Tech content trusted by users in North America and around the world
6,417 Reviews & Articles | 42,787 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 14

Syrian forces targeting rebel forces with social engineering attacks

Opposition fighters trying to overthrow the regime of Syrian President Bashar al-Assad have fallen prey to one of the oldest social engineering tactics: hackers use fake Facebook and Skype profiles of young, beautiful women to target rebels, inviting them to chat. Pictures are exchanged, though the hackers load images with malware able to copy chat logs and steal strategic information.

 

syrian-forces-targeting-rebel-social-engineering-attacks_01

 

The tactic continues to work on oblivious Syrian fighters, continually chatting with pro-Assad hackers - and the results have been devastating. A FireEye report revealed 7.7GB of data has been compromised, along with more than 12,000 contacts and 31,000 Skype conversations.

 

"We are really seeing the convergence of traditional methods of espionage and Internet communication tools," said Richard Turner, EMEA VP of FireEye, told CNBC. "The evidence of that is the use of the attractive lady avatar to generate interest and open up individuals to deliver malware and compromise their communication."

Pres. Obama wants $14 billion to boost nation's cybersecurity defenses

In an effort to protect federal and private computer assets from cyberattacks, President Barack Obama wants to receive $14 billion in the 2016 fiscal year to put towards cybersecurity. The US government has increasingly called upon defense contractors and the private sector to provide next-generation software and hardware designed to help keep critical infrastructure safer from attack.

 

pres-obama-14-billion-boost-nations-cybersecurity-defenses_01

 

As part of his multi-billion-dollar cybersecurity effort, Obama wants to include additional intrusion detection and prevention solutions, along with increased intelligence sharing between the government and private sector.

 

"Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity," according to a White House summary.

Continue reading 'Pres. Obama wants $14 billion to boost nation's cybersecurity defenses' (full post)

Raptr hacked, members should change their passwords ASAP

Raptr confirmed that it was hacked, and the company is now recommending users change their passwords sooner rather than later. Some user data may have been compromised in the breach, but Raptr didn't say what type of data may have been stolen.

 

raptr-hacked-members-change-passwords-asap_01

 

Raptr Reward Points earned by its members are protected with two-factor authentication and should be protected from any outside tampering.

 

"Although the potential risk to Raptr users is pretty minimal, we urge you to access any accounts on other sites and services in which you use the same login and password associated with your Raptr account and change the related password(s) immediately," Raptr said in an official statement.

RansomWeb appears to be emerging new cyberattack against victims

A new cyber threat victimizing users is the 'RansomWeb' attack, which leaves compromised websites encrypted - and they will remain that way until the victim pays a ransom to cyberattackers. The threat was first detected by cybersecurity firm High-Tech Bridge, investigating a client website, which displayed a database error.

 

ransomweb-appears-emerging-new-cyberattack-against-victims_01

 

The cybercriminals demanded a $50,000 ransom in exchange for decrypting the database, despite it being compromised six months prior. A closer inspection found that several server scripts were edited so data was encrypted before it was submitted to the database, and data was decrypted after being pulled from the database.

 

Instead of an immediate ransom demand - like ransomware attacks against business users - the cybercriminals patiently waited until backups were also overwritten.

Continue reading 'RansomWeb appears to be emerging new cyberattack against victims' (full post)

Recent fake Facebook porn links infecting systems with a Trojan virus

Don't ever click porn links on Facebook - it's a very good rule to follow in general, however if you're looking to get a porn fix through this popular social media, you need to be extremely alert and aware. Reportedly infecting over 110,000 Facebook users within two days, not everyone is as smart as you might have hoped.

 

recent-fake-facebook-porn-links-infecting-pcs-trojan_058

 

Disguised as a Flash update, this disguised-malware post will tell you to quickly download and run an update in order to see a withheld porn video - doing so will download a Trojan directly onto your system, allowing a hacker to take control of your keyboard and mouse. This virus will then start linking multiple similar links on your wall and tagging up to 20 friends with each post.

 

Facebook have released an official statement on the matter, saying "we use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we're aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites." In order to cull the wave of infections, Facebook is "blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook."

Continue reading 'Recent fake Facebook porn links infecting systems with a Trojan virus' (full post)

Report: Single DDoS attack could cost an organization $400,000

Companies are under cyberattack, and a single distributed denial of service (DDoS) attack could cost companies from $52,000 up to $444,000 depending on how large the company is. Enduring downtime due to a DDoS cyberattack also hurts the company's public relations image, with disclosures made to customers and federal regulatory bodies.

