TweakTown NewsRefine News by Category:
The founder of the SpyEye malware, Aleksandr Andreevich Panin, recently pleaded guilty to federal conspiracy and bank fraud charges. The Russian citizen was extradited to the United States early last year, and will be sentenced on April 29, where he will almost certainly receive a prison sentence.
SpyEye was reportedly created in 2009 and remotely infected PCs so cyber criminals could access personal information, including bank accounts, usernames and passwords. Panin sold licenses to the software from $1,000 up to $8,500, with more than 150 global clients using the malware to steal information.
"As several recent and widely reported data breaches have shown, cyber attacks pose a critical threat to our nation's economic security," said Sally Yates, U.S. Attorney of the Northern District of Georgia, in a statement. "Today's plea is a great leap forward in our campaign against those attacks."
Developing malware and other malicious software for profit has become big business for savvy cyber criminals, and will continue to be a lucrative underground business.
A new proof-of-concept malware targeting touchscreen devices shows a potential security threat in which user finger swipes could be used to see exactly how consumers interact with their devices, according to security firm Trustwave.
Specifically, the malware is able to log the X and Y coordinates of touch swipes on a device, along with capturing screenshots to help record touch coordinates. The proof-of-concept also allows the cyber criminal to only capture screenshots when a user enters a specific app, and a full demonstration and disclosure will be made at the RSA security conference next month.
"The more interesting thing is, if you get a screenshot and then overlay the touch events, you're looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen," according to Neal Hindocha, Trustwave senior security consultant.
It seems if this security threat hit the wild, it would be used against specific targeted users and companies, and won't end up becoming a widespread threat to the average smartphone or tablet user.
Edward Snowden, the former National Security Agency (NSA) IT contractor now hiding in Russia, is worried about the U.S. government trying to retaliate against him. Following his initial revelations starting last May, a number of rather shady NSA-related spying tactics have popped up, including efforts to snoop on foreign citizens and government leaders.
"There are clear threats, but I'm not losing any sleep over them," Snowden recently told foreign journalists.
If Snowden remains under the protection of the Russian government, it seems less likely the U.S. government would try to launch a covert operation to silence him. However, if he ends up seeking amnesty in a Central or South American nation, personal security must be a significant concern to the U.S. citizen.
Meanwhile, Russia isn't in a big hurry to try and send Snowden out of the country, with officials noting he's welcome to stay as long as he feels comfortable. The 30-year-old also said he wouldn't receive a fair trial in the U.S., and his lawyer wants a guarantee of amnesty before he tries to head home again.
The National Security Agency (NSA) and British spies use popular mobile games such as Angry Birds to covertly collect information on player location, age, sex and additional personal details, recent documents indicate.
The NSA and the Government Communications Headquarters (GCHW) also accessed address books, phone logs, and embedded geographic information during their joint efforts.
As more personal information is posted and shared online, with users accessing the Internet from PCs, laptops, smartphones, tablets, and a variety of other devices - this is a significant problem that will plague users in the future - because the NSA and other spy agencies aren't going to suddenly stop their invasive activities.
Following months of continued public backlash, President Obama said NSA reform will take place, though critics still don't believe it's enough.
Arts and crafts store Michaels is the latest to suffer a data breach, with the Secret Service now lending a hand in the follow-up investigation, the store confirmed over the weekend. Suspected cyber criminals have stolen credit and debit card numbers, immediately sharing news of the breach once it was confirmed.
At least four financial institutions have identified fraudulent activity for card holders after recently shopping at Michaels.
"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," said Chuck Rubin, Michaels CEO, in a statement. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges."
There are a growing number of companies working their way through significant data breaches, which open up customers to possible credit fraud. High-end boutique retailer Neiman Marcus confirmed a data breach impacting 1.1 million customers, while Target is still dealing with fallout from a data breach affecting more than 70 million shoppers. The FBI noted that these type of attacks targeting brick and mortar retail stores will likely only increase in the future, so shoppers need to be vigilant in monitoring bank account statements.
An organized denial-of-service attack recently targeted the U.S. federal court system, temporarily stopping access to government websites, according to media reports. Specifically targeting uscourts.gov and other federal court websites, lawmakers were unable to access and upload legal documents, according to someone in the Administrative Office of the U.S. Courts.
The U.S. Justice Department and Department of Homeland Security didn't confirm the cyber attack, though U.S. government agencies are under continued attacks. The U.S. federal court, which handles its own cyber security, didn't disclose where the cyber attacks originated from. Additional details of the brief cyber attack remain unknown, in yet another incident that disrupts U.S. activity.
There is growing concern, especially from foreign-based cyber threats, as the U.S. infrastructure is increasingly targeted.
Former National Security Agency (NSA) IT contractor Edward Snowden could be able to stay in Russia for more than one year, as the Russian government said they don't plan to send him packing.
Snowden, currently in Russia on a temporary one-year asylum, has offers from Brazil and several Central American countries interested in taking him in - but Alexy Pushkov, the Russian Foreign Affairs Committee legislator, noted that Snowden could stay longer. The 30-year-old American is now free to stay in Russia, working for private Russian companies, until he is ready to return back to the U.S.
During a recent online chat, Snowden said he would like to one day return to the United States, but that cannot happen unless he's granted protection under the federal Whistleblower Protection Act - which doesn't apply to former government contractors. Meanwhile, Snowden continues to claim he didn't carry out actions for Russia or any other foreign government, though some U.S. lawmakers still aren't so sure about that.
After a handful of high-profile malware attacks targeting retail point-of-sale, the FBI identified around 20 similar hacking cases over the past 12 months.
Dubbed the "Recent Cyber Intrusion Events Directed Towards Retail Firms," which was dated January 17, and is a shocking wake up call for retailers, credit card and banking executives trying to protect consumers.
"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," the FBI noted in a recent report. "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors."
Target continues to combat a public relations nightmare after 70+ million customers were affected, while Neiman Marcus also is battling a recent data breach that has led to fraudulent credit and debit card charges.
High-end boutique retailer Neiman Marcus confirmed up to 1.1 million credit cards were affected during a security data breach that was disclosed over the 2013 holiday shopping season. Starting in mid-July to late October last year, malware collected credit card and debit card information, with 2,400 cards reportedly used for fraudulent purchases.
Customer Social Security numbers, debit card PIN numbers and birth dates weren't disclosed, and online shoppers haven't been affected.
"The malware the thieves deployed is more sophisticated and an unusual and a new way of gathering data," said David Robertson, The Nilson Report publisher, when speaking with the media. "In the history of the fight between hackers and retailers and anyone who holds payment data, the attack has occurred at the data center. That's where the largest number of accounts are. That's where the attack occurred because that's the biggest payoff."
Retailers already must deal with a number of different online threats, but malware and security risks facing brick and mortar retailers is a newer issue.
Media giant CNN was recently attacked by the Syrian Electronic Army hacker group, with several social media accounts and one live blog targeted. The official CNN Twitter and Facebook accounts were temporarily defaced before CNN was able to regain control within a few minutes.
The CNN Twitter feed featured the following tweet, for example: "Syrian Electronic Army Was Here... Stop Lying.... All your reports are fake!"
CNN was reportedly targeted for reportedly "viciously lying reporting aimed at prolonging the suffering in Syria," according to the group.
The Syrian Electronic Army recently targeted Microsoft's social media accounts, and continues to take aim at high-profile targets. Even if the compromised company is able to reset passwords and delete fraudulent postings, screenshots are quickly shared. The SEA also has hit The New York Times, Associated Press, BBC, Al Jazeera, The Guardian, and other major global news publications during its campaign.