TweakTown
Tech content trusted by users in North America and around the world
5,919 Reviews & Articles | 38,139 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 7

Dailymotion hit by attack, leaving video viewers vulnerable

The popular video website Dailymotion was compromised by cybercriminals able to inject malicious code, redirecting visitors and secretly installing malware. The iframe first appeared on June 28 and installed the Sweet Orange Exploit Kit, targeting Oracle Java, Microsoft Internet Explorer and the Adobe Flash Player.

 

TweakTown image news/3/8/38896_01_dailymotion_hit_by_attack_leaving_video_viewers_vulnerable.jpg

 

It seems only a small number of users were compromised, and Dailymotion quickly restored videos and ensured they were safe again.

 

"If the kit successfully exploited any of these vulnerabilities, then Trojan.Adclicker was downloaded onto the victim's computer," according to Symantec researchers. "This malware forces the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers."

Continue reading 'Dailymotion hit by attack, leaving video viewers vulnerable' (full post)

iPhone 6 may get location sensitive security features

Most of us understand that one of the ways to keep people who aren't authorized to get into your iPhone out is by using a password. The problem for many is that unlocking the screen of your device with a password can be a nuisance. Apple is tipped to be working on a new feature for the iPhone 6 that will make password security easier to live with.

 

TweakTown image news/3/8/38899_3_iphone_6_may_get_location_sensitive_security_features.jpg

 

According to rumors floating around the web, the iPhone 6 will get automatic unlocking. Apple has filed a patent application that outlines ways that the next iPhone might get automatic unlocking. The app outlines a method where the iPhone will only deploy password locks when it is used on an unknown network.

 

That would mean if you try to use your iPhone at home, no password would be needed, but if you try to use it on a network at the local coffee shop, it would ask for a password. The patent app is titled "Location-Sensitive Security Levels and Setting Profiles Based on Detected Location." As with all patent apps, there is no guarantee that this tech will ever be used.

Stanford Federal Credit Union accidentally leaks data on 18,000

The Stanford Federal Credit Union contacted around 18,000 of its customers, informing them their personal information was accidentally included in an email to another bank customer. The personal information sent includes customer names, mailing addresses, member numbers, credit information, loan offers, and tax identification numbers.

 

TweakTown image news/3/8/38889_02_stanford_federal_credit_union_accidentally_leaks_data_on_18_000.jpg

 

The incident took place on April 30 and the bank began informing customers in early June. The employees quickly discovered the mistake and data was reportedly destroyed before the customer opened the email.

 

"While we are confident this information was never seen by unauthorized individuals and you are not at risk, we feel it is important to communicate with our members in any situation involving their information or accounts," said Joan Opp, Stanford Federal Credit Union CEO, in a statement. "I also want to emphasize that our electronic systems were in no way compromised and your accounts remain secure."

Continue reading 'Stanford Federal Credit Union accidentally leaks data on 18,000' (full post)

Around 140 ISPs disconnect persistent Internet pirates in US

Anti-piracy firm Rightscorp says more than 140 Internet service providers (ISPs) in the United States are disconnecting repeat copyright offenders. Most ISPs send notices to repeat copyright offenders, telling them that protected content, such as music, movies, and other content are being shared.

 

TweakTown image news/3/8/38886_01_around_140_isps_disconnect_persistent_internet_pirates_in_us.jpg

 

However, Rightscorp tracks what users are downloading and sharing on BitTorrent, then approaches user ISPs - and most fines are about $20 per shared file. Repeat offenders, however, need swifter punishment according to copyright holders, which is why Rightscorp is speaking with so many U.S. ISPs. It remains difficult to identify how many times a person must be caught sharing files to be considered a "repeat infringer," with companies such as AT&T refusing to unplug users unless a court order is issued.

 

"We push ISPs to suspend accounts of repeat copyright infringers and we currently have over 140 ISPs that are participating in our program, including suspending the accounts of repeat infringers," said Christopher Sabec, Rightscorp CEO, when speaking about the current state of copyright infringement.

In May, spammers found success sending education-related emails

May spam email traffic averaged 69.8 percent, a 1.3 percent drop from April, but security experts continue to tell Internet users to be weary of sometimes rather clever spam. There was a large amount of mass mailings for schools and universities, along with "offers" for student loan repayment plans also popular phishing techniques.

 

TweakTown image news/3/8/38880_01_in_may_spammers_found_success_sending_education_related_emails.jpg

 

Email search sites were the most popular targets (32.2 percent) ahead of social media websites (23.9 percent), and financial and payment organizations were in the No. 3 spot (12.8 percent). Spammers rely on unsuspecting and gullible Internet users to click compromising links that install malware - or otherwise steal credentials.

 

"Spammers are constantly thinking up new tricks or turning to old favorites to catch out their victims," said Tatyana Shcherbakova, Kaspersky Lab Senior Spam Analyst, in a statement. "It's not just about advertising: this month we came across a number of mass mailings imitating official notifications from various services and companies. The attachments in these emails contained malware from the Andromeda family. This family consist of backdoors that allow attackers to silently control infected computers, which often become part of a botnet."

