TweakTown
Tech content trusted by users in North America and around the world
5,915 Reviews & Articles | 38,109 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 10

Havex malware modification targeting industrial control systems

Cybercriminals are finding new methods to compromise energy companies and other critical industries with custom malware, exploiting legitimate apps. Instead of trying to hack the company directly, hackers are finding success in hacking software providers to hack vendors, according to security firm F-Secure.

 

TweakTown image news/3/8/38699_01_havex_malware_modification_targeting_industrial_control_systems.jpg

 

The "Havex" malware previously hit the energy sector, and is now being used to target companies in Europe. An industrial machine producer and two educational organizations in France, with companies in Germany also hit.

 

"During the spring of 2014, we noticed that Havex took a specific interest in Industrial Control Systems (ICS) and the group behind uses an innovative Trojan horse approach to compromise victims," said F-Secure in a blog post. "The attackers have Trojanized software available for download from ICS/SCADA manufacturer websites in an attempt to infect the computers where the software is installed to."

Continue reading 'Havex malware modification targeting industrial control systems' (full post)

PayPal security 'shoddy,' Two-Factor Authentication bypassed

PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.

 

TweakTown image news/3/8/38678_01_paypal_security_shoddy_two_factor_authentication_bypassed.jpg

 

Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.

 

"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."

Continue reading 'PayPal security 'shoddy,' Two-Factor Authentication bypassed' (full post)

Smartphone kill switch passes California Assembly, Headed to Floor

California Senate Bill 962, aimed at forcing smartphone manufacturers to include mandatory kill switches on smartphones, has passed the California Assembly committee. Apple, Google, Microsoft, Verizon Wireless and AT&T say they are okay with the law, after showing initial distrust of mandatory kill switches.

 

TweakTown image news/3/8/38680_01_smartphone_kill_switch_passes_california_assembly_headed_to_floor.jpg

 

Last month, the California Senate passed the smartphone kill switch bill on its second try, with lawmakers saying police across the state are seeing smartphone thefts plaguing communities. San Francisco District Attorney George Gascon and Oakland Mayor Jean Quan applaud anti-theft smartphone technology, especially with smartphone-related crimes staggering high in San Francisco and Oakland, respectively.

 

"The only way to stop the victimization of innocent cell phone customers is to enable theft-deterrent technology on nearly every new smartphone sold in California, which this legislation will do," said Sen. Mark Leno, (D-San Francisco), the sponsor of the bill

Around 80 percent of Flappy Bird clones installed with malware

Mobile gamers interested in playing Flappy Bird should be extremely careful, because most versions of the game circulating shipped with some type of malware. A whopping four out of every five Flappy Bird clone apps come with malware, and that shouldn't be a surprise, with the game pulled while still in such high demand.

 

TweakTown image news/3/8/38659_01_around_80_percent_of_flappy_bird_clones_installed_with_malware.jpg

 

The developer behind Flappy Bird, Dong Nguyen, removed his hugely popular game from app stores in February, concerned that it was causing addition. However, the game was so popular that it didn't take long before clones began hitting the Internet, and download rates of the knock-off versions picked up.

 

Some malware is responsible for texting premium services, while others intercept messages and phone calls, and others focus on targeting payment information.

Cyberattacks demanding ransom in exchange for files growing

Police departments in the United States are being targeted by cyberattacks compromising users and demanding ransom in exchange for control of PCs and files. It's a significant problem when emergency responders are unable to access databases and records due to someone carelessly clicking something in their email.

 

TweakTown image news/3/8/38656_01_cyberattacks_demanding_ransom_in_exchange_for_files_growing.jpg

 

Recently, the Collinsville Police Department in Alabama was hit, triggered by someone in the police department opening a suspicious email attachment, that immediately hurt police activities. They were unable to access mug shot files, time sheets, and vehicle maintenance records - and the department's computer backups failed, and they might have to start over from scratch.

 

A police department in Massachusetts was compromised and chose to pay the $750 ransom, which is something federal investigators don't encourage. The files might be decrypted and returned, but likely don't end up returning the same way they were before being compromised.