 

report-single-ddos-attack-cost-organization-400-000_01

 

Following a DDoS attack, 61 percent of victims lost access to critical business information, while 38 percent were unable to conduct day-to-day business operations. As cybercriminals are becoming more organized - and finding new strategies to launch cyberattacks - volumetric attacks tend to be increasing, outnumbering application-layer attacks.

 

"A successful DDoS attack can damage business-critical services, leading to serious consequences for the company," said Eugene Vigovsky, head of the Kaspersky DDoS protection at Kaspersky Lab. "For example, the recent attacks on Scandinavian banks caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this."

US military researching biometric 'next generation' passwords

The United States military is interested in developing a next generation security platform that could potentially replace traditional passwords with a biometric identification system. West Point researchers are focused on "cognitive fingerprint" algorithms that rely on behavioral traits instead of physical characteristics for identification.

 

military-researching-biometric-next-generation-passwords_01

 

If this research is beneficial, it would be a major step forward over the use of traditional passwords and two-step authentication efforts, cybersecurity experts noted. Although behavioral-based patterns for security protocols aren't new, this could greatly help usher a new security standard into the enterprise.

 

The US military wants to use it for encrypted data communications, but consumers could find it rolled out for mobile banking and other similar uses.

Continue reading 'US military researching biometric 'next generation' passwords' (full post)

Malware infection could cause drones to drop from the sky

Small drones being flown by recreational hobbyists can be hijacked using malware, as a security expert found a backdoor in the Parrot AR drone. The AR quadcopter helicopter drone can be controlled by a smartphone, tablet, NVIDIA Shield and similar devices, but can be hijacked with the Maldrone malware.

 

 

Security specialist Rahul Sasi was able to infect the drone and could interfere with its navigation features. Once compromised, he could issue a kill command, or fly the drone under his command - opening the odor to potential invasion of privacy cases, or stealing an onboard camera/video recorder.

 

"In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone," according to researchers. "Once connection is established we can interact with the software as well as drivers/sensors of the drone directly. There is an existing AR drone piloting program. Our backdoors kills the autopilot and takes control. The backdoor is persistent across resets."

Continue reading 'Malware infection could cause drones to drop from the sky' (full post)

ACLU: DEA conducting massive license plate reader operation

The Drug Enforcement Agency (DEA) is currently engaged in a widespread license plate reader program nationwide, and millions of license plates have been collected, according to a report from the American Civil Liberties Union (ACLU). The campaign started in 2008 and focused on taking pictures of vehicles, occupants and license plates, in an effort to identify and better track suspected criminals smuggling drugs and money to and from Mexico.

 

aclu-dea-conducting-massive-license-plate-reader-operation_01

 

"It's not the kind of information government should be compiling," said Jay Stanley, a policy analyst for the ACLU, in a statement to the media. "Location data is very powerful information."

 

The following states were targeted, based on popular drug smuggling routes on highways: California, Arizona, New Mexico, Nevada, Texas, Georgia, Florida and New Jersey. Once collected and archived, the DEA shared information with local and state policy officials. Data was stored on record for two years until 2012, when program officials dropped it down to six months, the ACLU report found.

Continue reading 'ACLU: DEA conducting massive license plate reader operation' (full post)

Snowden: Canadian spy agency tracks millions of downloads per day

The NSA and GCHQ might have the most developed spy programs uncovered by former NSA contractor Edward Snowden, but recent documents reveal the Canadian Communications Security Establishment (CSE) project also has widespread surveillance operations. Canada is a member of the "Five Eyes" intelligence-sharing network along with Australia, the United States, UK and New Zealand - though is often quieter regarding its operations.

 

snowden-canadian-spy-agency-tracks-millions-downloads-per-day_01

 

The CSE "Levitation" program focused on 10 to 15 million uploads and downloads from free websites per day, designed to fight terrorism and defend national security.

 

"Every single thing that you do - in this case uploading/downloading files to these sites - that act is being archived, collected and analyzed," said Ron Deibert, director of the Internet security think tank Citizen Lab, in a statement to the CBC.

Continue reading 'Snowden: Canadian spy agency tracks millions of downloads per day' (full post)

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Subscribe to our Newsletter
Or Scroll Up Or Down