TweakTown
Tech content trusted by users in North America and around the world
5,931 Reviews & Articles | 38,206 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 21

Apple claims that iCloud was not compromised in Australia

Yesterday we talked a bit about the hacks that had happened in Australia where nefarious user/users were locking iOS devices using iCloud and holding the devices ransom for $100. Apple has now issued a statement about iCloud and the hacks and has said in short that iCloud wasn't compromised.

 

TweakTown image news/3/8/38033_1_apple_claims_that_icloud_was_not_compromised_in_australia.jpg

 

Apple said in a statement, "Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

Continue reading 'Apple claims that iCloud was not compromised in Australia' (full post)

Spotify suffers cyberattack, update looming for Android users

Online music service Spotify is quickly preparing to launch an update for Google Android users, following confirmation of an internal company breach. Users will have to select new passwords and should expect to update their Android Spotify accounts - and Apple iPhone or Microsoft Windows devices likely won't need to be changed.

 

TweakTown image news/3/8/38021_01_spotify_suffers_cyberattack_update_looming_for_android_users.jpg

 

To date, Spotify only found one user's data has been accessed, with no password, financial or payment information breached.

 

Here is what Oskar Stal, Spotify CTO said in a blog post: "We've become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we're taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I'm posting today.

U.S. spies targeting Chinese politicians, businesses, and mobile users

The United States government has routinely targeted Chinese government officials and business leaders for some time now, according to the China Internet Media Research Center. The report also blames the U.S. for breaking international law and violating basic human rights, with lawmakers in Washington, D.C. and Beijing blaming one another for growing cyberespionage tensions.

 

TweakTown image news/3/8/38020_01_u_s_spies_targeting_chinese_politicians_businesses_and_mobile_users.jpg

 

"As a superpower, the United States takes advantage of its political, economic, military and technological hegemony to unscrupulously monitor other countries, including its allies," according to the report. "The United States' spying operations have gone far beyond the legal rationale of 'anti-terrorism' and have exposed its ugly face of pursuing self-interest in complete disregard of moral integrity."

 

It has been a rather chaotic relationship between the United States and China, with both countries lobbing cyberespionage accusations at one another. China is the leading source of cyberattacks, though government officials noted they are increasing their cybersecurity protocols to also defend themselves.

Avast support forum hacked, usernames and passwords stolen in breach

Security firm Avast recently suffered a data breach in which its community support forum was hacked, with usernames, email addresses and scrambled passwords of 400,000 forum users now at risk. Avast took the forum offline, and the company will make it mandatory for all returning visitors to immediately reset their passwords.

 

TweakTown image news/3/8/38019_01_avast_support_forum_hacked_usernames_and_passwords_stolen_in_breach.jpg

 

It's unknown how the initial breach occurred, though no payment information was stolen - and confirmed it appears to be an isolated incident involving a third-party system.

 

Here is what the company said in a blog post: "We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately."

Continue reading 'Avast support forum hacked, usernames and passwords stolen in breach' (full post)

Humana customers at risk, data breach of Unencrypted USB drive

Healthcare provider Humana was recently compromised and up to 3,000 members are at risk following the theft of an encrypted laptop and unencrypted USB flash drive. The company is now informing Atlanta-area customers of the data breach, while providing free credit monitoring to everyone hit by the theft.

 

TweakTown image news/3/8/38018_01_humana_customers_at_risk_data_breach_of_unencrypted_usb_drive.jpg

 

The laptop and flash drive were stolen from a Humana associate's vehicle, and names, medical records and Social Security numbers are at risk. Despite the breach, Humana "has no reason to believe that the information has been used inappropriately," though will continue to monitor the situation.

 

It's an unfortunate incident, as company data is often stolen from vehicles or homes of employees - and theft of data stored on an unencrypted flash drives also tends to happen frequently - as companies need to be more diligent in how they try to keep data secure.

'Zberp' malware effectively targeting 450 financial institutions

Cybercriminals utilized code from the infamous Zeus and Carberp pieces of malware software to create the next-generation Zberp threat now targeting customers from 450 international financial institutions, according to researchers from Trusteer.

