Tech content trusted by users in North America and around the world
6,454 Reviews & Articles | 43,105 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 13

Swedish man behind BlackShades malware pleads guilty in US court

Swedish citizen Alex Yucel, 24, has pleaded guilty for his role in being co-creator of the BlackShades malware, which infected more than 500,000 PCs across the world. Yucel pleaded guilty to one count of distribution of malicious software, and faces a maximum sentence of 10 years.




In exchange for his guilty plea, there is a stipulated agreement that will see Yucel receive a sentence ranging from 70 to 87 months. "I do actually want to plead guilty," Yucel said in his court appearance. "I knew that the program would be used to cause damage."


Yucel was arrested in November 2013 while in Moldova, and was extradited to the United States. As the operator of the criminal organization, Yucel hired administrators, marketing and customer support staff to interact with customers - generating upwards of $350,000 in revenue.

Continue reading 'Swedish man behind BlackShades malware pleads guilty in US court' (full post)

Software Advice: More than half of SMBs don't have data breach plan

Companies are under cyberattack, and many of them are being caught off guard when a data breach occurs. More than half of small and midsize businesses (SMBs) don't have an appropriate breach response plan currently in place, according to a survey from Software Advice.




There are 47 states with breach notification laws that force companies to disclose data breaches when personal information is impacted. However, just 33 percent of SMB decision makers feel "very confident" they understand their state laws regarding breach notification - and it remains a confusing matter.


"Most of the time, when [valuable] information leaks out of a company, it is instantly being monetized on underground forums," said Bogdan Botezatu, senior e-threat analyst of the Bitdefender antivirus firm. This data can be moved quickly, as cybercriminals tend to want to exploit data before changes are made - and companies must inform their clients and customers promptly.

Continue reading 'Software Advice: More than half of SMBs don't have data breach plan' (full post)

Russian citizen pleads not guilty to stealing 160M credit cards

Vladimir Drinkman, 34, has pleaded not guilty after being officially accused of operating in a large international hacker ring responsible for stealing up to 160 million credit cards. The group allegedly installed malware on vulnerable computer systems, with stolen information sold on the black market.




Drinkman's specialty was penetrating networks to gain access to corporate databases that could later be mined.


The hacker group hit NASDAQ, 7-Eleven, Dow Jones, JetBlue, and other high-profile targets - with the "far-reaching" scheme responsible for compromising usernames, passwords, along with debit and credit card numbers.

Continue reading 'Russian citizen pleads not guilty to stealing 160M credit cards' (full post)

Two UK banks add smartphone account access using Apple Touch ID

Members of the RBS and NatWest financial institutions can use the Touch ID feature on their Apple iPhones to access their mobile accounts. Customers will be required to activate the feature in their accounts, supported by the iPhone 5s, 6 and 6 Plus.




If there are three consecutive failed login attempts, members will be forced to enter their traditional password before gaining account access.


The use of biometrics seems appealing for financial institutions, but the use of Touch ID has drawn criticism from some cybersecurity experts.

Continue reading 'Two UK banks add smartphone account access using Apple Touch ID' (full post)

Corporate America in dire need of cybersecurity help to fight attacks

To help defend against cyberattacks, executives at private corporations need assistance from the US government and cybersecurity firms.




It took longer than experts would have liked, but it appears 90 percent of CEOs in the United States find cybersecurity strategically important, according to a PwC survey. The survey also found 87 percent are worried about cyberattacks, and 45 percent are extremely concerned about mounting attacks - many aimed at stealing employee and customer personal data.


President Barack Obama hosted a cybersecurity summit last week at Stanford University, seeking greater cooperation between the United States and Silicon Valley. "When you step back and look at the role of a company versus the role of a government, clearly if we're going to provide the safest possible [customer] experience in [the] aggregate, government and companies need to work together," said John Donahoe, CEO of eBay, in a statement to Fortune.

Continue reading 'Corporate America in dire need of cybersecurity help to fight attacks' (full post)

Researchers stumble across Arab-speaking cybercriminal group

The Operation Arid Viper campaign has successfully stolen more than 1 million files with current malware campaigns underway, though it's not the usual suspects, according to Kaspersky Lab and Trend Micro.