Continue reading 'Cyberattacks demanding ransom in exchange for files growing' (full post)

Current cybersecurity threats are confusing and companies struggle

Companies and enterprises are seeing the negative impact of cybersecurity issues, such as data breaches can cause, but aren't using information protection strategies to help combat the problem, according to a recent survey published by CSO Magazine and PwC.

 

TweakTown image news/3/8/38625_01_current_cybersecurity_threats_are_confusing_and_companies_struggle.jpg

 

Three out of four companies experienced some type of security problem in the past year, with an average of 135 incidents per company. To make matters worse, improving cybersecurity still isn't company priority when compared to other day-to-day business activities.

 

"While the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organizations' cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries," according to the survey.

Continue reading 'Current cybersecurity threats are confusing and companies struggle' (full post)

FBI teams up with NYPD and NYC MTA to create cybercrime task force

New York City has a new financial cybercrimes task force with the Federal Bureau of Investigation (FBI) teaming up with the New York City Police Department and Metropolitan Transportation (MTA) authority. The three agencies will share threat assessment data and study cyberattacks in which money and funds have been compromised.

 

TweakTown image news/3/8/38623_01_fbi_teams_up_with_nypd_and_nyc_mta_to_create_cybercrime_task_force.jpg

 

The FBI has become active in partnering with local agencies across the United States, as part of its Next Generation Cyber Initiative - understanding that cyberattacks continue to expand and evolve at a rapid pace.

 

"The task force model that has been successfully employed in response to bank robbery and terrorism cases is now being applied to the cyber realm," said George Venizelos, FBI Assistant Director, in a statement. "The FBI continues to develop positive working relationships with our fellow law enforcement officers in our joint efforts to tackle criminal activity, and we look forward to working with our partners at the NYPD and MTA to combat cybercrime."

Code Spaces shutters following DDoS cyberattack brings company down

Source code hosting service Code Spaces recently suffered a massive cyberattack that started with a distributed denial-of-service (DDoS) attack. The second phase of the attack occurred when a cybercriminal compromised the company's Amazon EC2 control panel, demanding a ransom from Code Spaces before the DDoS attack ended.

 

TweakTown image news/3/8/38613_01_code_spaces_shutters_following_ddos_cyberattack_brings_company_down.jpg

 

Code Spaces were unable to access company private keys, and the Amazon EC2 password was changed, but the hacker was still able to begin deleting artifacts from the control panel. Trying to restore the service back to normal will be too expensive and cumbersome, so Code Spaces folded up shop.

 

"Code Spaces will not be able to operate beyond this point... the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility."

Continue reading 'Code Spaces shutters following DDoS cyberattack brings company down' (full post)

Companies should be more transparent and open about data breaches

Businesses struggle to keep their data secure, but find it even harder to deal with data breaches once they already happen. Companies that try to bury their heads in the sand and keep breaches secret could be harming themselves more than anything else, and should be more transparent.

 

TweakTown image news/3/8/38605_01_companies_should_be_more_transparent_and_open_about_data_breaches.jpg

 

Some companies try hiding data breaches or only confirm the news after security incident details are released. That can lead to major problems from shareholders, customers, and law enforcement officials.

 

"It's brought it to a point now where businesses have to pay attention," said Al Pascual, Javelin Strategy & Research senior analyst, in an interview with journalists. "Before, it was more of a concern for folks in the back office. They may have had some minor concerns about regulators or government officials, but now they have to worry about being punished by their shareholders, being punished by consumers who are pretty likely not to come back or to reduce their patronage."

Continue reading 'Companies should be more transparent and open about data breaches' (full post)

Medical device company Medtronic compromised by data breach

Medical company Medtronic said it was breached by cyberattacks in separate incidents last year, with some patient records compromised. A number of medical records in the diabetes business unit was taken, but the company didn't disclose how many patients were affected, or what information was at risk.

 

TweakTown image news/3/8/38602_01_medical_device_company_medtronic_compromised_by_data_breach.jpg

 

Medtronic is the biggest standalone medical device maker in the world, and is a significant problem that rivals should pay attention to.

 

"Medtronic, along with two other large medical device manufacturers, discovered an unauthorized intrusion to our systems that was believed to originate from hackers in Asia," Medtronic confirmed in a filing to the Securities and Exchange Commission (SEC).

Continue reading 'Medical device company Medtronic compromised by data breach' (full post)

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases