Up to 168,500 patients of the Los Angeles County Department of Health Services are at risk after thieves broke into the Sutherland Healthcare Solutions (SHS) office and stole PCs with personal information.
Included in the data breach: Names, Social Security Numbers, birthdates, addresses, medical diagnoses, medical and billing information. The Southern California SHS office was broken into on February 5, and the company is now working with law enforcement - and reviewing its internal policies to try and prevent a similar breach from happening in the future.
"We take this incident very seriously and are taking the necessary precautions to protect all patient related information from theft or criminal activity," SHS said in an open memo. "We and Los Angeles County are actively working with law enforcement."
Congressman Mike Pompeo (R-Kansas) doesn't want SXSW organizers to interview former NSA IT contractor Edward Snowden, saying Snowden cares more about personal fame than personal privacy of US citizens.
SXSW officials wanted to open a debate focused on government surveillance and how important it is to help develop the online ecosystem.
"Mr. Snowden's appearance would stamp the imprimatur of your fine organization on a man who ill deserves such accolades," Congressman Pompeo said in an open letter. "Rewarding Mr. Snowden's behavior in this way encourages the very lawlessness he exhibited. Such lawlessness - and the ongoing intentional distortion of truth that he and his media enables have engaged in since the release of these documents - undermines the very fairness and freedom that SXSW and the ACLU purport to foster. I strongly urge you to withdraw this invitation."
During his speech at the SXSW technology conference in Austin, Texas, Google chairman Eric Schmidt had some damning words to say about the Chinese, and the NSA. SChmidt said that government attacks from China, and the US, forced Google to boost its security protocols.
Schmidt said that governments around the world have come to the realization that trying to block Internet access to its citizens are futile, and that they have moved onto other methods of control. He said: "You don't turn off the Internet: you infiltrate it. The new model for a dictator is to infiltrate and try to manipulate it. You're seeing this in China, and in many other countries."
The Google chairman was pressed about the role of technology in uprisings, such as the one in the Ukraine right now, where he said that the spread of mobile devices has allowed people to organize much more easily, but although "revolutions are going to be easier to start," they'll also be "harder to finish."
Researchers from North Carolina State University have created the Practical Root Exploit Containment (PREC) tool aimed to look for root exploits in malicious apps.
Since most malicious apps targeting Google Android are based on C programming, not Java, researchers can compare apps with a database that describes how apps are expected to operate. Software anomaly detection isn't new, but researchers focused strictly on C code, greatly reducing the number of false positives by searching for C only.
"We have implemented PREC and evaluated our methodology on 140 most popular benign applications and 10 root exploit malicious applications," researchers wrote in their paper. "Our results show that PREC can successfully detect and stop all the tested malware while reducing the false alarm rates by more than one order of magnitude over traditional malware detection algorithms."
European Union law enforcement agency Europol is urging citizens to be careful using public Wi-Fi hotspots, due to an increase in the number of cybercriminals trying to steal information.
There is even greater concern when people use these hotspots to log into social media, make online purchases, or use online banking. However, the majority of consumers don't tend to focus on security, and aren't aware of the risks.
"We should teach users that they should not address sensitive information while being on an open insecure Wi-Fi Internet," said Troels Oerting, head of the Europol cybercrime unit, in an interview with BBC Click. "They should do this from home where they know actually the Wi-Fi and its security, but not if you are in a coffee shop somewhere you shouldn't access your bank or do all of these things that actually transfer very sensitive information."
First American Bank sent out a public memo warning members to be on alert when paying for taxicabs in Chicago using debit or credit cards - and urge those traveling in the Windy City to use cash payments.
First American Bank made the issue public almost three weeks after it was alerted of fraudulent behavior in Chicago cabs. To date, more than 200 new cards have been issued and at least $62,000 in suspected fraudulent activity has been flagged by the bank.
"We have become aware of a data breach that occurs when a card is used in Chicago taxxis, including American United, Checker, Yellow, and Blue Diamond and others that utilize Taxi Affiliation Services and Dispatch Taxi to process card transactions," said Tom Wells, First American Bank chairman, in a statement.
Companies infected with the Cryptolocker ransomware are willing to pay up, with 40 percent of companies hit sending around $500 to recover files.
Cryptolocker is plaguing companies, encrypting certain file formats that cause workplace disruption, which is likely why companies are so quick to make a payment to cybercriminals overseas.
"If the results reported on the rate of Cryptolocker victims who pay a ransom are to be strengthened by further research, these figures would be extremely troubling, netting criminals behind the ransomware hundreds of millions." said Dr. Julio Hernandez-Castro, University of Kent School of Computing professor, said in a statement. "This would encourage them to continue with this form of cybercrime, potentially prompting other criminal gangs to jump into an extremely profitable cybercrime market."