The Arab-speaking group, with ties to Gaza, have targeted foreign government offices, critical infrastructure, military, universities, and other high-profile targets. The attacks likely occurred starting in mid-2013 and a full investigation into their actions is underway.


"Whoever the real culprits are, it is clear that they are part of the Arab world, evidence of a budding generation of Arab hackers and malware creators intent on taking down their chosen adversaries," researchers said in a study. "Some of the black hats - be they mercenaries or cybersoldiers - are actively targeting countries such as Israel due to political motivations. We have seen all of the ingredients of a cyberskirmish guerrilla war that goes unnoticed by mainstream IT security media."

Continue reading 'Researchers stumble across Arab-speaking cybercriminal group' (full post)

Government: Japan endured 25 billion cyberattacks in 2014 alone

Japanese infrastructure endured 25.6 billion cyberattacks in 2014 alone, with 40 percent reportedly traced back to Chinese sources, according to Japan's National Institute of Information and Communications Technology (NICT).




It wouldn't be surprising to hear Japan faced a large number of cyberattacks tied to China, especially with political turbulence between Tokyo and Beijing. There were a number of attacks originating from the United States, South Korea and Russia - as cybersecurity efforts continue to grow.


When the survey was first conducted, in 2005, there were just 310 million cyberattacks detected by the Japanese government. The latest NICT report discovered a growing number of attacks aimed at compromising home and business routers, IoT-enabled systems, networks, and security cameras.

Continue reading 'Government: Japan endured 25 billion cyberattacks in 2014 alone' (full post)

Netgear routers allowing hackers to pass administrator authentication

A recent flaw has been discovered in multiple Netgear router models, reportedly allowing hackers to bypass administrator authentication and gain full access to the device as found by Network engineer, Peter Adkins.




Adkins discovered that routers in the popular Netgear 'WNDR' range are running a Simple Object Access Protocol (SOAP) service as part of the Netgear Genie device administration application. Seemingly secure, he was able to bypass filtering and authentication for the SOAP service over a Wi-Fi connection without much effort.


Once the connection had been established, Adkins was able to extract the admin password, Wi-Fi interface credentials, station identifiers, the device serial number and even information on connected clients. He then notified Netgear of this security issue, however was met with a response which included "the network should still stay secure" - apparently due to hidden built-in security features.

Continue reading 'Netgear routers allowing hackers to pass administrator authentication' (full post)

KnowBe4: Social engineering still extremely effective to victimize

Following news that millions of dollars have been stolen from banks by cybercriminals was yet another startling wakeup call for cybersecurity experts. Not surprisingly, hackers delivered the malware payload via social engineering phishing attacks targeted at reckless employees.




"Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent," said Kevin Mitnick, legendary hacker and Chief Hacking Officer of KnowBe4.


Companies need to be aware that employees - in a number of different departments - are often untrained and rather careless when checking their emails. Spear-phishing tends to be a popular choice among cybercriminals, able to trick employees by using a customized approach.

Continue reading 'KnowBe4: Social engineering still extremely effective to victimize' (full post)

Kaspersky: the NSA has backdoors in Seagate and WD HDD firmware

Kaspersky has some damning claims against HDD giants Seagate and Western Digital, where it has said that the NSA has spying backdoors installed onto the HDD firmware of the leading HDD manufacturers products.




The cyber-security giant says that the US spy agency has full access to raw data, agnostic of partition method (low-level format), file system (high-level format), operating system, or even at the user access level. Kaspersky has said that it has found PCs in at least 30 countries with the spying programs installed, with the most infections found in Iran. After that, we have Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.


Kaspersky has said that the HDD firmware backdoors are used right now to spy on foreign governments, telecommunication giants, banks, nuclear researchers, the media, and many more. Kaspersky isn't outright naming the company that has designed the malware, but it has said that the company responsible has close ties with the development of Stuxnet. But it does get worse, as the company adds that each time you turn your PC on, the malware is activated, which means it has utter control to all of the critical OS components - possibly gaining access to your network, and file system.

Continue reading 'Kaspersky: the NSA has backdoors in Seagate and WD HDD firmware' (full post)

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Subscribe to our Newsletter
Or Scroll Down