TweakTown NewsRefine News by Category:
Researchers from the European Space Agency (ESA) have developed software that is now being used to help detect online bank fraud. Former ESA consultant Paulo Marques, founder of Feedzai, sought a need for a sophisticated solution for communications via the Internet.
Fraud detection demands large amounts of information to be analyzed in real-time, with thousands of banking transactions taking place per second. Unlike space technology, bank fraud software must be able to learn the behaviors of each individual and company - and the software has the ability to store information up to four years, helping create personal spending profiles.
In Portugal, every electronic purchase uses the sophisticated software, with Feedzai screening $229 billion worth of purchases and payments per year. An important task with cybercriminals targeting banks and financial instructions, with $11.4 billion lost in credit card fraud each year.
Verizon has lost a valuable business partner because the German government pulled the plug on its current contract, angry about the National Security Agency (NSA) snooping on German politicians. Government officials were extremely angry when Edward Snowden mentioning eavesdropping on Chancellor Angela Merkel.
"The pressures on networks as well as the risks from highly developed viruses or Trojans are rising," the German Interior Ministry said in a statement. "Furthermore, the ties revealed between foreign intelligence agencies and firms in the wake of the U.S. National Security Agency (NSA) affair show that the German government needs a very high level of security for its critical networks."
This is good timing for the German government, because Deutsche Telekom and other European wireless providers comply with data protection laws in the European Union (EU).
The United States and China are reportedly trying to increase discussions related to cybercrime, but leaders in Washington and Beijing are continuing to find it difficult. It seems the U.S. government charging five Chinese Army officers with cyberespionage led to the timeout, as both sides try to work things out.
Even though both China and the United States blame one another for state-sanctioned activities - and China is blamed for allowing groups to target western companies - both sides want to find some type of political middle ground they can agree on.
Organized Chinese hacker groups are targeting western defense companies, with Chinese officials typically turning a blind eye. Meanwhile, there hasn't been a decline in cyberattacks stemming from China, cybersecurity experts warn, showing that there is still a lot of work that must be done.
ThreatTrack Security recently released ThreatAnalyzer 5.1, the company's latest version of a dynamic malware analysis solution aimed for the enterprise. The new tool allows security teams to detect and remove malicious code, along with learning how malware runs on their networks.
Users are able to recrate their 32-bit and 64-bit environments, including virtual machines, with custom malware determination rules and integrated threat intelligence.
"Uncertainty is one of the biggest challenges to enterprise cybersecurity, and it is paralyzing incident response teams," said Julian Waits, ThreatTrack Security President and CEO, in a statement. "Enterprises know they are under attack from breaches caused by advanced malware, but most lack the tools necessary to identify advanced threats and accurately quantify their exposure to those risks."
Allen Lockser, 21, faces 11 felony computer fraud charges after allegedly accessing student accounts, though didn't compromise any personal information. However, he reportedly submitted quizzes and deleted submitted homework assignments from the school network, first gaining access by trying random passwords until he was successful.
Lockser is accused of hacking into 20 student accounts on Canvas, the Pasco-Hernando State College online portal, which is used for submitting homework assignments and assessments. He was easy to track because he used the static IP address at his home, so sheriff's deputies were able to quickly identify him.
The school boosted security and students must now use passwords with a combination of letters, numbers and special characters. In addition to criminal charges, Lockser will also face a school disciplinary inquiry. After being arrested for his charges, Lockser was booked and later released on $1,100 bail.
The BBC has had to apologize to its mobile app users following a weird push notification sent from its news app full of nosequiturs.
Twitter users wondered if the BBC had its security compromised when the app said: "NYPD Twitter campaign 'backfires' after hashtag hijacked. Push sucks! Pull blows! BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIIII like testing."
The broadcasting house insisted that its security had not, in fact, been breached - and that the notification was down to good old fashioned human error. "We apologize to our app users who were unnecessarily interrupted with the alert," a BBC spokesperson said. "We've been in the process of testing new functionality for our apps and a test message was sent in error."
The State of Montana's Department of Public Health and Human Services was hacked and cybercriminals compromised up to 1.3 million records. State officials confirmed the problem and said the department has informed customers, warning Social Security numbers and other personal information might be at risk.
In addition to customer Social Security numbers, hackers breached patient names, birth dates, bank account numbers, medical diagnosis, prescriptions, dates of service, and treatments given.
"We have absolutely no indication the criminals who illegally entered the server had any interest in the data they accessed in any way, shape or form, and we have no reports of people's identities being stolen," said Richard Opper, department director, in a statement.
The Pony Loader malware has been updated to v2.0 and has nasty new tricks to help compromise users and steal bitcoins. The updated version is able to compromise a large group of different cryptocurrency wallets, including Litecoin, Namecoin, Terracoin, Goldcoin, Junkcoin, and Anoncoin.
To counter this new malware threat, it's recommend users update to the newest bitcoin client, which gives users a way to encrypt private keys with passphrases.
"Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky," said Isaac Palmer, Damballa malware reserve engineer, in a blog post.
Cybercriminals are finding new methods to compromise energy companies and other critical industries with custom malware, exploiting legitimate apps. Instead of trying to hack the company directly, hackers are finding success in hacking software providers to hack vendors, according to security firm F-Secure.
The "Havex" malware previously hit the energy sector, and is now being used to target companies in Europe. An industrial machine producer and two educational organizations in France, with companies in Germany also hit.
"During the spring of 2014, we noticed that Havex took a specific interest in Industrial Control Systems (ICS) and the group behind uses an innovative Trojan horse approach to compromise victims," said F-Secure in a blog post. "The attackers have Trojanized software available for download from ICS/SCADA manufacturer websites in an attempt to infect the computers where the software is installed to."
PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.
Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.
"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."