TweakTown NewsRefine News by Category:
Reports were published within the past week that more than 1,800 Minecraft accounts were hacked, with passwords leaked online - but the company has defended itself, and it looks like phishing attacks are to blame.
"No! We haven't been hacked," said Owen Hill, Chief World Officer at Mojang, in a published blog post. " No one has gained access to the Mojang mainframe. Even if they did, we store your passwords in a super encrypted format. Honestly, you don't need to panic."
Affected Minecraft players have been emailed and will now need to reset their passwords. If you want to change your password just in case, head to Minecraft.net/resetpassword.
Business leaders are paying attention to cybersecurity more than they were in recent years, but struggle to find methods to keep networks secure. Trying to determine what steps to take remains a complicated issue, especially with some companies discovering data breaches months after the initial incident occurs.
There are a number of potential problems for companies trying to keep their networks secure, as potential attacks originate from a variety of sources. Much focus is dedicated to preventing a breach, but business leaders also need to focus on the likelihood that a cyberattack was successful:
"The role of organized crime and government-sanctioned hacking will continue to thwart cybersecurity efforts [in 2015]," said JF Roy, CTO of TIBCO LogLogic, in a statement to TweakTown. "Breaches will continue to be discovered after the fact, which means that businesses must update their security and risk management plans to include incident response policies with contingencies for involvement of federal law enforcement."
It appears the serial ports of automated tank gauges (ATGs) of almost 5,300 gas stations and fuel depots in the United States are vulnerable because they aren't password protected. ATGs are used to more accurately track fuel tank inventory levels, raise alarms, track fuel deliveries, and conduct leak tests - but people with access to the interfaces could cause problems, according to the Rapid7 Security Street blog.
It doesn't look like there have been any incidents of actual breaches, but shows the importance of password protecting connected technologies. ATGs can be accessed via serial port, plug-in serial port, TCP/IP circuit board, and fax/modem.
Rapid7 was made aware of the issue by Jack Chadowitz, founder of the Kachoolie security firm, and started investing ATG vulnerabilities since Jan. 9.
Despite previous reports claiming the Lizard Squad was hacked, which would be a public relations nightmare for the hacker group, it appears the list could have just been distributed. Members of the group were sharing the list with trusted contacts, plotting attacks against specific accounts that piqued their interest. Seems a trusted source received the list and decided to publicly release it, according to an unnamed Lizard Squad member.
"We've got a fairly good idea who handed it over to Krebs & co. though," a supposed Lizard Squad spokesman told Forbes. "I didn't look into it much but from what I heard there were some pretty well known Twitter users in there for example and gamers. There were some interesting people who signed up... and considering most users were stupid enough to reuse their passwords..."
The Lizard Squad still seems mainly interested in attacking gaming-related services and servers, and while several members have been arrested, continue to pose a threat.
Thirty-two percent of users who share an Internet-enabled device, such as smartphones or tablets, with relatives, colleagues or friends don't take precautions to protect their information, according to a survey from Kaspersky Lab and B2B International.
Many people use PCs, smartphones, tablets and other devices with at least one other person, with one in three users saying they share devices - but don't have proper security protocols in place while sharing technology.
"Sharing a computer or smartphone increases the risk of malware infection, data loss or account theft, so it is important to take precautions," said Elena Kharchenko, Head of Consumer Product Management at Kaspersky Lab. "Always keep backup compies of important files; delete information that should not fall into the wrong hands, especially by disabling form autofill; try to control user access rights on the device - and most importantly - use programs that provide protection against cyber threats."
Attention on cyberattacks typically tends to focus on data breaches, but nonprofit groups likely face a higher risk of ransomware attacks. These types of attacks typically begin with a phishing attempt that gets an employee to unknowingly install custom malware designed to encrypt files - and hold critical data for ransom, or the files will be left permanently compromised.
As nonprofits are adjusting efforts to reach fundraising goals, people donating to these groups expect a certain level of security while contributing money - and a ransomware attack can be extremely detrimental.
"In 2015, the number of unique cybersecurity threats has surpassed the 300 million mark, growing at a steady rate of almost 40,000 new threats a day," said Catalin Cosoi, global security strategist of Bitdefender. "But it's not only the sheer number of malware that poses an immediate risk to nonprofits across the United States. Some of these viruses now specialize in extorting businesses by encrypting data and then asking for money in return... for the decryption key."
High-profile cyberattacks and data breaches in 2014 indicated the serious need for improved security efforts, but 2015 could be even worse, noted Cisco CEO John Chambers. Data breaches sometimes take months to detect, and improving security remains a difficult process that causes headaches for business leaders and IT staff.
Of specific concern is the growing number of connected devices now access the Internet, with cybercriminals interested in exploiting these products.
"There is no data center or network in the world that hasn't been hacked," said Chambers, speaking to CNBC during the World Economic Forum. "If you watched the number of attacks, they're going up exponentially this year, this year's going to be much worse than last year."
Sony will delay releasing its third quarter earnings report because of Sony Pictures continuing to struggle with repair of its crippled computer systems. Company officials want to release Sony's earnings report on March 31, and have asked regulators for additional time to get its IT situation sorted.
It will take until early February until SPE systems are fully restored and operational because of the "amount of destruction and disruption that occurred, and the care necessary to avoid further damage by prematurely restarting functions," according to Sony.
Despite The Interview bringing it close to $50 million from the box office, online rentals and sales, it has been a constant headache for the film studio. During CES, Sony CEO Kazuo Hirai said current and former employees suffered "one of the most vicious and malicious" cyberattacks to target a company - and applauded them for their continued resolve.
Companies suffered relentless cyberattacks and data breaches in 2014, and that trend is expected to continue in 2015. Business leaders need to streamline their efforts to improve cybersecurity protocols to prevent outside breaches, along with defending accidental and intentional insider threats posed by employees.
"Because of the multitude and sophistication of both internal and external attack vectors, cybersecurity is perhaps the most daunting operational challenge facing organizations today," said JF Roy, CTO of TIBCO LogLogic, in a statement to TweakTown.
As companies and government departments scramble to fix potential security problems, they are throwing money at the problem - but that can be a futile effort if they don't understand why these incidents occurred in the past.
Barrett Brown, a writer and activist linked to the Anonymous hacker group, has been sentenced to five years in prison for sharing stolen data and threatening an FBI agent. Brown pleaded guilty to obstructing the execution of a search warrant, accessory to an unauthorized access of a protected computer and making Internet threats.
Brown's tweets and posted YouTube videos helped generate unwanted attention by federal investigators, and the 33-year-old was blamed for sharing data stolen from the Stratfor private defense contractor. He originally could have faced more than 100 years if convicted - and after time served in custody already - must serve three more years.
"If I criticize the government for breaking the law, but then break the law myself in an effort to reveal their wrongdoing, I should expect to be punished just as I've called for the criminals at government-linked firms to be punished," Brown said before he was sentenced. "When we start fighting crime by any means necessary, we become guilty of the same hypocrisy as law enforcement agencies throughout the history that break the rules to get the villains, and so become villains themselves."