TweakTown
Tech content trusted by users in North America and around the world
6,206 Reviews & Articles | 40,138 News Posts
TRENDING NOW: GTA V will have 'just for PC' features, including a video editor

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 18

Report: Companies struggle to keep insider threats under control

Companies are having a hard enough time trying to keep data secure from cybercriminals overseas, but insider threats leave organizations helpless. A lack of proper training and budget constraints make it difficult, with more than 60 percent of IT and security experts saying they couldn't respond to a real insider attack, according to the SpectorSoft security firm.

 

TweakTown image news/3/9/39898_01_report_companies_struggle_to_keep_insider_threats_under_control.jpg

 

Respondents from the United States, Europe and Latin America said a lack of training (55 percent) and budget problems (51 percent) are problematic, with 34 percent saying insider threats aren't currently a priority. There has been an estimated $2.9 trillion of employee fraud losses worldwide every year, as employee theft and fraud can be extremely difficult to detect.

 

"These statistics paint a bleak picture when it comes to securing company data against insider threats," said Rob Williams, SpectorSoft chief marketing officer. "With so many data breaches happening, C-level executives are coming to the realization that their jobs could be on the line if company data isn't protected. Proper defense must include a comprehensive security solution, and with humans involved, education is just as key. The market is ripe for a new approach to internal security."

JPMorgan Chase customers targeted with phishing attacks to steal data

Cybercriminals recently targeted JPMorgan Chase customers with a curious phishing attack designed to steal banking credentials and infect PCs so other usernames and passwords could be collected. JMorgan is the No. 1 bank in the United States based on assets, and confirmed the "Smash and Grab" cyberattack targeting its customers.

 

TweakTown image news/3/9/39897_01_jpmorgan_chase_customers_targeted_with_phishing_attacks_to_steal_data.jpg

 

It seems spam filters stopped a large portion of the attacks, but the phishing scam looks authentic, so it likely did compromise customers. In addition to stealing JPMorgan Chase credentials, attached malware also targets Bank of America, Royal Bank of Scotland and Citigroup customers.

 

Financial institutions are struggling to try to defend customers from cyberattacks - and the use of social engineering is rising, with cybercriminals simply tricking users into providing the data. However, it's rather curious that these spammers are including malware that steals credentials of other banks, because it's more likely to be detected.

Gartner: Information security spending on the rise as threats mature

Information security spending will reach $71.1 billion in 2014, a 7.9 percent year-over-year growth rate, according to the Gartner research group. The data loss prevention sector will have the fastest growth, amounting to 18.9 percent, with security spending to rise 8.2 percent in 2015 up to $76.9 billion.

 

TweakTown image news/3/9/39896_01_gartner_information_security_spending_on_the_rise_as_threats_mature.jpg

 

There is great interest in improving security, especially among companies with customer and client data at risk, as retailers, financial institutions, and healthcare in the private sector try to boost their defenses. Cybercriminals are improving their malware and malicious software, which can be found online for a relatively low price to anyone willing to pay.

 

"This Nexus of Forces is impacting security in terms of new vulnerabilities," said Lawrence Pingree, Gartner research director, in a press statement. "It is also creating new opportunities to improve effectiveness, particularly as a resule of better understanding security threats by using contextual information and other security intelligence. This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center."

'Backoff' malware that hit Target could impact 1,000 more businesses

The Department of Homeland Security (DHS) noted that a single point-of-sale malware, dubbed "Backoff," could be responsible for infecting Target, UPS and more than 1,000 U.S. businesses in the past year alone. DHS officials are urging companies scan their networks to ensure they were not infected by Backoff or some other malware variant.

 

TweakTown image news/3/9/39893_01_backoff_malware_that_hit_target_could_impact_1_000_more_businesses.jpg

 

Seven POS service providers have found malware on their systems, as cybercriminals are interested in selling and purchasing customer personal information on the black market.

 

Target, Neiman Marcus, Supervalu, P.F. Chang's, UPS Store, and other retailers have been hit by data breaches, as the problem became prevalent following the Target breach. There has been a stronger call for U.S. banks and credit card companies to release new cards that have embedded microchips providing security that scrambles data during transactions.

Hacker takes down PSN, sends bomb threat for SOE presidents flight

There's one pissed off hacking group right now, which has not only taken down the PlayStation Network, but through Twitter, the group sent a bomb threat on an American Airlines flight that John Smedley was on. Smedly is the president of Sony Online Entertainment, and has confirmed he was indeed on the flight, and that it was diverted for security reasons.

 

TweakTown image news/3/9/39882_08_hacker_takes_down_psn_sends_bomb_threat_for_soe_presidents_flight.png

 

Smedley tweeted: "Something about security and our cargo". An American Airlines spokesperson confirmed that Flight 362 was diverted for security reasons, and that the FBI was investigating the threat. Before all of the bomb threat hoopla, the hacking group took to Twitter to tweet a threat to American Airlines' Twitter account. While the plane was in the air, the group tweeted an image showing the e-Ticket for Smedley's flight, a confirmation number, and then asking if Smedley and Sony were indeed on the flight.

