Boeing Plans to Fix the 737 MAX Jet With a Software Update

Boeing Plans to Fix the 737 MAX Jet With a Software Update

The solution, then, is twofold: Boeing started by warning airlines that the MAX’s angle of attack sensors had malfunctioned before, that such a failure could lead the MCAS to push the plane’s nose down, and that pilots could safely defuse the problem by cutting off the trim system and working the plane manually.

When Facebook Goes Down, Don't Blame Hackers

When Facebook Goes Down, Don't Blame Hackers

“If you’re a DDoS attacker and you’re trying for a big target, and you want to have a big impact, you would probably look for an organization or a brand that doesn’t have as much connectivity to begin with,” says Alex Henthorn-Iwane, vice president at network security firm ThousandEyes.

Crashed Ethiopian Air Jet Is Same Model as Lion Air Accident

Crashed Ethiopian Air Jet Is Same Model as Lion Air Accident

Altrendo Travel/Getty Images An Ethiopian Airlines Boeing 737-800 MAX crashed into the ground Sunday morning after taking off from Addis Ababa, killing all 157 people aboard.

The Overlooked Security Threat of Sign-In Kiosks

The Overlooked Security Threat of Sign-In Kiosks

But X-Force interns Hannah Robbins and Scott Brink found flaws—now mostly patched—in all five mainstream systems they looked at from the visitor management companies Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist.

Holes in 4G and 5G Networks Could Let Hackers Track Your Location

Holes in 4G and 5G Networks Could Let Hackers Track Your Location

"Average consumers are at the risk of exposing their privacy to malicious third parties who sell location data and other private information." With the exception of the Piercer flaws, the vulnerabilities the researchers discovered would need to be fixed above the individual carrier level by the industry group GSMA, which oversees development of mobile data standards including 4G and 5G.

A 'Fortnite' Vulnerability Exposed Accounts to Takeover

A 'Fortnite' Vulnerability Exposed Accounts to Takeover

Now, new research from the IT security firm Check Point reveals a trio of vulnerabilities in Fortnite 's web infrastructure that could have allowed an attacker to take over user accounts.

How a Dorm Room Minecraft Scam Brought Down the Internet

How a Dorm Room Minecraft Scam Brought Down the Internet

In fact, according to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his coconspirators held grudges.” Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted ProxyPipe.com, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.

The Worst Hacks of 2018

The Worst Hacks of 2018

But between the company's increasingly dismal track record on third-party access limits and a recent incident in which a bug exposed 6.8 million users' photos to third-party developers, it's hard to feel like things are going as well as they could on the user privacy and data management front.Atlanta RansomwareIn March, a ransomware attack locked down the City of Atlanta's digital systems, destabilizing municipal operations.

The Most Dangerous People on the Internet in 2018

The Most Dangerous People on the Internet in 2018

The Most Dangerous People on the Internet in 2018Casey Chin; Getty ImagesThis year thankfully avoided any world-breaking ransomware attacks like NotPetya. In many cases, the most dangerous people online are also the most dangerous in the real world.

Pan Am Flight 103: Robert Mueller’s 30-Year Search for Justice

Pan Am Flight 103: Robert Mueller’s 30-Year Search for Justice

And the light of hope for better days to come.” He talked of Robert Frost’s poem, “Stopping by Woods on a Snowy Evening” and of inspiration drawn from Lockerbie’s town crest, with its simple motto, “Forward.” He spoke of what was then a two-decade-long quest for justice, of how on windswept Scottish mores and frigid lochs a generation of FBI agents, investigators, and prosecutors had redoubled their dedication to fighting terrorism.

The Year Cryptojacking Ate the Web

The Year Cryptojacking Ate the Web

For example, the cloud monitoring and defense firm RedLock said in February that Tesla's Amazon Web Services cloud infrastructure was running mining malware thanks to an inconspicuous, but extensive cryptojacking campaign.

