Recently, Marriott Hotels informed the world that they had been the victims of a massive data breach. As it turns out, the breach was even more serious than was initially reported.
As the company has learned more from the ongoing investigation into the matter, they've been doing an admirable job at keeping the public updated, even if the details are cringe-worthy.
According to the latest information, the breach of the Starwood Preferred Guest database impacted up to 383 million travelers, which is fewer than the company's initial estimate of up to 500 million. Unfortunately, that's the only bit of good news.
While the company initially downplayed the amount of information that was taken, they're now saying that both credit card numbers and expiration dates were compromised. They underscored that the data was encrypted, but they also admit that they don't yet know if the components needed to de-crypt the data in a timely fashion were also compromised. Even if they weren't, a determined hacker could still de-crypt the information, putting every one of those card numbers at risk.
On top of that, the company has now confirmed that as many as 5.25 un-encrypted passport numbers were taken, along with more than twenty million encrypted passport numbers.
If you're just hearing about this breach for the first time, the above is in addition to the company's initial report that more than 327 million guests had non-payment information stolen.
The initial report included:
In short, before the most recent update, it was a serious breach by any definition. The inclusion of payment and passport information makes it even more so, even if the total number of impacted users is less than was originally estimated.
We'll post further updates if and as they become available.
There's a new side channel attack to worry about. This one is after the target system's OS page cache, where a variety of sensitive data that has been accessed by the device's owner is stored for rapid retrieval. Perhaps the worst and most ominous aspect of this newly identified threat is the fact that it's not limited by hardware architecture, and has been found to work on both Window and Linux-based machines.
This allows attackers to bypass sandboxes and other security protocols.
The research team is a motley collection of IT professionals hailing from Graz University of Technology, Boston University, NetApp, Intel, and CrowdStrike. They identified a number of possible ways a hacker might be able to use the newly identified attack vector and were even able (under certain conditions) to send data gleaned from the target system to a remote server.
The team pointed out that although they ran their tests on Windows and Linux machines, there's no reason to think their methodology wouldn't be successful on any other operating system currently in use today. This is a threat that potentially impacts the entire computing ecosystem. While many of the team's experiments required that the would-be hacker have physical access to the device, they were able to demonstrate that under certain conditions, a remote attack was also possible.
On this front, the team had the following to say:
"Our remote attack leverages timing differences between memory and disk access, measured on a remote system, as a proxy for the required local information."
They went on to explain that this could be achieved by measuring soft page faults, which happen any time a page is erroneously mapped. In this manner, the team was able to send data between the target system and a remote web server.
It should be noted that this attack has not been seen in the wild, but Microsoft, for one, is wasting no time addressing it. There's' already a mitigation routine built into Windows Insider build 18305, and it's expected to be rolled out to the user base at large in the months ahead.
All that to say, it's dangerous, but not as devastating as it otherwise could be. Even so, it's something to keep on your radar.
One of the exciting new features offered by the latest smartphones is facial recognition, which allows users to unlock their devices simply by looking at them. On paper, it's a great feature and incredibly convenient, but there's a problem. The issue was uncovered by a non-profit group called the Dutch Consumentenbond, which tested more than a hundred smartphones offered by a broad spectrum of vendors.
Their findings were disturbing to say the least.
It seems that advances in technology have rendered the new facial recognition routines easily hacked. The group found that nearly 40 percent of the phones they tested could be unlocked by a hacker displaying a high-resolution photograph in front of the camera.
These photos are such high quality that they can fool the software designed to protect the user. This allows any hacker who has access to a high-resolution photo of the phone's owner complete and unfettered access to anything on the device. After all, as far as the phone is concerned, you're the one unlocking it!
Unfortunately, given the fact that most people these days are engaged on at least one social media platform, high-res photographs are incredibly easy to come by. Even if you're not personally engaged in social media on any platform, given the ubiquity of high-quality cameras on the smart devices available for sale today, it's incredibly easy to snap a picture of the owner of the phone either before or after the hacker has made off with it.
The issue here is twofold: First, a growing percentage of people do their banking and make a variety of purchases via their phones, meaning that all of the data associated with those accounts would be available to a hacker who stole the phone. Second, companies selling phones with the facial recognition unlock feature are touting it as highly secure, when it very clearly isn't, giving their user base a false sense of security.
Beware. Facial recognition unlock is much easier to hack than manufacturers are letting on!
Two new critical flaws have been discovered in Adobe Acrobat and Reader that require your urgent attention.
In fact, the flaws were rated as so severe that the company broke with its tradition of releasing security updates around the middle of the month in coordination with Microsoft's "Patch Tuesday".
They released an update sooner this time, in order to make sure that these issues were resolved, and ensure the fixes were in the hands of their users.
The first issue, listed as CVE-2018-16011, is an exploit that takes advantage of the software's 'Use-After-Free functionality that allows a hacker to craft a special, poisoned PDF embedded with code that could allow them to take full control of the system targeted by the attack.
The flaws can be found in all versions of Windows, macOS Acrobat DC, and Reader 2019.010.20064 and older. The company recommends updating to version 2019.010.20069 to address the flaws and be sure your system is protected.
The company has listed both of these as critical flaws with a rating of two, which is about as serious as it gets.
In related news, we have learned that Adobe's regularly scheduled security patch will address a total of 87 security flaws across a range of the company's products, with 39 of the issues patched being rated as critical.
Kudos to Adobe for breaking with their tradition and addressing both of these flaws ahead of their regularly scheduled update. It's a sad testament to the times we live in that such actions are becoming increasingly necessary. However, it's always good to see instances of prominent tech companies rising to the occasion and looking out for the best interests of their user base.
Be sure to grab these updates and apply them as soon as feasible if you use either of the products mentioned above.
Google has been busy in recent weeks. They've removed a staggering 85 apps from their Play Store when they discovered that they were pushing highly aggressive adware to the users who downloaded them.
The apps the company removed were wearing a number of disguises, passing themselves off as everything from games, to remote control simulators, to streaming video services, and more. On occasion, they actually delivered at least some functionality to the user. Unfortunately, they also pushed an excessive number of full-screen ads and pop-ups.
Although Google has a fairly robust system in place designed to prevent such apps from winding up on the Play Store to begin with, a steady stream of malicious apps continues to make an appearance. Worse, the company didn't spot the ones they recently removed. Researchers at Trend Micro made the discovery, and informed Google.
To the company's credit, they responded immediately, but the damage had already been done. Taken together, the apps in question had already been downloaded more than nine million times by the time the company purged them from their system.
Even after notifying Google of their discovery, Trend Micro continued to test the apps they discovered and found that they came from a variety of different developers, although many of them shared the same, or at least highly similar code.
The two best strategies to avoid these kinds of apps are about as straightforward as it gets:
If, even after following that advice, your system still winds up getting infected and you find yourself bombarded with unwanted ads, uninstall it immediately.