TweakTown NewsRefine News by Category:
ThreatTrack Security recently released ThreatAnalyzer 5.1, the company's latest version of a dynamic malware analysis solution aimed for the enterprise. The new tool allows security teams to detect and remove malicious code, along with learning how malware runs on their networks.
Users are able to recrate their 32-bit and 64-bit environments, including virtual machines, with custom malware determination rules and integrated threat intelligence.
"Uncertainty is one of the biggest challenges to enterprise cybersecurity, and it is paralyzing incident response teams," said Julian Waits, ThreatTrack Security President and CEO, in a statement. "Enterprises know they are under attack from breaches caused by advanced malware, but most lack the tools necessary to identify advanced threats and accurately quantify their exposure to those risks."
Allen Lockser, 21, faces 11 felony computer fraud charges after allegedly accessing student accounts, though didn't compromise any personal information. However, he reportedly submitted quizzes and deleted submitted homework assignments from the school network, first gaining access by trying random passwords until he was successful.
Lockser is accused of hacking into 20 student accounts on Canvas, the Pasco-Hernando State College online portal, which is used for submitting homework assignments and assessments. He was easy to track because he used the static IP address at his home, so sheriff's deputies were able to quickly identify him.
The school boosted security and students must now use passwords with a combination of letters, numbers and special characters. In addition to criminal charges, Lockser will also face a school disciplinary inquiry. After being arrested for his charges, Lockser was booked and later released on $1,100 bail.
The BBC has had to apologize to its mobile app users following a weird push notification sent from its news app full of nosequiturs.
Twitter users wondered if the BBC had its security compromised when the app said: "NYPD Twitter campaign 'backfires' after hashtag hijacked. Push sucks! Pull blows! BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIIII like testing."
The broadcasting house insisted that its security had not, in fact, been breached - and that the notification was down to good old fashioned human error. "We apologize to our app users who were unnecessarily interrupted with the alert," a BBC spokesperson said. "We've been in the process of testing new functionality for our apps and a test message was sent in error."
The State of Montana's Department of Public Health and Human Services was hacked and cybercriminals compromised up to 1.3 million records. State officials confirmed the problem and said the department has informed customers, warning Social Security numbers and other personal information might be at risk.
In addition to customer Social Security numbers, hackers breached patient names, birth dates, bank account numbers, medical diagnosis, prescriptions, dates of service, and treatments given.
"We have absolutely no indication the criminals who illegally entered the server had any interest in the data they accessed in any way, shape or form, and we have no reports of people's identities being stolen," said Richard Opper, department director, in a statement.
The Pony Loader malware has been updated to v2.0 and has nasty new tricks to help compromise users and steal bitcoins. The updated version is able to compromise a large group of different cryptocurrency wallets, including Litecoin, Namecoin, Terracoin, Goldcoin, Junkcoin, and Anoncoin.
To counter this new malware threat, it's recommend users update to the newest bitcoin client, which gives users a way to encrypt private keys with passphrases.
"Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky," said Isaac Palmer, Damballa malware reserve engineer, in a blog post.
Cybercriminals are finding new methods to compromise energy companies and other critical industries with custom malware, exploiting legitimate apps. Instead of trying to hack the company directly, hackers are finding success in hacking software providers to hack vendors, according to security firm F-Secure.
The "Havex" malware previously hit the energy sector, and is now being used to target companies in Europe. An industrial machine producer and two educational organizations in France, with companies in Germany also hit.
"During the spring of 2014, we noticed that Havex took a specific interest in Industrial Control Systems (ICS) and the group behind uses an innovative Trojan horse approach to compromise victims," said F-Secure in a blog post. "The attackers have Trojanized software available for download from ICS/SCADA manufacturer websites in an attempt to infect the computers where the software is installed to."
PayPal's security procedures have been described as 'shoddy,' with the possibility of bypassing the company's two-factor authentication, according to security firm Duo Security. PayPal has created a workaround in place to reduce vulnerability, and a permanent fix is currently being developed.
Exploiting a flaw in the two-factor authentication (2FA) mechanism, but at least one person used flight mode to turn off connectivity immediately after logging into PayPal.
"The vulnerability lies primarily in the authentication flow for PayPal's API web services," according to the Duo Security blog post. "In particular, api.paypal.com, a REST-ful API which uses OAuth for authentication/authorization, does not directly enforce two-factor authentication requirements server-side when authenticating a user."
California Senate Bill 962, aimed at forcing smartphone manufacturers to include mandatory kill switches on smartphones, has passed the California Assembly committee. Apple, Google, Microsoft, Verizon Wireless and AT&T say they are okay with the law, after showing initial distrust of mandatory kill switches.
Last month, the California Senate passed the smartphone kill switch bill on its second try, with lawmakers saying police across the state are seeing smartphone thefts plaguing communities. San Francisco District Attorney George Gascon and Oakland Mayor Jean Quan applaud anti-theft smartphone technology, especially with smartphone-related crimes staggering high in San Francisco and Oakland, respectively.
"The only way to stop the victimization of innocent cell phone customers is to enable theft-deterrent technology on nearly every new smartphone sold in California, which this legislation will do," said Sen. Mark Leno, (D-San Francisco), the sponsor of the bill
Mobile gamers interested in playing Flappy Bird should be extremely careful, because most versions of the game circulating shipped with some type of malware. A whopping four out of every five Flappy Bird clone apps come with malware, and that shouldn't be a surprise, with the game pulled while still in such high demand.
The developer behind Flappy Bird, Dong Nguyen, removed his hugely popular game from app stores in February, concerned that it was causing addition. However, the game was so popular that it didn't take long before clones began hitting the Internet, and download rates of the knock-off versions picked up.
Some malware is responsible for texting premium services, while others intercept messages and phone calls, and others focus on targeting payment information.
Police departments in the United States are being targeted by cyberattacks compromising users and demanding ransom in exchange for control of PCs and files. It's a significant problem when emergency responders are unable to access databases and records due to someone carelessly clicking something in their email.
Recently, the Collinsville Police Department in Alabama was hit, triggered by someone in the police department opening a suspicious email attachment, that immediately hurt police activities. They were unable to access mug shot files, time sheets, and vehicle maintenance records - and the department's computer backups failed, and they might have to start over from scratch.
A police department in Massachusetts was compromised and chose to pay the $750 ransom, which is something federal investigators don't encourage. The files might be decrypted and returned, but likely don't end up returning the same way they were before being compromised.