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

By that night, as the outside world was still debating whether NotPetya was criminal ransom­ware or a weapon of state-sponsored cyberwar, ISSP’s staff had already started referring to it as a new kind of phenomenon: a “massive, coordinated cyber invasion.”Amid that epidemic, one single infection would become particularly fateful for Maersk: In an office in Odessa, a port city on Ukraine’s Black Sea coast, a finance executive for Maersk’s Ukraine operation had asked IT administrators to install the accounting software M.E.Doc on a single computer.

How to Protect Yourself From the Giant Marriott Hack

How to Protect Yourself From the Giant Marriott Hack

But the bulk of the victims—currently thought to be 327 million people—had different combinations of name, address, phone number, email address, date of birth, gender, trip and reservation information, passport number, and Starwood Preferred Guest account information all stolen."Four years is an eternity when it comes to breaches."David Kennedy, TrustedSecSome credit card numbers were also stolen as part of the breach, Marriott says, but the company did not provide an initial estimate of how many were taken.

The US Leans on Private Firms to Expose Foreign Hackers

The US Leans on Private Firms to Expose Foreign Hackers

He previously held counterterrorism and intelligence roles for the US government overseas and domestically.As government-backed hackers in Russia, China, Iran, and North Korea continue to infiltrate and attack American companies, it’s often private cybersecurity firms, rather than the US government, that are publicly assigning blame.

An Ingenious Data Hack Is More Dangerous Than Anyone Feared

An Ingenious Data Hack Is More Dangerous Than Anyone Feared

The researchers say such an attack could even be down remotely, without physical access to the target system.Both in terms of the attack and possible defenses, the researchers say there is still a lot that is unknown, because ECC chips, their implementation, and the devices they work in are all generally proprietary.

You Know What? Go Ahead and Use the Hotel Wi-Fi

You Know What? Go Ahead and Use the Hotel Wi-Fi

The most important thing to know about HTTPS, though, is that it obviates most of the attacks that (rightly) scared you off of public Wi-Fi in the first place.“If you’re in the US, the web is pretty well encrypted.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

The new work vastly expands the possibilities, though, by developing machine learning models that can churn out master prints."Even if a biometric system has a very low false acceptance rate for real fingerprints, they now have to be fine-tuned to take into account synthetic fingerprints, too," says Philip Bontrager, a PhD candidate at NYU who worked on the research.

Australian Magpies Are the Real Angry Birds

Australian Magpies Are the Real Angry Birds

But nowhere is the “swooping season” as scary as in Australia, where cyclists and pedestrians alike live in sheer terror of one very angry bird: the Australian magpie.

A Decade-Old Attack Can Break the Encryption of Most PCs

A Decade-Old Attack Can Break the Encryption of Most PCs

It's not super technically challenging."Segerdahl notes that the findings have particular implications for corporations and other institutions that manage a large number of computers, and could have their whole network compromised off of one lost or stolen laptop.'It's pretty quick and very doable for a knowledgable hacker.'Olle Segerdahl, F-SecureTo carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation.

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

But if owners of a Model S manufactured before then don't turn on that PIN—or don't pay to replace their key fob with the more strongly encrypted version—the researchers say they're still vulnerable to their key-cloning method.Keys to the KingdomLike most automotive keyless entry systems, Tesla Model S key fobs send an encrypted code, based on a secret cryptographic key, to a car's radios to trigger it to unlock and disable its immobilizer, allowing the car's engine to start.

Security News This Week: Hackers Hit The Oatmeal, and It Wasn't Funny

Security News This Week: Hackers Hit The Oatmeal, and It Wasn't Funny

Newman reported on how a T-Mobile data breach last week exposed personal information, like phone numbers, and why that matters so much.Another major security story this week came out of California, which is trying to pass a comprehensive digital privacy law to give residents control over their data.

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Companies don't seem interested in catching up.'If it’s not a secret, then you can’t use it as an authenticator.'Jeremy Grant, Better Identity CoalitionIdentity management experts have warned for years about over-reliance on phone numbers.