Cryptolocker is extremely tricky because a malware scan will remove the malware, but the encrypted files stay encrypted until the countdown ends.
Russia and Ukraine are locked in a tense political situation which has spilled over into the digital world, with both countries reportedly launching cyberattacks against one another. Security experts believe even if physical military skirmishes don't take place, there will be continued cyberattacks on both sides.
The Russian military is accused of knocking out mobile phone networks in the Ukraine, with social media and news sites defaced and temporarily replaced with propaganda.
"I confirm that an... attack is underway on mobile phones of members of the Ukrainian parliament for the second day in a row," said Valentyn Nalivaichenko, Ukrainian security chief, at a press conference.
Researchers from Saarland University in Germany created a unique piece of software designed to help keep Google Android users more secure. Specifically, the "Chabada" detection software helps scan apps to see if they are possibly infected.
App functionality is quickly scanned, and the software is able to identify if an app does something overly suspicious. Google reportedly is interested to have the entire Google App store searched to see which malicious apps may have slipped in.
"Apps whose functionality is described in the app store should behave accordingly," said Andreas Zeller, Saarland University professor of software engineering, in a statement. "If that is not the case, they are suspect."
Target is restructuring following a massive data breach in which the retailer was warned of security issues beforehand, and cybercriminals were able to deploy malware on the company's in-store point-of-sale machines.
"It's a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model," said Brian Sozzi, Belus Capital Advisors CEO, in a statement to Reuters.
Jacob is the first Target executive to resign - and it's possible others will either receive walking papers, or "quit" - and an interim CIO will be chosen to help move Target's cybersecurity forward. It seems shocking that Jacob didn't quit earlier, or that CEO Gregg Steinhafel didn't show her the door earlier, but expect the company to find an external hire next.
Tablets and smartphones helped force users into a mobile lifestyle, in which e-mails, content, work, and entertainment need to be optimized for non-PC devices.
Businesses risk downtime, lost productivity, legal problems, and possible customer backlash if data is compromised, especially due to negligence, and presents a unique problem.
"I haven't seen a lot of good products to add to tablets and smartphones - yet," said Bruce Campbell, Clare Computer Solutions VP of Marketing, in a statement to TweakTown. "While malware for these devices is on the rise, the more common problem is these devices being lost or stolen with personal or company data. Software that will enable the device to be 'wiped' clean if stolen or lost is a good idea."
Consumers have a difficult time trying to keep devices secure, and the problem escalates in the workplace.
Israeli Prime Minister Benjamin Netanyahu recently discussed his country's budding cybersecurity industry, which is tasked with stopping attacks from Islamist militant organizations and cybercriminal groups.
During the interview, Netanyahu was asked about companies purchasing Israeli technologies and whether they should be worried of NSA-like spying behavior.
"My point is that to build in Israel a global center for cybersecurity, in other words to prevent this spying to prevent the piracy, to prevent sabotage" Netanyahu said in an interview transcribed by BloomBerg. "You have user accounts. You have to protect them. You have bank accounts. You have to protect them. You have electricity grids. You have to protect them, traffic systems and aviation systems. All of these can be both individually and national infrastructures could be imperiled by cyber-attacks, are imperiled by cyber-attacks."
Netanyahu also said he has made it easier for Israeli startup companies to develop technologies and join other companies while trying to improve proprietary knowledge of cybersecurity.
Andrew Meldrum, a 30-year-old British citizen, has been found guilty of three counts of unauthorized access to computer material after "fixing" webcams so he could remotely watch as many as three victims.
Meldrum was first suspected after one of the victims reported her computer was acting strangely, and it snowballed from there - one victim spoke with someone else, and victim 2 contacted a third victim - all three had the convicted creeper work on their PCs.
"I would like to thank all witnesses in this investigation but especially the three victims who game evidence on matters that were clearly of a private, intimate and personal nature to them," said Nick Pailthorpe, Southwark Borough CID, in a press statement. "I hope that they can take some consolation in the guilty verdict that sends out a clear message to anyone that this type of intrusion into a person's private life is not acceptable and the Metropolitan Police will support all victims and pursue all suspects."
Fruit jam and jelly company Smucker's reportedly suffered an online store data breach, with customer names, mailing addresses, e-mail, phone numbers, credit and debit card numbers, expiration dates, and verification codes at risk.
Security experts believe a sophisticated Trojan is likely to blame for Smucker's issues, with information siphoned from online web server applications.
"We are extremely disappointed this incident occurred and sincerely apologize for any inconvenience this may cause," Smucker's officials said in an online state. "Please be assured, we continue to thoroughly investigate this matter with federal authorities, and have taken steps to rectify the cause of this incident with the Online Store website."