Pew: Government interference on Internet is a great threat to users

The rise of hackers and cybercrime are problematic, but national governments maintaining security and political control on the Internet will remain the biggest threat. Specifically, there will be a rise in blocking, filtering, segmentation and balkanization of the Internet, according to a study published by the Pew Research group.

 

TweakTown image news/3/8/38871_01_pew_government_interference_on_internet_is_a_great_threat_to_users.jpg

 

Thirty-five percent of those surveyed said they expected significant changes "for the worse" in regards to accessing and sharing online content by 20125 - a troubling concern as more people begin to access the Internet.

 

"Governments worldwide are looking for more power over the Net, especially within their own countries," said Dave Burstein, Fast Net News editor, in a statement. "Britain, for example, has just determined the ISPs block sites the government considers 'terrorist' or otherwise dangerous. There will usually be ways to circumvent the obstruction but most people won't bother."

Continue reading 'Pew: Government interference on Internet is a great threat to users' (full post)

New bank malware kicks in to steal banking login data only

Banks and financial institutions must work through a new generation of malware designed to lurk on Web browsers and only collects data when users access a banking website. Similar to other methods, it all starts with clever social engineering used to compromise victims, which leads to the malware being secretly installed.

 

TweakTown image news/3/8/38855_01_new_bank_malware_kicks_in_to_steal_banking_login_data_only.jpg

 

The new tactic has led to at least 400 cases, with banking users often unaware of many threats that face them. At the very least, security experts recommend customers never click links in emails that look like something from their bank - but even if users go directly to the bank website, that's when the malware causes mayhem.

 

"It's going to have graphics and terminology that would make you believe, hey, that sounds pretty legitimate," said JD Sherry, Trend Micro VP of technology and solutions, in a statement. "Once you click on that, you don't have intelligence to basically say that's a bad link. The device is going to download that particular malware."

Hacker mercenaries targeting governments and drug dealers with attacks

The 'MiniDuke' hacker group are targeting governments and drug dealers, likely serving as cyber mercenaries working for a paid backer, using malware to compromise users. It's not uncommon to hear government departments, the private sector and public infrastructure being targeted, but focusing on drug dealers seems to be a newer twist.

 

TweakTown image news/3/8/38853_01_hacker_mercenaries_targeting_governments_and_drug_dealers_with_attacks.jpg

 

A total of 23 countries were affected by MiniDuke, with an aim of plucking data and credential information - and the malware is evolving to now include commercial code, as it appears a subdivision could receive funds from law enforcement or rival criminal groups trying to steal drug-related information.

 

"They are more like underground cybercriminals than a typical nation state," said a Kaspersky Lab researcher. "This is what makes them stand out. They were collecting everything like emails, names, nicknames and handles."

Hacker accused of targeting Zendesk arrested and faces charges

Massachusetts resident Cameron Lacroix, 25, has been charged with attacking tech support company Zendesk, allegedly accessing the company's website in February 2013. Once he gained access, Lacroix reportedly disabled security features so he could view company customer information, U.S. Attorney Melinda Haag said.

 

TweakTown image news/3/8/38851_01_hacker_accused_of_targeting_zendesk_arrested_and_faces_charges.jpg

 

Lacroix defaced Twitter feeds for two unidentified companies, after being able to export one million Twitter tech support tickets from Zendesk. If convicted, he faces up to 10 years along with a fine up to $250,000, plus restitution - with Zendesk and Twitter both suffering losses totaling more than $200,000. He also faces a separate federal charge for an unrelated crime.

 

The federal government has stepped up arrests against suspected hackers, but struggle to prevent the cyberattacks before they happen. However, prosecutors hope to send a message to hackers that they will be targeted and face prison time if convicted of cyber-related crimes.

Akamai: DDoS traffic down, while China still launches most attacks

Following a study of cyberattacks in Q1 2014, it looks like distributed denial-of-service (DDoS) attacks actually dropped, while China remains the country with the largest amount of source attack traffic, the Akamai "State of The Internet Report" indicates. It's a welcome trend considering half of companies last year suffered at least one DDoS attack, with many companies unable to effectively defend against the attacks.

 

TweakTown image news/3/8/38850_01_akamai_ddos_traffic_down_while_china_still_launches_most_attacks.jpg

 

"This decrease accounted for the majority of the difference in attacks compared to previous quarters and might have had a more significant impact on the overall number of attacks if not for an increase in the number of attacks against public sector targets," said Martin McKeay, Akamai senior security advocate, in an interview with SC Magazine.

 

DDoS attacks remain an affordable, effective tool for cyberattackers trying to disrupt operations of companies and government networks. Almost 60 percent of companies note that DDoS attacks are near the top of the list among security threats, so defense strategy will continue to focus on how to defend against them.

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases