TweakTown NewsRefine News by Category:
The use of social engineering, typically leading to phishing attacks, remains a major threat against enterprise networks, according to the McAfee Labs Threats Report: August 2014. Using its own McAfee Phishing Quiz, 80 percent of participants were unable to identify at least one of seven phishing emails - and the human resources and finance departments scored poorly.
Stolen data from compromised websites, especially following Heartbleed, shows how vulnerable unpatched websites can be - only serving as a treasure trove for cybercriminals. In addition, there were a number of new malware attacks and network threats that companies struggle to defend against.
"One of the great challenges we face today is upgrading the Internet's core technologies to better suit the volume and sensitivity of traffic it now bears," said Vincent Weafer, McAfee Labs SVP. "Every aspect of the trust chain has been broken in the last few years - from passwords to OpenSSL public key encryption and most recently USB security."
Goodwill issued a public update regarding a data breach that was uncovered in late July, with no evidence of malware on retail store point-of-sale (POS) systems. However, a third-party vendor was affected and that opened the door to customer names, payment card numbers, and expiration dates to be accessed by cybercriminals.
The forensics investigation said the malware attack took place between February 10, 2013 to August 14, 2014 - and there appears to be very little fraudulent activity noticed by customers.
"We continue to take this matter very seriously," said Jim Gibbons, Goodwill CEO and president, in a public statement. " We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future."
The celebrity photo scandal that took the Internet by storm over the weekend likely was caused by computer forensics technology used by the police. Using the Elcomsoft Phone Password Breaker (EPPB) software, designed for police and government agencies, people who purchase the software can snag photos from iCloud backups.
Instead of using iBrute to steal a user's iCloud login and password, using EPPB allows criminals to download an iPhone or iPad backup into a single folder - in addition to photos and videos, they can access application data, text messages, contacts, and other data. Apple released a carefully worded statement that said its iCloud and Find My Phone services were not hit by a data breach.
The use of Elcomsoft's software, along with Oxygen, Cellebrite and other similar programs have given cybercriminals the ability to compromise users in an easier, streamlined manner. EPPB is available for $399 - and doesn't require any government or police credentials - and can also be found on piracy websites.
Apple says that hackers did not breach its iCloud and Find My Phone services to steal nude photographs of celebrities, including Jennifer Lawrence, Kate Upton, Kaley Cuoco, and others. It might be a clever spin, as Apple didn't necessarily deny that the images originated from iCloud or the Find My iPhone apps.
It's possible the images were taken from iCloud backups instead of iCloud photos, though some of the images came from non-Apple smartphones.
"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud," Apple said in a recently released statement. "We are continuing to work with law enforcement to help identify the criminals involved."
Home Depot is now working with banks and law enforcement to investigate a data breach that led cybercriminals to steal customer payment information, including debit and credit card data. The Home Depot breach could have started in April or May, and reportedly affected a large number of customers. The data made its way to an underground forum and was called "American Sanctions," reportedly in response to further U.S. and European sanctions against Russia.
"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," said Paula Drake, Home Depot spokesperson.
Consumers are urged to use cash or credit card payments in retail stores - debit card payments can be risky, forcing shoppers to closely track their bank statements. Hackers taking a political stance, trying to retaliate against the U.S. for further sanctions in a tense situation between Russia and the Ukraine, adds another layer of chaos to data breaches.
The FBI is now investigating the celebrity hacker that posted numerous photos of celebrities on the Internet over the weekend. Many of the images, originally posted on 4chan and later shared on Reddit, Twitter and Imgur, featured celebrities such as Jennifer Lawrence, Kate Upton, Jenny McCarthy, and Mary Winstead.
Here is what the FBI noted: "The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter," said Laura Eimiller, FBI spokesperson, in a statement. "Any further comment would be inappropriate at this time."
Apple also is investigating the incident, as many of the images were reportedly stored online using its iCloud service.
The National Oceanic and Atmospheric Administration (NOAA) is being pressured by the U.S. Department of Commerce Office of Inspector General to fix several vulnerabilities currently found in the Joint Polar Satellite System (JPSS). There are at least a few different high-risk vulnerabilities found in the JPSS ground stations that could be exploited by clever cyberattacks.
Some of the issues would only require software updates or new security patches, but the NOAA is taking 11 to 14 months in some cases to fix the problems - the JPSS system requirements have 30 days to fix security problems, with the inspector general saying it shouldn't take more than three months to resolve problems.
"The remediation of high-risk vulnerabilities is critical to the continued success of the JPSS mission and should have a high priority," according to the report. "The more high-risk vulnerabilities that exist in the system, the higher the probability is that an attacker could compromise it. This could lead to a disruption of NOAA's ability to command and control the Suomi NPP satellite and to provide data that is used in numerical weather models that support weather predictions and climate monitoring."
A recent string of cyberattacks targeting U.S. financial institutions is now being investigated by the FBI and Secret Service. Foreign hackers continually attack western banks and corporations, with JPMorgan Chase and at least four unnamed banks targeted. It remains unknown whether this was simple theft or if it was used to help aid a cyberespionage campaign targeting U.S. banks and their customers.
Despite having increased cybersecurity to defend against attacks, banks struggle to detect - and shut down - sophisticated, coordinated attacks. Stolen data includes bank customer information, along with checking and savings account numbers from the cyber breach, with digital forensics now being studied. Phishing emails were sent, hosted on a Moscow-based server, and tricked users into turning over their personal information while also installing malware to further torment victims.
"We are working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," said Joshua Campbell, FBI spokesperson, in a statement.
The Lizard Squad hacker group launched cyberattacks against Sony PlayStation Network, Battle.net, League of Legends and Microsoft Xbox Live over the weekend, and now has focused on attacking Twitch. The attack was halted after several high-profile Twitch users wrote "Lizard Squad" on their foreheads yesterday. Some critics say the hackers are working on borrowed time, as it seems like only a matter of time before they are caught for their antics.
The FBI became interested when John Smedley, Sony Online Entertainment president, was targeted by Lizard Squad tweeting a bomb hoax to American Airlines. The high-profile attacks against Sony, Microsoft and other companies would have drawn federal interest, but a fake bomb report should only expedite the FBI's investigation.
Reading through tweets on the Lizard Squad page reveals sometimes entertaining - and rather obnoxious tweets - including mentions of the Islamic State of Iraq and the Levant (ISIS) terrorist group fighting in Syria and Iraq.
Swann Security unveiled the Digital Wireless Security System, a camera and monitor utilizing motion triggered recording, designed to be a plug and play wireless surveillance system. The $249.99 system is available at HH Greg, B&H, Meijer and Petra.
The camera is 720p and can record video up to 165 feet away, able to record during daytime or nighttime using 20 infrared LEDs. The system can record audio up to 16 feet away, with owners able to receive updates to smartphones or tablets if the motion sensors are triggered.
"We continuously listen to user feedback, developing new products based on our customers' needs," said Jeremy Steweart, Swann Global Marketing VP, in a press statement. "More and more, consumers want to manage their own home security, whether it's setting up their own security systems or monitoring them remotely. The Swann Digital Wireless Security System provides these advantages while also enhancing technology, resulting in a truly exceptional product."