The same attack has been successful against Adobe, data brokers such as LexisNexis and Dun & Bradstreet, and PR Newswire, with other retailers likely to fall prey in the future.
Salon and beauty supply retailer Sally Beauty Supply is the latest U.S. company to suffer a data breach, confirming it noticed "unusual activity" on its network in late February.
Sally Beauty has 2,700 locations throughout the United States, and is now working with police and federal authorities to investigate the breach. The company promised to continue monitoring its network while improving security as Verizon Enterprise Solutions lends an outside hand.
Security specialists found a fresh batch of 282,000 stolen debit and credit cards on an underground hacker forum available for sale - and some reportedly were used at Sally Beauty locations.
Trying to keep PCs and devices safe from increasing numbers of cyberattacks hasn't been easy, with sophisticated malicious code targeting PCs.
Even with elevated malicious attacks in the wild, there are a few basic steps that can be done to boost defenses before something critical occurs.
The first step: "Make sure you have up-to-date Anti-Virus software - preferably not the freeware versions," said Bruce Campbell, IT outsourcing company Clare Computer Solutions, in a statement to TweakTown. "For home users, make sure you activate the Norton or McAfee that comes with the computer, and renew it every year."
Appropriate software is an important first step, but a bit of retraining and reeducation must also take place, for home users and business users.
Things just got a lot worse for former Bitcoin exchange, Mt. Gox. Today a Russian leakster announced that he has accessed then entire source code that ran Mt. Gox's operations. The code is only 1,700 lines long, so it is highly unlikely that the entire thing is there, but it does provide enough information to show how Mt. Gox handled Bitcoin transactions, and the methods used to transmit and receive Bitcoin hashes.
Along with the source code, the leakster / hacker claims to have a 20GB data dump of customer and employee information that includes passport scans, and every piece of contact information customers and employees entered into the system. With a breach this big, it leaves us to wonder how many other exchanges were using a part of this source code, and how many are now venerable to even more attacks now that the information is public? If you are interested, the source link below has links to the stolen code.
It's incidents like this that further undermine the security and trustworthiness of Bitcoins as a viable digital currency. This is the exact reason that US Congressmen are calling for Bitcoin trading to be banned in the us. With such a large economy growing around the virtually unregulated Bitcoin market, a simple crash like Mt. Gox experienced, or major Bitcoin heist like Flexcoin experienced over the weekend could send the entire market crashing down and millions of people would lose everything they have invested in Bitcoins.
There is a security transition from defending against various virus and Trojan formats to sophisticated malware, and anti-virus programs are "totally useless," according to Mohammad Mannan, Concordia Institute for Information Systems Engineering assistant professor.
In a recent survey from Visa, almost 92 percent of respondents said they have been targeted by attempted phishing attempts - and the complexity of these attacks continues to evolve.
Just a few years ago, if a user was infected with malware, it was a major disruptive problem that directly led to PCs running poorly. However, malware is largely being written by cybercriminals aiming to either hijack compromised devices, or steal personal information and make money, so malware runs in the background a lot more efficiently.
The growing threat of malware now plagues security companies, users, and businesses, as traditional anti-virus software is ineffective at detecting malware.
In addition, malware authors are getting more creative when they aim to steal information from users, with cleverly written phishing attacks, tricky malware code, and thirst to steal and sell personal data.
"Malware is increasingly tailored for specific countries," security company CYREN noted in its 2013 yearbook of security threats. "While German e-mail users receive fake train bookings from Deutsche Bahn or Lufthansa tickets, Americans will receive fake gift vouchers from U.S. companies, bills from their tax authorities, or even speeding fines from the police."
Web-based advertisements overtook pornography as the top source of malware found on mobile devices, with compromised ads rising quickly to the top of the charts, according to security company Blue Coat.
"Being in the security space, we're not often surprised by these stats - but that is a big jump in a short period," said Sasi Murthy, Blue Coat VP of product marketing security, in a statement to NBC News. "[Scammers] work like a business. They're focused on low investment and high return, so they will go where the activity is."
Although some mobile users click on links in e-mails and social media messages, compromising Web ads is a more direct approach. Around one in five mobile users pointed towards malware clicked on a compromised Web ad - a major increase from just 5.7 percent during November 2012, according to Blue Coat.
In an effort to compromise smartphones and tablets, Chinese hackers are using well-written malware and malicious code to target U.S. and western targets. The demand for mobile Web access has created a lucrative market for cybercriminals trying to exploit often vulnerable devices which can be hijacked and used for illegal activities.
It's possible to buy mobile malware kits on the black market for as little as $15, with organized cybercriminal forums located in the United States, China, Brazil, and Russia.
"The barriers to launching cybercriminal operations are less in number than ever," a Trend Micro security report recently stated. "Toolkits are becoming more available and cheaper; some are even offered free of charge."