TweakTown
Tech content trusted by users in North America and around the world
6,201 Reviews & Articles | 40,022 News Posts
TRENDING NOW: Samsung wants the US government to block GeForce GPU shipments

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 14

eBay members facing phishing attacks, security experts not impressed

Auction website eBay has been urged to take action against more than 100 fraudulent listings that reportedly put users at risk, tricking them to turn over personal information. Cybercriminals hijacked accounts, targeting users with 100 percent feedback over hundreds of transactions, as bank account information was requested.

 

TweakTown image news/4/0/40278_01_ebay_members_facing_phishing_attacks_security_experts_not_impressed.jpg

 

It appears the problem stems from eBay's ability to give customers the choice to embed Flash and Javascript data into their auction listings. It's not uncommon to use these page style designs to enhance listings and help draw in potential bidders. However, security experts have long warned that malicious code could be listed on the site, using cross-site scripting (XSS) tactics to compromise unsuspecting users.

 

eBay was hacked in May and auction website users were urged to change their passwords as soon as possible - and yet another security threat will only hamper the company further.

'Lizard Squad' hackers take down Destiny, Call of Duty servers

Lizard Squad, a hacking group, has claimed responsibility for taking down various low servers for Destiny and Call of Duty: Ghosts yesterday. The attack left some gamers unable to play the two games.

 

TweakTown image news/4/0/40249_03_lizard_squad_hackers_take_down_destiny_call_of_duty_servers.png

 

Last month, the group took credit for the DDoS attack on Sony's PlayStation network, as well as calling in a bomb threat on the president of SOE's plane, requiring it to be diverted. Players of both Destiny and Call of Duty: Ghosts took to Twitter to complain about the server outage, as it happened during peak times: the weekend.

Home Depot breach tops Target, with almost 60 million cards affected

The recent Home Depot breach has proven to be larger than retailer Target's breach late last year, with as many as 56 million credit card uses at risk. Former employees accuse the company of leaving data vulnerable, a charge that executives have denied, but there were alarm bells reportedly dating back to 2008. An estimate of the stolen data, which is becoming available online, could lead to $3 billion in illegal purchases over time.

 

TweakTown image news/4/0/40239_01_home_depot_breach_tops_target_with_56_million_cards_affected.jpg

 

This is a huge bungle by Home Depot," noted Jeff Macke, Yahoo Finance analyst. "It's more than an inconvenience... it's a huge, ridiculous hassle. We need an upgrade of the whole cycle."

 

Indeed, security experts are calling on banks to embed credit cards with microchips rather than rely on magnetic strips. Home Depot uses EMV chip-based technology for Visa and MasterCard in Europe and Canada, and plans to introduce it into the United States later in 2014.

Continue reading 'Home Depot breach tops Target, with almost 60 million cards affected' (full post)

Google says don't worry about list of 5M Gmail usernames, passwords

Google said it was not hacked and a Gmail username and password list with more than 5 million accounts was harvested over time. It seems most likely that the email usernames and passwords were taken due to phishing scams and by trying to log into hacked websites, according to security experts.

 

TweakTown image news/4/0/40142_01_google_says_don_t_worry_about_list_of_5m_gmail_usernames_passwords.jpg

 

"We're always monitoring for these dumps so we can respond quickly to protect our users," the Google security team said in a blog post following news of the username/password leak. "We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords."

 

Google recommends two-step verification anytime a Gmail user logs into an account from a new device or IP address. Users should also regularly change passwords and ensure they are using different passwords for their online bank accounts, email, and social networking websites.

Home Depot cyberattack different than the one that plagued Target

Home Depot was recently compromised in a cyberattack that could number more victims than Target's data breach last year, but security experts warn different types of attacks were used. Home Depot was hit by FrameworkPOS, a clever piece of malware that stole data from store registers while being masked as anti-virus software.

 

TweakTown image news/4/0/40141_01_home_depot_cyberattack_different_than_the_one_that_plagued_target.jpg

 

Also, the Home Depot malware had lines of code that mentioned U.S. influence in Libya and growing support for the Ukrainian government against a growing regional conflict. It seems likely that Russian hackers were responsible for stealing the data for two purposes: to generate revenue from the stolen data, and to send a political message to the United States.

 

"The development of a new piece of malware is not something you take lightly - this required some engineering," said Dan Guido, Trail of Bits information security company CEO. "It's probably not the same group that (hit) Target."

