to fix serious computer chips flaws

January 4, 2018 Dianne Jacobs

Tech firms are working to fix two major bugs in computer chips that could allow hackers to steal sensitive data. Google researchers said one of the “serious security flaws”, dubbed “Spectre”, was found in chips made by Intel, AMD and ARM. The other, known as “Meltdown” affects Intel-made chips alone.The industry has been aware of the problem for months and hoped to solve it before details were made public. The UK’s National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited. According to the…

Hundreds of HP laptop models found to have hidden keylogging software

December 18, 2017 Dianne Jacobs

A security researcher has revealed that some HP laptops have hidden software which can log everything typed on its keypads. More than 460 models have been affected, dating back to 2012, according to the list released by the Company. The discovery was made by researcher Michael Myng who found the keylogging code in the pre-installed Synaptics Touchpad software on these laptops.Keyloggers record every key that is pressed on a keyboard. This means the laptop users are at risk of having their passwords, bank details, private communications and search history recorded…