TweakTown NewsRefine News by Category:
The United States and China are reportedly trying to increase discussions related to cybercrime, but leaders in Washington and Beijing are continuing to find it difficult. It seems the U.S. government charging five Chinese Army officers with cyberespionage led to the timeout, as both sides try to work things out.
Even though both China and the United States blame one another for state-sanctioned activities - and China is blamed for allowing groups to target western companies - both sides want to find some type of political middle ground they can agree on.
Organized Chinese hacker groups are targeting western defense companies, with Chinese officials typically turning a blind eye. Meanwhile, there hasn't been a decline in cyberattacks stemming from China, cybersecurity experts warn, showing that there is still a lot of work that must be done.
ThreatTrack Security recently released ThreatAnalyzer 5.1, the company's latest version of a dynamic malware analysis solution aimed for the enterprise. The new tool allows security teams to detect and remove malicious code, along with learning how malware runs on their networks.
Users are able to recrate their 32-bit and 64-bit environments, including virtual machines, with custom malware determination rules and integrated threat intelligence.
"Uncertainty is one of the biggest challenges to enterprise cybersecurity, and it is paralyzing incident response teams," said Julian Waits, ThreatTrack Security President and CEO, in a statement. "Enterprises know they are under attack from breaches caused by advanced malware, but most lack the tools necessary to identify advanced threats and accurately quantify their exposure to those risks."
Allen Lockser, 21, faces 11 felony computer fraud charges after allegedly accessing student accounts, though didn't compromise any personal information. However, he reportedly submitted quizzes and deleted submitted homework assignments from the school network, first gaining access by trying random passwords until he was successful.
Lockser is accused of hacking into 20 student accounts on Canvas, the Pasco-Hernando State College online portal, which is used for submitting homework assignments and assessments. He was easy to track because he used the static IP address at his home, so sheriff's deputies were able to quickly identify him.
The school boosted security and students must now use passwords with a combination of letters, numbers and special characters. In addition to criminal charges, Lockser will also face a school disciplinary inquiry. After being arrested for his charges, Lockser was booked and later released on $1,100 bail.
The BBC has had to apologize to its mobile app users following a weird push notification sent from its news app full of nosequiturs.
Twitter users wondered if the BBC had its security compromised when the app said: "NYPD Twitter campaign 'backfires' after hashtag hijacked. Push sucks! Pull blows! BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIIII like testing."
The broadcasting house insisted that its security had not, in fact, been breached - and that the notification was down to good old fashioned human error. "We apologize to our app users who were unnecessarily interrupted with the alert," a BBC spokesperson said. "We've been in the process of testing new functionality for our apps and a test message was sent in error."
The State of Montana's Department of Public Health and Human Services was hacked and cybercriminals compromised up to 1.3 million records. State officials confirmed the problem and said the department has informed customers, warning Social Security numbers and other personal information might be at risk.
In addition to customer Social Security numbers, hackers breached patient names, birth dates, bank account numbers, medical diagnosis, prescriptions, dates of service, and treatments given.
"We have absolutely no indication the criminals who illegally entered the server had any interest in the data they accessed in any way, shape or form, and we have no reports of people's identities being stolen," said Richard Opper, department director, in a statement.
The Pony Loader malware has been updated to v2.0 and has nasty new tricks to help compromise users and steal bitcoins. The updated version is able to compromise a large group of different cryptocurrency wallets, including Litecoin, Namecoin, Terracoin, Goldcoin, Junkcoin, and Anoncoin.
To counter this new malware threat, it's recommend users update to the newest bitcoin client, which gives users a way to encrypt private keys with passphrases.
"Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky," said Isaac Palmer, Damballa malware reserve engineer, in a blog post.
Cybercriminals are finding new methods to compromise energy companies and other critical industries with custom malware, exploiting legitimate apps. Instead of trying to hack the company directly, hackers are finding success in hacking software providers to hack vendors, according to security firm F-Secure.
The "Havex" malware previously hit the energy sector, and is now being used to target companies in Europe. An industrial machine producer and two educational organizations in France, with companies in Germany also hit.
"During the spring of 2014, we noticed that Havex took a specific interest in Industrial Control Systems (ICS) and the group behind uses an innovative Trojan horse approach to compromise victims," said F-Secure in a blog post. "The attackers have Trojanized software available for download from ICS/SCADA manufacturer websites in an attempt to infect the computers where the software is installed to."
PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.
Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.
"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."
California Senate Bill 962, aimed at forcing smartphone manufacturers to include mandatory kill switches on smartphones, has passed the California Assembly committee. Apple, Google, Microsoft, Verizon Wireless and AT&T say they are okay with the law, after showing initial distrust of mandatory kill switches.
Last month, the California Senate passed the smartphone kill switch bill on its second try, with lawmakers saying police across the state are seeing smartphone thefts plaguing communities. San Francisco District Attorney George Gascon and Oakland Mayor Jean Quan applaud anti-theft smartphone technology, especially with smartphone-related crimes staggering high in San Francisco and Oakland, respectively.
"The only way to stop the victimization of innocent cell phone customers is to enable theft-deterrent technology on nearly every new smartphone sold in California, which this legislation will do," said Sen. Mark Leno, (D-San Francisco), the sponsor of the bill
Mobile gamers interested in playing Flappy Bird should be extremely careful, because most versions of the game circulating shipped with some type of malware. A whopping four out of every five Flappy Bird clone apps come with malware, and that shouldn't be a surprise, with the game pulled while still in such high demand.
The developer behind Flappy Bird, Dong Nguyen, removed his hugely popular game from app stores in February, concerned that it was causing addition. However, the game was so popular that it didn't take long before clones began hitting the Internet, and download rates of the knock-off versions picked up.
Some malware is responsible for texting premium services, while others intercept messages and phone calls, and others focus on targeting payment information.