TweakTown
Tech content trusted by users in North America and around the world
5,931 Reviews & Articles | 38,203 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 2

Point-of-sale security efforts lackluster as threats increase

Small businesses and local mom-and-pop stores are familiar with cybersecurity risks they face, but major retailers and corporations also suffer from difficult point-of-sale (POS) systems struggling with security problems. Botnets made of thousands of compromised PCs are trying to launch brute-force attacks against POS with lackluster security in place.

 

TweakTown image news/3/9/39259_01_point_of_sale_security_efforts_lackluster_as_threats_increase.jpg

 

"Point of sale architecture and security is such a niche industry in terms of how to secure these systems and how card data flows," said Lucas Zaichowsky, AccessData enterprise defense architect, said. "It's like a big black box; those who know it well are few and far between. Even PCI auditors don't understand it all that well."

 

Zaichowsky will speak during the Black Hat USA 2014 in early August, hoping to spur interest in helping POS dealers build better defense of POS technologies. Cybercriminals rely on exposing older versions of VNC, PCAnywhere and other remote management clients, able to brute-force their way into networks.

The fight to keep consumers safe online is important and difficult

The lure of easy pickings in online cybercrime has drawn many criminals to the Internet, where they look to compromise users, steal debit and credit card information along with other personal data. The use of social engineering to manipulate victims remains popular, but many Internet users provide information to criminals too easily.

 

TweakTown image news/3/9/39253_01_the_fight_to_keep_consumers_safe_online_is_important_and_difficult.jpg

 

The basic tips apply: don't provide personal information when you don't have to, such Social Security numbers; always monitor bank accounts; avoid clicking links in unsolicited emails, or other suspicious messages; and choosing a secure password are important.

 

"Con artists are going online to steal your hard-earned money," said Bob Gallo, AARP Illinois State Director, in a press statement. "Common sense should tell us that if it sounds too good to be true, chances are it is. But AARP's nationwide Fraud Watch Network can also help you beat con artists at their own game and get critical information to fight back and protect your money."

Continue reading 'The fight to keep consumers safe online is important and difficult' (full post)

Nigerian cybercriminals evolving their attack methods to hijack users

Cybercriminals in Nigeria are continually evolving their attack strategies, and have created next-generation malware able to compromise businesses and organizations that they previously ignored. The old school "419" phishing tactics once infamously deployed by Nigerian spammers still occurs, but the criminals want to steal data from a larger number of victims using better designed strategies.

 

TweakTown image news/3/9/39249_01_nigerian_cybercriminals_evolving_their_attack_methods_to_hijack_users.jpg

 

Utilizing Remote Administration Tools (RATs) from online hacker forums, Nigerian cybercriminals aim for full control of compromised systems. Silver Spaniel is able to circumvent legacy firewalls and typical anti-virus and anti-malware software because it has been modified to ensure it can evade them efficiently.

 

"These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another," said Ryan Olson, Palo Alto Networks Unit 42 Intelligence Director, in a statement. "The actors don't show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets."

Cyberwar building between warring factions in Iraq as tensions build

The continued political unrest in Iraq has led to armed conflict, but has led to a rise in something a bit more surprising: a cyberwar that has used social media and coordinated malware and other cyberattacks against rival political factions.

 

TweakTown image news/3/9/39245_01_cyberwar_building_between_warring_factions_in_iraq_as_tensions_build.jpg

 

The use of the "Njrat" malware, to compromise PCs and create a rudimentary botnet, has drawn interest among cybersecurity experts - and other similar tactics are being deployed. The criminals are interested in stealing data and using hijacked microphones and cameras to see what is happening in select regions.

 

"The key parties are local groups within Iraq using malware for targeted intelligence on each other," said Andrew Komarov, Intel Crawler chief of security, in a statement. "It is very hard to confirm who is the author, as some of the malware is used from public sources, but it is very visible that it is used within Iraq, and not outside against foreign countries, which may explain the beginning of internal local cyberwar."

Continue reading 'Cyberwar building between warring factions in Iraq as tensions build' (full post)

Goodwill reportedly investigating credit card data breach

Nonprofit organization Goodwill Industries reportedly suffered a data breach and customer credit card data is at risk. The company was first contacted last Friday by federal authorities, informing them of the potential data theft affecting American stores.

 

TweakTown image news/3/9/39244_01_goodwill_reportedly_investigating_credit_card_data_breach.jpg

 

It's unknown how many stores have been impacted, but fraud details have been tracked to a pattern that hit at least 21 states, including California, Colorado, Pennsylvania, Texas, Washington, Wisconsin and others spread across the country. Goodwill is investigating with a newly created "response team":

 

"We are proactively engaged with the payment card industry contacts, the Secret Service and all Goodwill headquarters to identify what problem, if any, exists so that we can take prompt and appropriate actions as well as communicate appropriately to any affected parties."

Continue reading 'Goodwill reportedly investigating credit card data breach' (full post)

Cybersecurity needs a better computing infrastructure, expert says

Cyberattacks are increasingly difficult to detect and defend against, with foreign state-sponsored hackers sometimes able to compromise large amounts of data. Both businesses and customers struggle following data breaches, and the direct cost of cybercrime negatively hurts everyone, security specialists continue to warn.