 

During the flight itself, the hackers continued to tweet threats. American Airlines Flight 363 was diverted from its patch to San Diego, into Phoenix. There were some 179 passengers and six crew on-board, all safe.

Hackers able to compromise traffic lights in shockingly easy fashion

All hackers need to compromise traffic lights is a laptop and a radio connected to it, with researchers able to alter traffic lights from a vehicle.

 

TweakTown image news/3/9/39873_01_hackers_able_to_compromise_traffic_lights_in_shockingly_easy_fashion.jpg

 

The traffic light controllers often aren't encrypted and have default usernames and passwords that are posted online. The traffic light controllers are linked by an induction loop that is hidden underground, with cameras able to provide traffic light colors to the controller. It only takes a minimal amount of research before hackers are essentially given the blueprints.

 

"There's an assumption that these devices are secure," said Branden Ghena, University of Michigan computer science PhD student and study lead researcher. "We all just trust them so much. This is critical infrastructure. We were shocked that was going on."

Continue reading 'Hackers able to compromise traffic lights in shockingly easy fashion' (full post)

Kaspersky Lab outs "Machete" malware targeting Spanish speakers

The "Machete" cyberattack targeted Spanish speaking residents of Colombia, Ecuador and Venezuela, and the malware was recently noted by security firm Kaspersky Lab. The targeted attack campaign likely launched in 2010 and was improved in 2012, with the Machete operation still potentially active. The malware is sent as a RAR file attachment that includes a PowerPoint presentation, researchers noted.

 

TweakTown image news/3/9/39870_01_kaspersky_lab_outs_machete_malware_targeting_spanish_speakers.jpg

 

The malware can log keystrokes, capture geolocation data, capture screenshots, record audio from PC microphone, take photos via Web camera, and copy files to a remote server, among other similar cybercriminal activities.

 

There were 85 victims in Colombia, 282 victims in Ecuador, and 372 victims in Venezuela, though also found 45 victims in Russia and small numbers of victims in the United States and Europe. Much like other malware distribution, the criminals rely on social engineering to trick users to unknowingly install it on their machines.

Diaspora social networking site can't stop Islamic State messages

Social media service Diaspora, an open source, decentralized service consisting of individual nodes, utilizes thousands of private servers. Unfortunately, there isn't a way for the Diaspora project team to edit or remove content from a network node, and that's likely why IS chose it.

 

TweakTown image news/3/9/39860_01_diaspora_social_networking_site_can_t_stop_islamic_state_messages.jpg

 

After being booted from Twitter and other social networking sites, the Islamic State is looking for new alternatives. In an attempt to spread images, videos and published propaganda to shock the west and appeal to new recruits, IS wants to have a collection of social media accounts to use.

 

"As many of the members of the core team are pod administrators ourselves, we know it can be hard to detect such users," the Diaspora blog reads. "We rely on our community members to use the report function to alert their podmin to any post or comment they believe to be a cause for concern. However, because this is such a crucial issue, we have also accumulated a list of accounts related to IS fighters, which are spread over a large number of pods, and we are in the process of talking to the podmins of those pods."

Continue reading 'Diaspora social networking site can't stop Islamic State messages' (full post)

iMessage getting slammed by spammers, Apple facing criticism

Apple iMessage now accounts for more than 30 percent of all mobile spam messages sent to users, with cybercriminals easily able to send messages to a large number of users. To better combat spam messaging, Apple previously put in place iMessage rate-limiting, as hackers last year were able to send a large volume of messages with little resistance. However, it still remains a lucrative tool for cybercriminals to use for spam and phishing attacks, with the problem seemingly out of control.

 

TweakTown image news/3/9/39859_01_imessage_getting_slammed_by_spammers_apple_facing_criticism.jpg

 

To register for an iMessage account, a criminal simply needs a victim's linked email address - a mobile phone number isn't required. Security experts have seen message come from U.S. companies such as Microsoft's Hotmail to China's Yeah.net, indicating a large number of accounts have been created to send out spam.

 

Trying to report iMessage spam abuse is a tiresome, annoying process: users must email Apple, including a screenshot of the spam message, email address or phone number of sender, along with the date and time the message was sent by the spammer.

Universities struggle with cybersecurity efforts to keep data safe

U.S. universities face a bigger threat of security data breaches than the retail and healthcare sectors, according to a recent study published by BitSight. As the school year begins again, hackers are preparing to target universities once again, the report said.

 

TweakTown image news/3/9/39858_01_universities_struggle_with_cybersecurity_efforts_to_keep_data_safe.jpg

 

Using data based on major athletic conferences, including the Pacific-12, Big 10, Big 12, Southeastern Conference, Atlantic Coast Conference and Ivy League from July 2013 to June 2014, all divisions saw a drop in cybersecurity performance.

 

"From Social Security and credit card numbers to health records and intellectual property produced by research departments, colleges and universities house a vast amount of sensitive data," said Stephen Boyer, BitSight co-founder and CTO, in a statement to FierceCIO. "While not surprising given the unique challenges universities face securing open campus networks, it's concerning to see that they are rating so far below other industries that we've seen plagued by recent security problems."

Continue reading 'Universities struggle with cybersecurity efforts to keep data safe' (full post)

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases