A cyberattack on JPMorgan Chase & Co., the largest bank in the U.S., impacted around 76 million homes and 7 million small businesses, the company revealed in a filing with the Securities and Exchange Commission this week. Compromised data includes user contact information, including names, addresses ,phone numbers, email addresses, and internal JPMorgan information relating to 83 million users.
Security researchers have discovered a major security bug in the Unix shell known as Bash (Bourne-again shell), one of the most commonly used utilities in Linux and one that could potentially affect a great number of Unix and Linux web servers. By exploiting the newly discovered vulnerability, an attacker can take complete control of the system and/or execute shell commands that could make a server vulnerable to even more threats.
Twitch, the popular videogame streaming site recently acquired by Amazon, is being used to propagate malware that specifically targets Steam users, security firm F-Secure revealed in a blog post Friday. Gullible Steam users are being lured into clicking a malicious link contained in bot-sent raffle invites on Twitch that promise them the opportunity to win such prizes as Counter-Strike: Global Offensive items. On the other side of that link, there is usually a Java program asking for some basic personal info, a congratulatory message, a malicious Windows binary file, and an empty Steam wallet.
If you used a credit or debit card at Home Depot since April, you information may be compromised
Home Depot this week confirmed that its payment data systems have been breached in an attack that may potentially impact customers who used a payment card at its U.S. and Canadian stores dating back to April. The home improvement chain isn't saying how many people might be affected, though according to various reports around the web, this could be one of the largest breaches of retailer data so far.
Android continues to be a popular target in mobile
Security outfit F-Secure released its Threat Report for the first half of 2014, and in it the company highlights an increase in online attacks that lock up user data and hold it for ransom. This rising trend in "ransomware," as it's called, is even prevalent on mobile devices, most notably Android, which was the target of 294 of the 295 new threat families F-Secure discovered, with the only other taking aim at iOS.
Heartbleed affected around 17 percent of all TLS-enabled websites
McAfee Labs today released its Threats Report for August 2014. The lead topic for the last quarter concerns the Heartbleed vulnerability, which McAfee Labs says was the most significant security event since the Target data breach in 2013. Heartbleed affected more than 600,000 websites, and in its aftermath, the cost for repair is likely to be hundreds of millions of dollars, McAfee Labs said.
Phising has become the top network security concern for enterprises
Hewlett-Packard sponsored a study conducted by research organization Ipsos Observer that shines a light on the number one concern for enterprises today. According to the study, almost 70 percent of IT professionals experience phishing attacks at least once a week, with customer data cited most often as the type of data attacked. After that, phishers are most interested in financial information.
China's own operating system could be ready by October
After banning Microsoft's Windows 8 software for use on government PCs, China is now reportedly planning to cook up its own operating system. The home brewed OS could see a launch as early as October, and it would have the full backing of the Chinese government. China's motivation in building an OS of its own is to alleviate concerns that imported software from the likes of Microsoft, Google, and Apple could have spying mechanisms built into the code base.
The concept of a bug bounty program is nothing new, and even Facebook will line your pockets with cash if you discover a qualifying security vulnerability in the social network or select acquisitions it's made. Until now, however Oculus Rift was exempt. Facebook has now extended its bug bounty program to Oculus Rift, which joins other Facebook acquisitions such as Instagram, Parse, Onavo, and Moves.
Just when you thought that BSODs were a thing of the past
After installing Microsoft's August 2014 Patch Tuesday updates, you may have noticed some wonky behavior in Windows. If you're especially unluckly, you may have even been experiencing those dreaded Blue Screen of Death errors that have largely been eradicated in recent years. It turns out there's some potentially buggy code that could cause BSODs after installing the updates, which prompted Microsoft to pull the patch offline while it investigates the issue.