 

TweakTown image news/3/8/38016_01_zberp_malware_effectively_targeting_450_financial_institutions.jpg

 

Zberp is able to track IP addresses and names from infected PCs, capture screen shots and upload them, steal POP3 and FTP credentials, hijack browsing sessions, compromise SSL certificates, and conduct remote desktop connections. Cybercriminals were clever and ensured the registry key would be deleted and rewritten so Zberp is difficult to detect with traditional anti-virus software.

 

"Since the source code of the Carberp Trojan was leaked to the public, we had a theory that it won't take cybercriminals too long to combine the Carberp source code with the Zeus code and create an evil monster," said Trusteer officials in a blog post. "It was only a theory, but a few weeks ago we found samples of the 'Andromeda' botnet that were downloading the hybrid beast."

LulzSec hacker-turned-informant Sabu could get reduced sentence

Infamous former skipper of LulzSec's LulzBoat - Sabu - could escape harsh sentencing for his time spent at the hacktivist group thanks to his "extremely valuable and productive" cooperation with the government.

 

TweakTown image news/3/8/38010_01_lulzsec_hacker_turned_informant_sabu_could_get_reduced_sentence.jpg

 

Originally faced with up to 317 months imprisonment, Wired has seen documents from the US Probation Office that show prosecutors are considering a reduced sentence "without regard to the otherwise applicable mandatory minimum" for the case.

 

LulzSec made waves around the web and the world with their brand of irreverent, belligerent hacktivism. But it later emerged that Hector Xavier Monsegur, AKA "Sabu", was turned by the authorities and became an active informant - leading to the arrest of affiliates such as Jeremy Hammond, who was who was recently sentenced to 10 years in prison.

 

The full documents detail the extent of Monsegur's cooperation, which lasted for a number of years. He awaits sentencing 27 May.

eBay didn't originally think user data was compromised in breach

After a major data breach that led eBay to recommend users to update their passwords, company officials didn't think customer data was at risk. However, after customer data was involved, the company moved "swiftly" to ensure customers were secure - though eBay officials also didn't disclose when the breach occurred.

 

TweakTown image news/3/7/37986_01_ebay_didn_t_originally_think_user_data_was_compromised_in_breach.jpg

 

"For a very long period of time we did not believe that there was any eBay customer data compromised," said Devin Wenig, eBay global marketplace chief, following news of the breach. "We want to make sure it doesn't happen again so we're going to continue to look (at) our procedures, harden our operational environment and add levels of security where it's appropriate."

 

The data breach has led to multiple investigations, with additional states and countries likely to follow suit, as the No. 1 auction site tries to move forward. The data breach happened after cybercriminals were able to use corporate employee credentials to track down customer data.

Chinese hackers might be banned from attending Def Con

The U.S. federal government might not allow hackers visiting from China into the country to visit the Def Con and Black Hat hacker events, as concerns grow regarding cyberattacks from Chinese sources. The growing political game between both countries has focused on organized cyberattacks - which both sides organize and launch against one another - as cybersecurity becomes even more important.

 

TweakTown image news/3/7/37959_01_chinese_hackers_might_be_banned_from_attending_def_con.jpg

 

The idea of trying to ban Chinese citizens from either hacker event hasn't gone over well among event organizers and supporters. The official Def Con website offered this tweet:

 

 

The government has charged five Chinese Army officers with cyberespionage charges, and there is concern of future attacks. U.S. lawmakers are trying to determine how to try to punish China if its organized cyberattacks don't halt - and that seems unlikely to stop anytime soon.

Learning experience following the major eBay breach

After eBay recommended its 145 million users change their passwords, it has become evident: eBay will need to work to recover from what can snowball into a major public relations disaster. The popular auction website has been criticized for being slow to identify the data breach and inform users, months after the initial intrusion took place in February and March.

 

TweakTown image news/3/7/37924_01_learning_experience_following_the_major_ebay_breach.jpg

 

"Clear, concise, timely, and regular communications to those impacted by a breach is one of the key critical factors in successfully managing a security incident and in turn rebuilding customers' trust in you," said Brian Honan, CEO of BH consulting, which is a special adviser to Europol. "Something, I'm afraid eBay have failed to do so far."

 

In addition to multiple investigations into the breach, as Target is learning the hard way, eBay's reputation will take a hit among its users. Additional U.S. states and other countries could begin to investigate the breach, with announcements likely in the next few weeks.

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases