This is an old post but it keeps happening along the years.
Despite high-profile security breaches such as Jack Straw’s Hotmail account being compromised, and cybercriminals gaining access to celebrity Twitter accounts after cracking an administrator password, a third of computer users are still using the same password for every website they access according to newly revealed stats* from Sophos.
Very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit. With social networking and other internet accounts now even more popular, there’s plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you’re making it much easier for them.
Recent news: 26,000 sex website passwords exposed by LulzSec
Memo to tech departments that were caught flat-footed when people started bringing their iPhones to work: You’d better get ready for the iCloud.
As with the original iPhone, it’s easy to see why a lot of workers would want to use the iCloud for both personal and professional use. Let’s say you’ve been working on a presentation all day and you want to bring it home to edit. Instead of doing so the old-fashioned way — i.e., lugging your company laptop home with you, e-mailing it to yourself or putting it on a flash drive — you’ll soon be able to have it pushed out automatically to all of your iCloud-capable devices, meaning that it will be ready for you on your iPad when you get home.
“iCloud treats the PC as just another device now,” says Patrick Wheeler, a senior product marketing manager for endpoint security at Trend Micro. “It becomes just another thing from which you may be accessing data, so it can let users be productive and access business documents on any of their devices.”
But as with any new technology, there are big risks involved with iCloud since users could potentially upload sensitive corporate data onto the cloud and have it spread to devices that do not have corporate security protocols. And while this risk is present in just about any cloud solution, Wheeler notes that the iCloud’s ability to automatically push out data to multiple devices makes it an even riskier proposition for most business users.
Citigroup Inc. waited as long as three weeks to notify credit-card customers of a hacking attack because it was conducting an investigation and producing replacement cards, according to a person familiar with the situation.
The internal investigation took 10 to 12 days and began within 24 hours of the discovery by Citigroup officials in early May that the New York bank’s systems had been breached, this person said. In some cases, Citigroup took action to protect accounts considered vulnerable to fraud.
Citigroup publicly disclosed the security attack last Thursday, saying it affected about 200,000 customers, or 1% of the company’s card users in North America. The company said it had referred the matter to law-enforcement authorities and planned to send replacement cards to a majority of the affected customers. Some critics have accused Citigroup officials of dragging their feet in notifying customers that some of their data has been compromised. The Senate banking committee is planning hearings on data security. The breach follows other attacks that are fueling concerns among financial regulators and security experts that banks and other companies aren’t doing enough to protect themselves and their customers.
Source: Wall Street Journal
Firefox users have targeted by a new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page.
Fake antivirus scams are legion, and ones using bogus update pages of one sort of another are also an established trick. The oddity of the latest incarnation of the attack, discovered by Sophos, is that it triggers only when encountering Windows users of Firefox pushed to it through a page redirect.
Artwork: Chip TaylorThe first big giveaway? Windows Update can only be started as a background activity in Windows or through Internet Explorer.
The page itself is a copy of the Windows Update page offering an “urgent” 2.8MB download which will turn out to start a useless security scan plugging fake antivirus software. The technique is clever. Users who agree to the update without being entirely sure that it is genuine will be more easily convinced that a PC has been infected with the non-existent malware later detected by the bogus program.
“Users need to be more vigilant than ever before as bogus security alerts pop-up in their browsers,” said Graham Cluley of Sophos. “Fake anti-virus attacks are big business for cybercriminals and they are investing time and effort into making them as convincing as possible.”
“Malicious hackers are using smart social engineering tricks more and more often, and the risk is that users will be scared by a phoney warning into handing over money to fix problems that never existed in the first place,” he said.