TweakTown NewsRefine News by Category:
Internet service providers (ISPs) are being criticized for distributing routers that are known for having security vulnerabilities that leave users vulnerable. A whopping 14 supplier provided ADSL routers that have firmware released in 2007 or newer, so hackers are able to gain overwhelming control of home networks.
Up to 80 million devices that are used in households and small offices can be compromised simply because new users don't bother to change default passwords - and it's even easier to find Internet-exposed routers. In addition to Internet scans, some websites are known for publishing which devices are vulnerable to outside tampering.
"Wide swathes of IP space are being made vulnerable through ISPs in developing countries distributing routers with default passwords that can be easily found on the Internet," said Kyle Lovett, Cisco consultant, while speaking at CrestCon & IISP Congress 2015.
A rise in cyberattacks can be attributed as an attack by people, as companies spend even more on boosting endpoint security. Many IT experts and business leaders see cyberattacks as a technology issue, but it's really a focus on people.
Cybersecurity experts are increasingly focused on educating employees on spotting phishing attempts, and fighting against attacks that rely on employees being rather naive and reckless.
"When you do think of it that way, then you tend to do a bunch of bad things," said Dave Merkel, CTO of FireEye, in a statement to ZDNET. "Such as ask bad questions to your security team like, 'What product can I buy to make this go away?' The answer is you can't just buy a product that is going make the bad guys go away forever."
NYPD auxiliary police officer Yehuda Katz was charged with allegedly hacking into NYPD and FBI databases as part of his fraud scheme. Katz even installed a hidden camera in the traffic safety office, which was eventually discovered by precinct officers.
Katz used 15 compromised usernames and passwords, searching for more than 6,000 license plates stemming from auto accidents. Once he had personal information, he contacted victims and posed as an attorney who would be able to collect on their behalf.
"The threat posed by those who abuse positions of trust to engage in insider attacks is serious, and we will continue to work closely with our law enforcement partners to vigorously prosecute such attacks," said US Attorney Loretta Lynch, in a public statement.
Eighty-two percent of IT professionals are concerned that using mobile apps in the office "significantly" or "very significantly" increase cybersecurity concerns - but more than half of companies still lack mobile app use policy rules.
Millions are being spent on mobile app development, but a fraction of those overall investments are related to security. Companies are increasingly testing mobile apps, including security vulnerabilities, and 30 percent of apps are found to have at least a single vulnerability.
"It's just an indicator that we [the security community] have a problem, [or] a risk issue that isn't necessarily being met, at least not with respect to training and awareness," said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement to SCMagazine.com
Cybercriminals breaching US military and private sector networks are leaving "cyber fingerprints" in an effort to not only warn that systems are vulnerable - but sometimes taunt IT officials. The US must improve cybersecurity defenses due to "threats and vulnerabilities" that are "changing and expanding at an accelerated and alarming pace."
US military officials want to see increased funds to improve current security efforts, along with preparing for future threats.
"Private security researchers over the last year have reported on numerous malware finds in the industrial control systems of energy sector organizations," said Admiral Michael Rogers, head of the Pentagon US Cyber Command. "We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict."
The Apple Watch will be released on April 24 and should bring immediate attention to the wearables market - but that has some cybersecurity experts concerned. More users will rely on their smartwatches to make payments, conduct business communications, and save sensitive information for easier access.
Even though this will make it easier to incorporate wearables into our daily lives, it opens the door to hackers looking for new cybercriminal opportunities.
"The more ways we make data more convenient, the more risk there is to access the data and access things without your knowledge," said Kevin Mahaffey, chief technology officer of the Lookout cybersecurity firm, in a statement published by CNBC. "Just like adding another door to your house, it's just adding another way for bad guys to get in."
As cybercriminals pick and choose targets to attack, there is a vocal push by the US government for increased cyber threat intelligence sharing between the government and private sector. The retail and oil & gas sectors have already outlined official methods to share intelligence, while other business verticals mull similar efforts.
Collected intelligence of new and ongoing cyberattacks can be difficult to track, which is why financial services (FS) and information-sharing and analysis centers (ISACs) are becoming more prevalent.
"The process isn't automated yet," said William Nelson, president and CEO of FS-ISAC, in a statement published by Dark Reading. "A lot of dialog in information-sharing is going back and forth, did anybody see this, and they raise their hand. We're trying to get more automated..."
Just one-third of small and midsize businesses (SMBs) are aware that cyber insurance exists, despite a rising number of cyberattacks - and successful data breaches. Meanwhile, 52 percent of SMBs are "very" or "moderately" interested in purchasing some type of cyber insurance, according to a recent survey by Software Advice.
Some SMBs may have limited cyber coverage, which focuses on business impact related to network loss - and similar business activities - but don't include other financial ramifications from a data breach.
"I would define [its] state ... as 'infant' or 'forming,'" said Bob Rudis, security data scientists at Verizon Enterprise Solutions. "There have been companies selling versions of cyber insurance for a few years, but there is no same standard of practice for vetting a potential company, [sharing] claims data or historical (actuarial) data or even a consensus on pricing models."
Following its massive 2013 data breach, which led to customer payment data being stolen, Target will pay $10 million in a class-action lawsuit settlement. The attack took place between Nov. 27 and Dec. 15 2013, with up to 40 million credit and debit cards compromised.
If approved by a federal district court judge, individual victims would be paid up to $10,000 - but is just one of 15 lawsuits that were filed against Target within a short period following the data breach.
"We are pleased to see the process moving forward and look forward to its resolution," said Molly Snyder, Target spokesperson, in a statement to CBS News.
Microsoft plans to offer the Windows Hello biometric sign-in feature for its upcoming Windows 10 operating system. Users will have the chance to scan their face, fingerprint or iris, which can be used to unlock PCs, laptops, or smartphones.
Windows Hello can be used to access protected content, authenticate apps, and other "online experiences," Microsoft says.
Meanwhile, Intel said all systems that utilize its RealSense F200 sensor can support Windows Hello. All data will be stored locally on each PC or device, and will remain anonymous in case hackers compromise it.