Continue reading 'Home Depot cyberattack different than the one that plagued Target' (full post)

Study says there are at least 15 million mobile devices with malware

There are now more than 15 million smartphones running with some type of malware, and security threats continue to emerge, according to Kindsight Security Labs, an Alcatel-Lucent company. At least sixty percent of infected phones are running Google Android, with around 40 percent of Microsoft Windows PCs accessing mobile networks making up the rest of the reported threats.

 

TweakTown image news/4/0/40127_01_study_says_there_are_at_least_15_million_mobile_devices_with_malware.jpg

 

Four out of the 10 top threats facing smartphone owners is now spyware, with criminals able to monitor phone calls, text and photo images, GPS location, and Internet browsing history. However, most Android malware isn't overly sophisticated and cybercriminals are adjusting how to develop their attacks for smartphones and other mobile devices.

 

Even though Android and PCs running Windows make up most infected devices spotted by Kindsight Security Labs, criminals have shown greater interest in trying to compromise Apple iPhone devices. Security experts recommend users run anti-virus and anti-malware software on their phones, which offers an additional layer of protection.

Salesforce warns customers of CRM-stealing malware targeting users

Salesforce, a company specializing in enterprise CRM, warned that its customers are being targeted with the Dyreza malware designed to steal data and credentials. Specifically, Dyreza was known to target financial institutions, and aims for larger companies. Salesforce was careful to ensure its customers that this isn't a security vulnerability within its platform.

 

TweakTown image news/4/0/40116_01_salesforce_warns_customers_of_crm_stealing_malware_targeting_users.jpg

 

"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," Salesforce said in a statement. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."

 

To counter this threat, Salesforce urged customers to deploy IP range restrictions from corporate networks and VPNs only - along with using two-factor authentication to ensure only approved users are accessing CRM databases. As more information is stored - and accessible - in the cloud, security concerns such as this incident can make it even more difficult for businesses to keep data secure.

U.S. Army reportedly preparing cyber branch to help counter threats

The U.S. Army has steadily improved its Army Cyber Command abilities, and needs to double the amount of cyber-related positions in the next two years. Each cyber team is about the same size of a traditional platoon, with combat missions slightly larger. The teams consist of enlisted soldiers, NCOs, warrant officers, officers and Army civilian employees.

 

TweakTown image news/4/0/40108_01_u_s_army_reportedly_preparing_cyber_branch_to_help_counter_threats.jpg

 

"These soldiers are so unique, and they're so skilled and they're so few," said Command Sgt. Major. Rodney Harris, Army Cyber Command, recently noted. "The chief of staff of the Army has asked us to focus hard on what we're doing for talent management..."

 

It's difficult to accurately determine what foreign militaries are doing to staff their cyber-related positions - but with select countries using their military to help launch cyberattacks - this is a major initiative for the U.S. military. As weapon systems are increasingly connected to systems that open up the possibility of cyberattacks, the military's cyber teams will be responsible for ensuring they aren't accessed by foreign enemies.

Cybercriminals stealing Apple ID credentials from users via phishing

Following all of the attention Apple's iCloud service has received since a 4chan member posted stolen nude photos of celebrities, cybercriminals are now launching another wave of Apple ID phishing attacks. Apple has improved iCloud security, along with allowing users to see when their accounts have been accessed, but customers will have to stay on their toes to avoid being phished.

 

TweakTown image news/4/0/40104_01_cybercriminals_stealing_apple_id_credentials_from_users_via_phishing.jpg

 

The criminals behind this phishing attack currently operate the Kelihos/Waledac botnet, as they expand their digital activities. The phishing email mimics an Apple website which users access by clicking a fraudulent email - and once the username and password has been submitted, the data is likely harvested.

 

"It is possible that the timing of the [phishing] campaign is not a coincidence and the controllers of the botnet are attempting to exploit public fears about the security of Apple IDs to lure people into surrendering their credentials," Symantec researchers recently noted.

Official: HealthCare.gov website hacked, but no data theft reported

The HealthCare.gov website was hacked by cybercriminals, but no data was taken, according to the Obama Administration when it informed Congress. The incident was simply described as "an intrusion on a test server" related to HealthCare.gov. The security breach took place in July and wasn't discovered until late August.

 

TweakTown image news/4/0/40070_01_official_healthcare_gov_website_hacked_but_no_data_theft_reported.jpg

 

It seems the test server was using a default password that was never changed - and shouldn't have been connected to the Internet in the first place. To make matters even worse, regularly scheduled security scans never occurred as they should have by administrators. The Department of Homeland Security (DHS) and other federal investigators are now trying to determine who is responsible.

 

"Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency and the website was not specifically targeted," said Aaron Albright, Centers for Medicare and Medicaid Services spokesperson. "We have taken measures to further strengthen security."

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases