Heartbleed affected around 17 percent of all TLS-enabled websites
McAfee Labs today released its Threats Report for August 2014. The lead topic for the last quarter concerns the Heartbleed vulnerability, which McAfee Labs says was the most significant security event since the Target data breach in 2013. Heartbleed affected more than 600,000 websites, and in its aftermath, the cost for repair is likely to be hundreds of millions of dollars, McAfee Labs said.
Phising has become the top network security concern for enterprises
Hewlett-Packard sponsored a study conducted by research organization Ipsos Observer that shines a light on the number one concern for enterprises today. According to the study, almost 70 percent of IT professionals experience phishing attacks at least once a week, with customer data cited most often as the type of data attacked. After that, phishers are most interested in financial information.
China's own operating system could be ready by October
After banning Microsoft's Windows 8 software for use on government PCs, China is now reportedly planning to cook up its own operating system. The home brewed OS could see a launch as early as October, and it would have the full backing of the Chinese government. China's motivation in building an OS of its own is to alleviate concerns that imported software from the likes of Microsoft, Google, and Apple could have spying mechanisms built into the code base.
The concept of a bug bounty program is nothing new, and even Facebook will line your pockets with cash if you discover a qualifying security vulnerability in the social network or select acquisitions it's made. Until now, however Oculus Rift was exempt. Facebook has now extended its bug bounty program to Oculus Rift, which joins other Facebook acquisitions such as Instagram, Parse, Onavo, and Moves.
Just when you thought that BSODs were a thing of the past
After installing Microsoft's August 2014 Patch Tuesday updates, you may have noticed some wonky behavior in Windows. If you're especially unluckly, you may have even been experiencing those dreaded Blue Screen of Death errors that have largely been eradicated in recent years. It turns out there's some potentially buggy code that could cause BSODs after installing the updates, which prompted Microsoft to pull the patch offline while it investigates the issue.
A hacker attack believed to have originated in China resulted in the theft of personal details of 4.5 million patients of Community Health Systems Inc, one of the largest hospital groups in the nation. Cyber thieves made off with a treasure trove of personal details, including patient names, addresses, birth dates, telephone numbers, and social security numbers, or pretty much all the necessary info to steal someone's identity.
Well now, this is disturbing -- it's being reported that a Russian crime ring is in possession of around 1.2 billion stolen Internet credentials, which is the biggest collection of its kind. That includes user names and password combinations, along with more than 500 million email addresses collected from 420,000 websites. With that in mind, now might be a good time to change up your passwords for your more important accounts.
Oh great, as if it wasn't bothersome enough knowing that all our online communications are susceptible to government spying with very little we can do about it, now we've come to find out that just by having a USB port, there exists a pretty serious security risk every time we plug in a compatible peripheral. The problem is that virtually any of the millions of USB devices out there can be reprogrammed for malicious purposes, and there doesn't appear to be much we can do about it.
An effort is currently underway to switch Google Chrome over to BoringSSL, an OpenSSL fork the search engine giant announced last month. Weaning the world’s most popular browser off of the two cryptographic software libraries it currently uses (OpenSSL on Android and Mozilla NSS on all other platforms) is proving somewhat difficult at this early stage, though.
Country came close to outlawing anonymizing software last year
The Russian Ministry of Internal Affairs (MVD) recently floated a tender inviting bids for help with “obtaining technical information” about users of Tor, the increasingly popular anonymizing network. Bidding ends on August 13, 2014 and the ministry hopes to announce the winner of the 3.9 million ruble contract ($111,000) a week later on August 20.