 

TweakTown image news/3/9/39227_01_cybersecurity_needs_a_better_computing_infrastructure_expert_says.jpg

 

Heartbleed gained attention because of the threat it posed to casual consumers, but these issues remain a significant problem for businesses and security leaders.

 

"I think that these kinds of issues are really symptoms of a bigger problem," said Richard Ford, head of Florida Institute of Technology's Department of Computer Science and Cybersecurity, in a press statement. "Our entire computing infrastructure - and that includes embedded devices and control systems - is highly vulnerable to attackers. We have built a very complex ecosystem around us, and it is both critical to the smooth functioning of our lives and very fragile. I worry not about a cybercriminal, but an attacker who simply wants to destroy."

Continue reading 'Cybersecurity needs a better computing infrastructure, expert says' (full post)

Pair running Apple-themed phishing scams conducted other criminal acts

The man and woman involved in an Apple-themed phishing scheme, in which they sent emails that looked like Apple warning of security issues, were sentenced to a combined 14 years in prison. Both Radu Savoae, 28, and Constanta Agrigoroaie, 23, plead guilty to six counts of possessing fraudulent ID cards, equipment to make fake bank and ID cards, and conspiracy to commit fraud.

 

TweakTown image news/3/9/39219_01_pair_running_apple_themed_phishing_scams_conducted_other_criminal_acts.jpg

 

In addition to the phishing operation, police authorities found cloned credit cards and fake Spanish and Romanian identification cards in their apartment. A spreadsheet found on the pair's computer also listed out fraudulent transactions for flights, vehicle insurance and other data given to to local pickpockets operating in the area.

 

For every major cybercriminal yanked off the streets, federal and local law enforcement struggle to keep up. Unfortunately, it usually takes a large amount of victims before banks and authorities catch on and launch investigations.

Anonymous victimizes Kenya Defense Ministry's Twitter account

The Anonymous hacker group reportedly hacked the official Kenya Defense Ministry Twitter account that is used to share information about the military's operations. The breach is now being investigated by Kenyan military technicians, and no internal military systems were compromised by the breach. Anonymous supporters have targeted Kenya, Zimbabwe and Twitter accounts used by other African governments.

 

TweakTown image news/3/9/39218_01_anonymous_victimizes_kenya_defense_ministry_s_twitter_account.jpg

 

In a tweet posted to the KDF website today: "Account hacked Again by @anon_0x03 and Anonymous Kenya F**K YOU ARMY!"

 

The @kdfinfo account was hacked by @Anon_0x03, with Kenya political actions mocked and criticized, including the following topics: animal poaching, ivory trafficking, corruption, drugs, and continued tribalism. Anonymous has taken offense to Kenya President Uhuru Kenyatta, claiming he's only interested in defending the rich - and not doing enough to keep regular civilians safe and secure.

AskMen website hacked twice in the past month, sending malicious code

For the second time in the past month, AskMen.com was compromised, with malicious code injected on the company's server sending out attacks. AskMen is reportedly looking into the security issue after being contacted by security software company Malwarebytes.

 

TweakTown image news/3/9/39211_01_askmen_website_hacked_twice_in_the_past_month_sending_malicious_code.jpg

 

In the previous attack, visitors were being targeted by malicious code courtesy of the Nuclear Pack exploit kit, Websense researchers discovered. The attack started by redirecting users to another website, and then a Java exploit (CVE-2013-2465) and Adobe PDF exploit would be installed.

 

The second attack discovered by Malwarebytes runs using the same idea - a JavaScript iframe is created to redirect users to a malicious website. The new website serves as a landing page for the same Nuclear Pack exploit kit, with the payload dropped and executed on unsuspecting users. The Malwarebytes Anti-Malware software flags the software as "Trojan.Kelihos," the company said.

Criminals using Malaysia Airlines MH17 to compromise users with spam

Cybercriminals are capitalizing on media attention of the Malaysia Airlines MH17, with a constant barrage of tweets, Facebook status updates, and emails promising additional information about the crash. Most recently, a reported "video" of the Malaysia Airlines crash posted on Facebook actually links to a pornographic website - and other similar spam efforts are likely on the way.

 

TweakTown image news/3/9/39213_01_criminals_using_malaysia_airlines_mh17_to_compromise_users_with_spam.jpg

 

"When a disaster like this happens it's a great opportunity for all sorts of scammers," said Ken Gamble, Australian chapter chairman of the International Association of Cybercrime Prevention, in a statement to the media. "It's a great opportunity to prey on people's vulnerabilities and emotion is the greatest one."

 

Cybercriminals typically launch spam attacks following major international incidents - and it's becoming easier - as news is so frequently shared via email and social media. As emotions run high, criminals want to compromise users as they try to learn more about the incident and share details with friends online.

Continue reading 'Criminals using Malaysia Airlines MH17 to compromise users with spam' (full post)

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases