TweakTown NewsRefine News by Category:
Millions of smartphones and mobile devices are vulnerable due to mobile app developers being lackadaisical issuing patches and security updates, according to a report from McAfee Labs.
Last year, it was discovered that at least 20,000 mobile apps have an easily exploitable SSL vulnerability, according to the Carnegie Mellon University computer emergency response team. McAfee tested the 25 most popular apps listed by Carnegie Mellon, and found that "poor programming practices" were prevalent - putting app users at risk.
"A lot of the discussion right now is about the value of data on your device, in this case your cellphone," said Gary Davis, McAfee spokesman, in a statement published by CBC. "Addresses, dates of birth, these are all data elements you'd need to in essence steal somebody's identity, or perhaps conduct insurance fraud, and it's all being made available through different applications."
The FBI wants to get its hands on Evgeniy Mikhailovich Bogachev, and has offered a $3 million bounty for the arrest or conviction of the suspected cybercriminal. Bogachev already is featured on the Cyber's Most Wanted list, and is suspected to be in Russia.
Bogachev allegedly was the administrator of the GameOver Zeus network, starting in 2011, with up to 1 million computers across the world infected - and more than $100 million was reportedly stolen. The Russian citizen was indicted by a federal grand jury in 2012 for conspiracy to violate the Computer Fraud and Abuse Act, aggravated identity theft and bank fraud. A later federal grand jury indicted him for wire fraud, computer fraud and money laundering.
Trying to identify and arrest suspected cybercriminals is extremely difficult, but the FBI has a select list of criminals they hope to arrest.
The FBI is aware of at least 60 cybercriminal groups with state-sponsored support, according to Joseph Demarest, senior bureau chief and head of the FBI cybercrime division.
Demarest also said the FBI was able to trace the Sony Pictures Entertainment hack was tied to North Korea within one month - showing that the unstable country has increasingly sophisticated cyberattack capabilities. State-sponsored cyberespionage is a booming business, with the FBI and other departments suspecting China, Russia, Iran, and other countries of relying on hackers.
In addition, the FBI announced a $3 million reward for the arrest or conviction of Evgeniy Bogachev, operator of GameOver Zeus. The bounty is the largest offered for a cybercriminal, and the Russian has been charged with computer hacking, conspiracy, wire fraud, bank fraud and money laundering - and faces a federal charge of bank fraud conspiracy.
Do you remember when 6.5 million LinkedIn user's passwords were leaked in 2012 by Russian hackers? We leaned that apparently some people log-in to their professional social media with passwords like 'swampass' and 'squirter'.
A class action lawsuit has seen this company brought to their knees, offering a massive $1 each to the 800,000 Premium Users who joined up the fight. Just in case you were wondering if this might have been a typing error or mistake, it's not - they're giving $1 of cold-hard US dollar to each of the 800,000 Premium Users in which joined this lawsuit.
A LinkedIn spokesperson said to the New York Times that the purpose of this move is "to avoid the distraction and expense of ongoing litigation," even though they deny that they are at fault for the breach.
If you're thinking that you've missed out on cashing in - think again. A LinkedIn Premium Account will set you back $30 per month and as Gizmodo reports the result of this lawsuit is basically one free day of use.
The National Security Agency (NSA) still has a fragile relationship with Silicon Valley companies, and both sides are trading shots at one another. In the most recent incident, a Yahoo executive challenged the NSA regarding its demand for encryption backdoors.
"If we're going to build defects, backdoors or golden master keys for the US government, do you believe we should do so for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government?" said Alex Stamos, CISO of Yahoo.
NSA Director Adm. Michael Rogers initially tried to deflect the question, and then offered the following answer: "I think that we're lying that this isn't technically feasible - now, it needs to be done within a framework. I'm the first to acknowledge that," Adm. Rogers said.
Companies nervous about their cybersecurity defenses are relying on white hat hackers to test systems and help identify security flaws. Offering a bounty allows additional skilled users outside of a company's software and IT team to help track down anything that may have unknowingly fallen through the cracks.
"We're curious, we want to test our skills, we want to help these companies," said Mike Santillana, white hat hacker for Bugcrowd, in a statement published by CBS News. "I've found several bugs where you can completely compromise another user's account."
Additional companies are paying security experts and programmers as part of increasingly lucrative bug bounty programs. These hackers enjoy the monetary incentive and the challenge of identifying security flaws that could pose problems for companies and their customers.
Medical identity theft increased 22 percent in 2014, causing 2.4 million adults in the United States to suffer from a complicated and costly mess, according to The Ponemon Institute. To make matters worse, it takes three months on average before someone realizes they've been victimized, with 30 percent of victims still unaware.
Just 10 percent of victims said they ended up with "completely satisfactory" resolution of a medical identity theft-related issue - 65 percent of victims report they were forced to pay, a whopping average of $13,453.
Since criminals have access to names, addresses, birth dates, Social Security numbers and account ID numbers, they are able to create fake identities. Sometimes, this leads to hospital and emergency room visits, pharmacy prescriptions, and other activities that rack up fraudulent charges.
Former NSA contractor Edward Snowden would have liked to come forward sooner regarding NSA surveillance, but had to wait until the appropriate time.
"I would have come forward sooner... [but] these programs would have been a little less entrenched, and those abusing them would have felt a little less familiar with and accustomed to the exercise of those powers," Snowden said during a Reddit "Ask Me Anything" session. "This is something we see in almost every sector of government, not just in the national security space, but it's very important. Once you grant the government some new power or authority, it becomes exponentially more difficult to roll it back."
Snowden knowingly sacrificed himself to help reveal NSA surveillance and spying activities, which has opened an international debate. In addition, Apple, Google and other companies are modifying their behaviors, including adding encryption and other technologies, to help keep user data more secure from outside snooping.
The National Security Agency (NSA) is under fire for claims it used sophisticated spyware loaded on hard drives for surveillance, with the head of the agency saying his agency complies with national law.
"Clearly I'm not going to get into the specifics of allegations," said US Navy Admiral Michael Rogers, refusing to speak out regarding NSA spyware accusations, while at the Washington forum. "But the point I would make is, we fully comply with the law."
The latest controversy stems from a Kaspersky Lab report that says the NSA embedded spyware on Western Digital, Toshiba and Seagate hard drives, giving them the ability to eavesdrop on users.
Distributed denial of service (DDoS) cyberattacks have plagued consumers and businesses for quite some time, but the rising number of DDoS attacks available as a paid service is troubling. Clients can pay from $2 up to $5 per hour to launch DDoS attacks, or pay a subscription for prices as low as $800 per month.
The Lizard Squad hacker group helped draw increased scrutiny to the underground cybercriminal activity - demonstrating its LizardStresser DDoS service in successful attacks against the Sony PlayStation Network and Microsoft Xbox Live. Meanwhile, the Gwapo DDoS service has been publicly advertised via social media and YouTube posted videos, with attacks starting at $2 per hour.
"Since their inception in 2010, DDoS-for-hire capabilities have advanced in success, services and popularity, but what's most unnerving is booters have been remarkably skilled at working under the radar," according to the "Distributed Denial of Service Trends" report from Verisign. "Given the ready availability o DDoS-as-a-service offerings and the increasing affordability of such services, organizations of all sizes and industries are at a greater risk than ever of falling victim to a DDoS attack that can cripple network availability and productivity."