Hey Dropbox users – would you like to get more storage for your account?
The company may grant your wish, on one condition.
In an event held in London, the company’s head of trust and security, Patrick Helm made remarks concerning the biggest risks to Dropbox and revealed how his team was working to combat it.
One of the methods?
The incentive of users getting more storage in their accounts for free if they create stronger passwords.
This has come up because according to Helm, “The number one challenge is consumers reusing credentials across multiple websites, and we see a pattern where websites will get hacked, they may not even know it, and then encrypted passwords are stolen”.
The incentive is part of a push by Helm and his team to enlighten Dropbox users about using better passwords and utilizing password management tools.
At one point last year the company did offer bounties to hackers who could detect any vulnerabilities in their application.
The program incentive of free storage would be after users undergo a security checklist. When reached for additional comment on Helm’s remarks, Dropbox declined to respond.
The brash financial mogul and GOP Presidential candidate Donald Trump’s rough week just got even more so with news of a cyberattack involving his hotel properties.
The chain of luxury hotel properties entitled The Trump Collection were apparently hit with a credit card breach that dates back to February of this year.
In a statement by Eric Trump, the company confirmed the possible attack: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties.”
According to sources, the breach involves Trump hotels in Honolulu, New York City, Chicago, Las Vegas and Miami in addition to other locations across the country.
The first reports of the issue at properties within The Trump Collection were issued by banks who had spotted a series of suspicious debit and credit card charges.
Outside of the statement issued on Tuesday by the business magnate’s third son, the company would not comment on the matter further except to assure customers that they were still keeping their customers’ information as safe as possible.
For those using Adobe Flash, it appears that cyber thieves have found a way to take advantage of a flaw in the company’s Flash Player.
The French security firm Kafeine detected that criminals have been using a bug in the player which was patched by Adobe just last week.
Kafeine stated that there were bugs present in the software since January.
The report claims that thieves are using two kits, Angler and Magnitude that provide a framework for the criminals to get into a user’s computer system to deliver ransomware.
Ransomware is essentially computer software that locks down a PC and demands money be delivered to the thieves to unlock it.
The firm claimed that the issue affects the recent version of Flash.
Other security observers have noted that the kits can also deliver other forms of malware.
Adobe has recommended that users download the latest version of Flash from their website.
Microsoft has been awfully busy teasing the public with bits of information on the latest version of their operating software, Windows 10.
But there is one tidbit that hasn’t been fully revealed that may earn the company some irate users.
Recent reports have found that all Windows users who upgrade to Windows 10 will be locked into a pattern that forces them to accept each and every update Microsoft gives to them, and choosing not to means that their security updates will be cut off.
This applies to both free and paid users.
The process itself lies in what the company designates as “Current Branch”.
With this method, users of Windows 10 can opt to get their updates on a fast or slow path; the former gives you updates more quickly while the latter gets them to you once all bugs and other issues are worked out.
But opting for the slow path apparently makes you susceptible to the forced updates.
Microsoft apparently made no secret of this feature, mentioning it in a posting on their website in January.
But some users may balk at the fact that they can’t have the freedom to pick and choose what updates they desire like in other programs.
Windows 10 is set to be fully available to the public on July 29th.
The recent cyberattack that compromised the servers containing information on federal employees may have also hit the Federal Bureau of Investigation.
The attacks, which were first reported here and have led to the Office Of Personnel Management admitting that Social Security numbers of employees were exposed as well as other sensitive information in data packets on their servers, appear to have also affected agents with the F.B.I.
According to a source in the agency, the breach was the second such attack to affect them personally, with the first being via Anthem Blue Cross which took place last February.
The source says that they were notified by OPM last month that their information was compromised.
When pressed further, they did state that they weren’t sure that it was an agency-wide problem.
A wider breach of F.B.I. files would be a catastrophic danger to national security.
Speculation as to is behind these cyberattacks has fallen squarely on China’s doorstep.
While the White House has not officially stated that China was behind them, members of Congress have aired their suspicions.
Observers have their doubts of the breach as well as the veracity of the source.
A security company’s research has discovered a trove of logins for websites belonging to various United States government agencies online.
Recorded Future filed the report making the claim after spending the past year scanning 680,000 sources on the Internet.
In that search, they found 705 distinct log-ins stolen from approximately 47 different government agencies that ranged from the Justice Department to the CIA to the Treasury.
The sensitive information was found on public websites hackers normally use as data dump sites, like Pastebin for example.
Recorded Future commented on the find by saying: “The presence of these credentials on the open web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.”
