While Dell recently admitted that a dangerous vulnerability was pre-installed on their systems, they refused to believe that it was created by them but still pledged to remove it.
In a great move my Microsoft, its Windows Defender security system has now begun locating and removing the certificate itself, as long as you've updated your Windows OS. Discovered by ZDNet in a routine action just this morning, Windows Defender identified a threat named "Win32/CompromisedCert.D" and removed it from the system.
Dell has reportedly started issuing updates to its maintenance utility to also rid this issue for all concerned, but it doesn't hurt to update Windows Defender to be safe.
"Malicious hackers already know us to be weaker than the rest of the world," the director of Hacklabs, Chris Gatford, told News.com.au in an interview. He believes that without much effort, Australia's water and electricity supply lines could become a complete shambles with a single hacker attack.
Gatford went on to draw the comparison between Australia's national infrastructure and your mothers Microsoft Surface, stating: "It would only take a skilled individual to breach these computer systems, because more often than not they are not patched as frequently as corporate or home systems which have automated updates." While he did comment mainly on security concerns within Australia, Gatford also made mention of other technical mishaps around the world, touching on "historical examples of traffic lights being overtaken, denial-of-service attacks at airports and organisations in Wall Street coming under attack to see its 100 per cent possible."
The whole situation isn't quite as dire as it may initially seem though, the Hacklabs director did reassure us that these necessary utilities would recover quickly from attack, rather than send Australia into a Fallout 4-like existence.
Utilizing a staff ID card to gain unauthorized access to a staff-only area of the University of Queensland (UQ), a student recently completed a hack into the private University grading system in an attempt to alter his marks before graduation.
As a result, this man is now scheduled to appear in court on December 3rd and faces 14 total charges, with these charges being partly made up of six based around use of a restricted computer and four for fraud. The 24-year-old man is in what the University called a "very serious matter," refusing to further comment on the allegations.
A statement by UQ Deputy Vice-Chancellor, Professor Joanne Wright, reminded students that they "should be aware that academic misconduct can lead to expulsion and criminal charges," further stating "I won't detail how we monitor for and detect cheats, but we have a range of measures to expose hacking and other breaches of information technology systems, plagiarism, and other misconduct."
While the LED light turns off when deactivated through the linked application, researchers have discovered that Google's Nest Cam doesn't fully deactivate, stating that it continues to function in a lower power state.
Expanding on these findings, The BBC says that the tested device "continued to draw a current of 340 mA" even when switched completely off, compared to a draw of 370 mA when turned on and operational.
While this draws concerns of 'Big Brother' Google or hackers being able to watch you at any time, Nest released a statement claiming that "when Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time." Further reassuring customers, they also said "when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings."
After users had their Amazon account passwords force-reset by the company itself, it has become apparent that a leak was possibly afoot.
In an email to customers, Amazon stated that it "recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party." While this email assured users that the issue was fixed "to prevent this exposure," Amazon also made sure to point out that no third party will have had access to your private password information.
ZDNet reported that these warning emails were coming from both Amazon.com and Amazon.co.uk. While Amazon.com had implemented two-factor authentication for users recently, it's UK counterpart has not yet installed this safety mechanism.
With China joining the rest of the world in moving away from hard currency towards various card options, Trend Micro says that cyber criminals are beginning to run rampant, stepping up their efforts in card fraud.
As part of a new study, Trend Micro pinpoints that the strong Chinese cyber criminal market has shown particular interest in gathering card payment information online. Trend Micro Forward-Looking Threat Research Team member, Lion Gu, wrote this lengthy report and referred to the growth in the market as an obvious fraud issue. With more users comes more risk of crime, it's not exactly rocket science.
What isn't obviously is exactly how this crime will come about. It's not just dodgy online stores that are being used, some machines are being modified to illegally store and send information, says Gu. Due to the machines passing through many hands and it being sometimes hard to track exactly who has touched them and when, there's a large possibility that criminals are placing these information capture facilities on products at some stage through the supply line, without the end-user or buying business being aware.
British police have arrested two young people believed to be spearheading a website named reFUD.me, a company which offered services to malware makers, assisting them to navigate past anti-virus programs.
The two 22 year-olds arrested allegedly kicked off their project in Feburary 2015, advertising themselves through various online malicious forums. Providing support to surpass between 30 and 40 anti-virus programs, the offered service utilized Cryptex Reborn packaging to bypass any new issues that arose during its time of operation.
reFUD.me charged license fees to many of its users, asking for $20-90 per month while offering updates when new issues were to arise.
Described as an "unintended security vulnerability," Dell has admitted that a root certificate preinstalled on some of its models exists and promises to remove it.
A Dell spokesperson explained that "to address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site, and technical support," further commenting that the computer giant does not install malware on user systems pre-delivery.
While Dell claims no responsibility for this flaw, a security blogger by the name of Hanno Bock disagrees. He says that this root certificate is not only shipped within these pre-built machines, but it's under the name 'eDellRoot' and is linked to 'Dell Foundation Services' drivers.
If it's on the internet, you can hack it. This is something that the FBI's chief security information officer, Arlette Hart, agrees with and discussed in length at the recent Structure cloud industry summit on Wednesday.
Talking about levels of enterprise and risk, Hart stated that accepting a risk doesn't mean it's going to happen," expanding "it means if the thing happens, you accepted the risk and will take the steps to mitigate that risk." Hart explained that while cloud data and technology is an extremely useful advancement, it can also be used for damaging purposes, saying "when the sword cuts, it cuts both ways."
While not directly answering any questions on 'the right to be forgotten', Hart also discussed that cloud-related risks are all part of business and an necessary evil to subject yourself to.
After news coming to light of the terrorist organisation ISIS using the PlayStation Network in order to coordinate attacks, security experts claim this group has now moved to Telegram in order to evade security organizations.
Utilizing an app made by Russian developers in order to evade their own Government, the messages still are much safer, says Cryptographer Matthew Green from Johns Hopkips. Professor Green Tweeted that this application's "crypto is like being stabbed in the eye with a fork."
While this app has not yet been formally announced as cracked, a researcher by the name of Thaddeus Grugq stated in a blog that he "wouldn't trust the encryption protection in Telegram against a nation state adversary."