TweakTown NewsRefine News by Category:
Trying to directly attack banks and other financial institutions is increasingly difficult, so cybercriminals are finding new ways to cause mayhem.
A popular new method is victimizing the Starbucks mobile payment app and gift cards, as they are able to steal pre-loaded amounts off cards - and then use the auto-reload function to get to victims' debit and credit card accounts.
Hackers are always on the lookout for new vulnerabilities and loopholes that allow them to steal funds from companies and victims. "Fraud is moving away from banks into big e-commerce companies," said Avivah Litan, security analyst at Gartner, in a statement published by NBC News. "Criminals are learning how to turn rewards programs, points and prepaid cards into cash."
An international coalition and ground troops are giving ISIS fits in Iraq and Syria, but the terror group is still finding success online. Using a blend of social media and the Dark Web, the group is able to spread propaganda, recruit new members, and communicate with one another - but the Pentagon is working harder to interrupt ISIS's digital efforts.
For example, DARPA hopes its MEMEX technology, which has the ability to serve as a unique search engine, is able to track down Dark Web sites.
"Everything above the water is what we would call the surface web that can be indexed through Google or you can find through a search engine," said Lillian Ablon, researcher at Rand, in a statement published by CNN. "But below the water that huge iceberg up to 80% times bigger than what's above the water, that's the deep web, that's the part of the web that's not indexed. There is so much of the web that we can't just Google for; it's dark to us, it's dark to Google."
A new form of ransomware infecting users in Australia has been discovered by Symantec, with the "Los Pollos Hermanos" malware encrypting documents, images, videos, and other files on compromised PCs.
The Trojan.Cryptolocker.S demands a payment of almost $800 for the encrypted files to be decrypted, with malware authors pulling information from Breaking Bad protagonist Walter White. Much like other ransomware attacks, it appears social engineering is responsible for infecting users, with a malicious zip file that appears to be from a delivery courier.
"Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules," Symantec noted in a blog post. "This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware."
The healthcare industry is embracing technology, but isn't properly prepared to keep employee and patient data secure from hackers, according to a report from the Ponemon Institute. Ninety-one percent of healthcare companies that participated in the survey reported at least one data breach in the past two years, according to the "2015 Study on Privacy and Security of Healthcare Data" report.
Not surprisingly, the healthcare industry is paying more than $6 billion per year related to data breaches and associated cybersecurity incidents. Companies must do more to improve their cybersecurity protocols, and should be proactive in discussing any problems with their customers.
"Organizations in the healthcare space are not playing their 'A game' in terms of security and data protection," said Larry Ponemon, founder and CE of the Ponemon Institute, in a statement. "There are some exceptions, but generally speaking, healthcare providers either lack the resources, staff or the technical innovations to meet the changing cyber-threat environment."
The 2nd US Circuit Court of Appeals in Manhattan has asked Congress to find a middle ground between national security and citizens' privacy, after saying the National Security Agency's phone surveillance program went too far.
The court's ruling will put added pressure on Congress to either scrap the program entirely, or make major changes. Using the Patriot Act as a front for its massive data collection, the NSA reportedly collected information on almost every call made in the United States - with data entered into a national database. It remained secret until former NSA contractor Edward Snowden unveiled the illegal phone data sweeps.
"In light of the asserted national security interests at stake, we deem it prudent to pause to allow an opportunity for debate in Congress that may (or may not) profoundly alter the legal landscape," said Judge Gerard E. Lynch, as he announced the decision.
Lenovo, the No. 1 PC manufacturer based on units sold, is being accused of a "massive security risk" that allows hackers to utilize a man-in-the-middle attack to download malware onto victims' systems. Security researchers at IOActive say the vulnerability allows hackers to download malware or hijack the systems themselves.
The flaw takes aim at ThinkPad, ThinkStation and ThinkCenter products, and B, E, K, and V-series models. Lenovo was first alerted to the issue in February, and was given time to release a patch - which was made available last month - before IOActive shared the news publicly.
"An attacker can create a fake [certificate authority] and use it to create a code-signing certificate, which can then be used to sign executables," according to the advisory. "Since the System Update failed to properly validate the certificate authority, the System Update will accept the executables signed by the fake certificate and execute them as a privileged user."
Yahoo Labs has introduced Bodyprint, a new biometrics technology that could one day allow users to unlock a smartphone using a scan of their ear instead of a fingerprint or password.
In addition to scanning a user's ear, Bodyprint was able to identify fingers, palms, knuckles and fists, so devices could be locked and unlocked. Even though touchscreen input resolution is fairly low, using the surface area of the screen allows body parts to be accurately matched 99.98 percent of the time.
The use of biometric fingerprint scanners designed to authenticate users can be found in higher-end smartphones, but the technology is still relatively expensive - due to a high-end sensor and required resolution to make them function well.
Hunter Moore, the "king of revenge porn," hired Charlie Evens when he was 23-years-old to hack into women's social media and email accounts. Evens sold images and videos for Moore's website, IsAnybodyUp.com, making between $500 and $1,000+ a week for his services.
It wasn't anything personal against the women that made their way to IsAnyoneUp, as Evens was fresh out of rehab and needed money to fund partying: "It was enough. I mean, not that anything is enough, but it's just scary how quickly I would drop my morals for so little. How much those women were worth, it was like $500 a week, $1,000 a week. It was just pay. I mean it was really just my habit. Like I needed to drink... I know nobody wants to hear that, but it was a really shitty time for me," Evens told CNN.
Evens also discussed how hacking victims was "a little maneuvering and manipulating... lying and using people" to breach their email or social media. His crimes led him to be indicted by the FBI for conspiracy, unauthorized access to a protected computer, and aggravated identity theft. The former hacker says he still battles with how he can apologize to the countless people whose private information was posted online without their permission.
During a siege against the White House's unclassified computer system, Russian hackers read through some of President Obama's emails, according to US officials.
Even though Obama's BlackBerry and iPad weren't breached in the incident reportedly linked back to Russia, the hackers were able to read emails sent and received by the president. Exact information related to what the emails contained is unknown, and no classified data was accessed or collected.
Sensitive information actually was stored on the unclassified system that cybercriminals gained access to, and details regarding the breach are more alarming than previously reported. It's not uncommon for unclassified networks to contain political email exchanges between government officials and foreign diplomats, legislation discussion, policy debate, and schedules.
Even though mobile malware targeting the Google Android operating system is increasing, actual infection rates are still relatively low, according to cybersecurity experts. Unfortunately, it looks like almost 1 out of every 5 Android apps were "malware in disguise," according to the newest Symantec Internet Security Threat Report.
Over one-third of all Android apps are "madware," or "grayware," designed to increase the number of ads that a mobile user sees. In addition, Symantec noted the first infection by mobile ransomware, which encrypts data on a victim's phone until a ransom is paid.
Android, the No. 1 mobile OS based on market share, has an open infrastructure that makes it even more flexible to use by each phone manufacturer - but also gives cybercriminals the ability to create better malicious apps.