TweakTown NewsRefine News by Category:
The popular video website Dailymotion was compromised by cybercriminals able to inject malicious code, redirecting visitors and secretly installing malware. The iframe first appeared on June 28 and installed the Sweet Orange Exploit Kit, targeting Oracle Java, Microsoft Internet Explorer and the Adobe Flash Player.
It seems only a small number of users were compromised, and Dailymotion quickly restored videos and ensured they were safe again.
"If the kit successfully exploited any of these vulnerabilities, then Trojan.Adclicker was downloaded onto the victim's computer," according to Symantec researchers. "This malware forces the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers."
Most of us understand that one of the ways to keep people who aren't authorized to get into your iPhone out is by using a password. The problem for many is that unlocking the screen of your device with a password can be a nuisance. Apple is tipped to be working on a new feature for the iPhone 6 that will make password security easier to live with.
According to rumors floating around the web, the iPhone 6 will get automatic unlocking. Apple has filed a patent application that outlines ways that the next iPhone might get automatic unlocking. The app outlines a method where the iPhone will only deploy password locks when it is used on an unknown network.
That would mean if you try to use your iPhone at home, no password would be needed, but if you try to use it on a network at the local coffee shop, it would ask for a password. The patent app is titled "Location-Sensitive Security Levels and Setting Profiles Based on Detected Location." As with all patent apps, there is no guarantee that this tech will ever be used.
The Stanford Federal Credit Union contacted around 18,000 of its customers, informing them their personal information was accidentally included in an email to another bank customer. The personal information sent includes customer names, mailing addresses, member numbers, credit information, loan offers, and tax identification numbers.
The incident took place on April 30 and the bank began informing customers in early June. The employees quickly discovered the mistake and data was reportedly destroyed before the customer opened the email.
"While we are confident this information was never seen by unauthorized individuals and you are not at risk, we feel it is important to communicate with our members in any situation involving their information or accounts," said Joan Opp, Stanford Federal Credit Union CEO, in a statement. "I also want to emphasize that our electronic systems were in no way compromised and your accounts remain secure."
Anti-piracy firm Rightscorp says more than 140 Internet service providers (ISPs) in the United States are disconnecting repeat copyright offenders. Most ISPs send notices to repeat copyright offenders, telling them that protected content, such as music, movies, and other content are being shared.
However, Rightscorp tracks what users are downloading and sharing on BitTorrent, then approaches user ISPs - and most fines are about $20 per shared file. Repeat offenders, however, need swifter punishment according to copyright holders, which is why Rightscorp is speaking with so many U.S. ISPs. It remains difficult to identify how many times a person must be caught sharing files to be considered a "repeat infringer," with companies such as AT&T refusing to unplug users unless a court order is issued.
"We push ISPs to suspend accounts of repeat copyright infringers and we currently have over 140 ISPs that are participating in our program, including suspending the accounts of repeat infringers," said Christopher Sabec, Rightscorp CEO, when speaking about the current state of copyright infringement.
May spam email traffic averaged 69.8 percent, a 1.3 percent drop from April, but security experts continue to tell Internet users to be weary of sometimes rather clever spam. There was a large amount of mass mailings for schools and universities, along with "offers" for student loan repayment plans also popular phishing techniques.
Email search sites were the most popular targets (32.2 percent) ahead of social media websites (23.9 percent), and financial and payment organizations were in the No. 3 spot (12.8 percent). Spammers rely on unsuspecting and gullible Internet users to click compromising links that install malware - or otherwise steal credentials.
"Spammers are constantly thinking up new tricks or turning to old favorites to catch out their victims," said Tatyana Shcherbakova, Kaspersky Lab Senior Spam Analyst, in a statement. "It's not just about advertising: this month we came across a number of mass mailings imitating official notifications from various services and companies. The attachments in these emails contained malware from the Andromeda family. This family consist of backdoors that allow attackers to silently control infected computers, which often become part of a botnet."
The rise of hackers and cybercrime are problematic, but national governments maintaining security and political control on the Internet will remain the biggest threat. Specifically, there will be a rise in blocking, filtering, segmentation and balkanization of the Internet, according to a study published by the Pew Research group.
Thirty-five percent of those surveyed said they expected significant changes "for the worse" in regards to accessing and sharing online content by 20125 - a troubling concern as more people begin to access the Internet.
"Governments worldwide are looking for more power over the Net, especially within their own countries," said Dave Burstein, Fast Net News editor, in a statement. "Britain, for example, has just determined the ISPs block sites the government considers 'terrorist' or otherwise dangerous. There will usually be ways to circumvent the obstruction but most people won't bother."
Banks and financial institutions must work through a new generation of malware designed to lurk on Web browsers and only collects data when users access a banking website. Similar to other methods, it all starts with clever social engineering used to compromise victims, which leads to the malware being secretly installed.
The new tactic has led to at least 400 cases, with banking users often unaware of many threats that face them. At the very least, security experts recommend customers never click links in emails that look like something from their bank - but even if users go directly to the bank website, that's when the malware causes mayhem.
"It's going to have graphics and terminology that would make you believe, hey, that sounds pretty legitimate," said JD Sherry, Trend Micro VP of technology and solutions, in a statement. "Once you click on that, you don't have intelligence to basically say that's a bad link. The device is going to download that particular malware."
The 'MiniDuke' hacker group are targeting governments and drug dealers, likely serving as cyber mercenaries working for a paid backer, using malware to compromise users. It's not uncommon to hear government departments, the private sector and public infrastructure being targeted, but focusing on drug dealers seems to be a newer twist.
A total of 23 countries were affected by MiniDuke, with an aim of plucking data and credential information - and the malware is evolving to now include commercial code, as it appears a subdivision could receive funds from law enforcement or rival criminal groups trying to steal drug-related information.
"They are more like underground cybercriminals than a typical nation state," said a Kaspersky Lab researcher. "This is what makes them stand out. They were collecting everything like emails, names, nicknames and handles."
Massachusetts resident Cameron Lacroix, 25, has been charged with attacking tech support company Zendesk, allegedly accessing the company's website in February 2013. Once he gained access, Lacroix reportedly disabled security features so he could view company customer information, U.S. Attorney Melinda Haag said.
Lacroix defaced Twitter feeds for two unidentified companies, after being able to export one million Twitter tech support tickets from Zendesk. If convicted, he faces up to 10 years along with a fine up to $250,000, plus restitution - with Zendesk and Twitter both suffering losses totaling more than $200,000. He also faces a separate federal charge for an unrelated crime.
The federal government has stepped up arrests against suspected hackers, but struggle to prevent the cyberattacks before they happen. However, prosecutors hope to send a message to hackers that they will be targeted and face prison time if convicted of cyber-related crimes.
Following a study of cyberattacks in Q1 2014, it looks like distributed denial-of-service (DDoS) attacks actually dropped, while China remains the country with the largest amount of source attack traffic, the Akamai "State of The Internet Report" indicates. It's a welcome trend considering half of companies last year suffered at least one DDoS attack, with many companies unable to effectively defend against the attacks.
"This decrease accounted for the majority of the difference in attacks compared to previous quarters and might have had a more significant impact on the overall number of attacks if not for an increase in the number of attacks against public sector targets," said Martin McKeay, Akamai senior security advocate, in an interview with SC Magazine.
DDoS attacks remain an affordable, effective tool for cyberattackers trying to disrupt operations of companies and government networks. Almost 60 percent of companies note that DDoS attacks are near the top of the list among security threats, so defense strategy will continue to focus on how to defend against them.