They had no further details on how many of the passwords that they found were still active, but they surmised that they were stolen in part because individuals used them to log into third-party websites.
That action left them vulnerable to the cyber-theft.
The firm did recommend that the agencies formally adopt two-party authentication as a security measure among others.
The tensions between the United States and Chinese governments over their respective issues in cyberspace is experiencing a slight decline due to two days of talks.
The result of the two-day session of talks between the two nations that ended Wednesday were revealed to the press by President Barack Obama.
While he offered no distinct details, he did say that thanks to the talks, China was willing to work with the U.S. on the beginnings of a “code of conduct” for cyberspace.
Yang Jiechi, the Chinese State Councilor, told press that his country was willing to collaborate with the Americans on better cybersecurity protocol.
This news is slightly heartening given the animosity that has risen up between the two countries, most recently over allegations that hackers supported by the Chinese government were behind a massive breach that left the vital information of federal employees exposed.
For its part, China has both vehemently denied their involvement and accused the U.S. of inflicting cyberattacks on Chinese officials and corporations.
Secretary of State John Kerry comments on the talks were as follows: “There was an honest discussion, without accusations, without any finger-pointing, about the problem of cyber theft and whether or not it was sanctioned by government or whether it was hackers and individuals that the government has the ability to prosecute.”
He did stress to the Chinese that cyberattacks enacted with or without Chinese government support on the U.S. would not be tolerated in the meetings.
Samsung has been disabling the update feature of the Windows operating system on their computers, and in the process may have left their users highly vulnerable.
A researcher, Patrick Barker, announced on Tuesday that his investigation determined that the South Korean tech company has been crippling the Windows Update process for Microsoft’s operating system on their desktop and laptop computers.
Barker, a debugging expert who is a Microsoft certified professional was alerted to the situation on a forum.
He found that Samsung’s own updating process, SW Update, was behind it all.
Specifically, he found a distinct command in the OEM software that led to the Windows Update being shut off.
The immediate concern that was presented was, there was no discernable way to tell if the SW Update was conducting the internal patches and fixes that Microsoft directed their update to do.
Industry observers were surprised and gravely concerned for good reason; if neither update program was fully functioning, the computers would be exposed to malware that specifically goes after already-patched computers.
Microsoft did confirm to the press that it was aware of the situation and that they had reached out to Samsung concerning the problem.
Hackers who employ phishing as their main method of attack have found a new target base — and it’s not one observers would have guessed outright.
According to reports compiled by the security firm Proofpoint, phishers are going after those in middle management.
As the firm’s vice president, Kevin Epstein stated, “2014 was clearly the year that attackers went corporate, and they targeted middle management because it’s profitable.”
The study was conducted over the course of a year.
Middle management figures are under hefty pressure due to their workload, and as a result are more prone to click on emails in haste — which led to the rate of their clicking on malicious emails being doubled in that year of research as opposed to the year before.
Another factor lies in the amount of emails middle management tends to receive, which can range from 100 to 200 daily.
The emails also come equipped with fake voicemail and fax attachments.
The combination leads to phishers gaining access undeterred and without much crackdown from unaware cyber-defense professionals in house.
Proofpoint and other companies suggest that the best way to combat these phishing attacks is to install defense programs that are multi-layered and provide protection for all employees.
The United States Office of Personnel Management revealed during congressional hearings on Monday that they feel that 18 million people may have had their Social Security numbers exposed as part of a massive cyberattack in the past few weeks.
As first reported earlier this month, hackers believed to be aligned with the Chinese government gained illegal access to servers that contained sensitive information for every employee of the federal government.
That information was later revealed to include Social Security numbers, which was covered soon after on this website.
Standing before the House Oversight and Government Reform Committee, the director of the OPM spoke to this particular part of the breach.
“The 18 million refers to a preliminary, unverified and approximate number of unique social security numbers in the background investigations data,” said Katherine Archuleta.
Further testimony from the chief information office, Donna Seymour, stated that the hackers also took manuals on the department which included manuals on the government servers themselves.
The head of the committee, Utah Republican Representative Jason Chaffetz, voiced his displeasure with Archuleta’s testimony, blaming her for failing to disclose the full impact of the attacks and calling for her to resign.
“As the head of the agency, Ms. Archuleta is—in fact—statutorily responsible for the security of the OPM network and managing any related risk.” he said during the proceedings.
The OPM has taken great measures since the attack to bolster their online security in a 23 step that includes mandatory cybersecurity training and more sturdy firewalls.