TweakTown NewsRefine News by Category:
It appears the serial ports of automated tank gauges (ATGs) of almost 5,300 gas stations and fuel depots in the United States are vulnerable because they aren't password protected. ATGs are used to more accurately track fuel tank inventory levels, raise alarms, track fuel deliveries, and conduct leak tests - but people with access to the interfaces could cause problems, according to the Rapid7 Security Street blog.
It doesn't look like there have been any incidents of actual breaches, but shows the importance of password protecting connected technologies. ATGs can be accessed via serial port, plug-in serial port, TCP/IP circuit board, and fax/modem.
Rapid7 was made aware of the issue by Jack Chadowitz, founder of the Kachoolie security firm, and started investing ATG vulnerabilities since Jan. 9.
Despite previous reports claiming the Lizard Squad was hacked, which would be a public relations nightmare for the hacker group, it appears the list could have just been distributed. Members of the group were sharing the list with trusted contacts, plotting attacks against specific accounts that piqued their interest. Seems a trusted source received the list and decided to publicly release it, according to an unnamed Lizard Squad member.
"We've got a fairly good idea who handed it over to Krebs & co. though," a supposed Lizard Squad spokesman told Forbes. "I didn't look into it much but from what I heard there were some pretty well known Twitter users in there for example and gamers. There were some interesting people who signed up... and considering most users were stupid enough to reuse their passwords..."
The Lizard Squad still seems mainly interested in attacking gaming-related services and servers, and while several members have been arrested, continue to pose a threat.
Thirty-two percent of users who share an Internet-enabled device, such as smartphones or tablets, with relatives, colleagues or friends don't take precautions to protect their information, according to a survey from Kaspersky Lab and B2B International.
Many people use PCs, smartphones, tablets and other devices with at least one other person, with one in three users saying they share devices - but don't have proper security protocols in place while sharing technology.
"Sharing a computer or smartphone increases the risk of malware infection, data loss or account theft, so it is important to take precautions," said Elena Kharchenko, Head of Consumer Product Management at Kaspersky Lab. "Always keep backup compies of important files; delete information that should not fall into the wrong hands, especially by disabling form autofill; try to control user access rights on the device - and most importantly - use programs that provide protection against cyber threats."
Attention on cyberattacks typically tends to focus on data breaches, but nonprofit groups likely face a higher risk of ransomware attacks. These types of attacks typically begin with a phishing attempt that gets an employee to unknowingly install custom malware designed to encrypt files - and hold critical data for ransom, or the files will be left permanently compromised.
As nonprofits are adjusting efforts to reach fundraising goals, people donating to these groups expect a certain level of security while contributing money - and a ransomware attack can be extremely detrimental.
"In 2015, the number of unique cybersecurity threats has surpassed the 300 million mark, growing at a steady rate of almost 40,000 new threats a day," said Catalin Cosoi, global security strategist of Bitdefender. "But it's not only the sheer number of malware that poses an immediate risk to nonprofits across the United States. Some of these viruses now specialize in extorting businesses by encrypting data and then asking for money in return... for the decryption key."
High-profile cyberattacks and data breaches in 2014 indicated the serious need for improved security efforts, but 2015 could be even worse, noted Cisco CEO John Chambers. Data breaches sometimes take months to detect, and improving security remains a difficult process that causes headaches for business leaders and IT staff.
Of specific concern is the growing number of connected devices now access the Internet, with cybercriminals interested in exploiting these products.
"There is no data center or network in the world that hasn't been hacked," said Chambers, speaking to CNBC during the World Economic Forum. "If you watched the number of attacks, they're going up exponentially this year, this year's going to be much worse than last year."
Sony will delay releasing its third quarter earnings report because of Sony Pictures continuing to struggle with repair of its crippled computer systems. Company officials want to release Sony's earnings report on March 31, and have asked regulators for additional time to get its IT situation sorted.
It will take until early February until SPE systems are fully restored and operational because of the "amount of destruction and disruption that occurred, and the care necessary to avoid further damage by prematurely restarting functions," according to Sony.
Despite The Interview bringing it close to $50 million from the box office, online rentals and sales, it has been a constant headache for the film studio. During CES, Sony CEO Kazuo Hirai said current and former employees suffered "one of the most vicious and malicious" cyberattacks to target a company - and applauded them for their continued resolve.
Companies suffered relentless cyberattacks and data breaches in 2014, and that trend is expected to continue in 2015. Business leaders need to streamline their efforts to improve cybersecurity protocols to prevent outside breaches, along with defending accidental and intentional insider threats posed by employees.
"Because of the multitude and sophistication of both internal and external attack vectors, cybersecurity is perhaps the most daunting operational challenge facing organizations today," said JF Roy, CTO of TIBCO LogLogic, in a statement to TweakTown.
As companies and government departments scramble to fix potential security problems, they are throwing money at the problem - but that can be a futile effort if they don't understand why these incidents occurred in the past.
Barrett Brown, a writer and activist linked to the Anonymous hacker group, has been sentenced to five years in prison for sharing stolen data and threatening an FBI agent. Brown pleaded guilty to obstructing the execution of a search warrant, accessory to an unauthorized access of a protected computer and making Internet threats.
Brown's tweets and posted YouTube videos helped generate unwanted attention by federal investigators, and the 33-year-old was blamed for sharing data stolen from the Stratfor private defense contractor. He originally could have faced more than 100 years if convicted - and after time served in custody already - must serve three more years.
"If I criticize the government for breaking the law, but then break the law myself in an effort to reveal their wrongdoing, I should expect to be punished just as I've called for the criminals at government-linked firms to be punished," Brown said before he was sentenced. "When we start fighting crime by any means necessary, we become guilty of the same hypocrisy as law enforcement agencies throughout the history that break the rules to get the villains, and so become villains themselves."
Police in Israel have reportedly arrested a hacker accused of stealing unfinished songs from Madonna's latest album. Adi Lederman, a 38-year-old Israeli, will face charges related to intellectual property theft and aggravated fraud, and has allegedly stolen and sold other music online.
Madonna's album "Rebel Heart" is scheduled for release in March, but songs were leaked online in December. Not surprisingly, the musician asked fans not to listen to the stolen songs, pleading to music fans that the song theft was the equivalent of a personal and professional violation.
"I am profoundly grateful to the FBI, the Israeli Police investigators and anyone else who helped lead to the arrest of this hacker," Madonna wrote on her Facebook page. "I deeply appreciate my fans who have provided us with pertinent information and continue to do so regarding leaks of my music. Like any citizen, I have the right to privacy. This invasion into my life - creatively, professionally, and personally remains a deeply devastating and hurtful experience, as it must be for all artists who are victims of this type of crime."
A whopping 93 percent of organizations are vulnerable to insider threats, and the problem continues to be confusing for business leaders, according to Vormetric's "2015 Insider Threat Report." The threat report also discovered 59 percent of respondents believe privileged users pose the biggest threat to their organization, and preventing a data breach is a major priority for IT security spending.
Trying to keep companies secure from insider threat - both accidental and malicious - is a problem that only seems to be getting worse, as companies are unsure how to address evolving security problems. As such, experts are concerned the number of massive data breaches, which captured headlines in 2014, will continue in 2015 while companies remain flustered.
"As the past year demonstrates, these threats are real and need to be addressed," said Alan Kessler, CEO of Vormetric. "Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92 percent of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money."