TweakTown NewsRefine News by Category:
A recent flaw has been discovered in multiple Netgear router models, reportedly allowing hackers to bypass administrator authentication and gain full access to the device as found by Network engineer, Peter Adkins.
Adkins discovered that routers in the popular Netgear 'WNDR' range are running a Simple Object Access Protocol (SOAP) service as part of the Netgear Genie device administration application. Seemingly secure, he was able to bypass filtering and authentication for the SOAP service over a Wi-Fi connection without much effort.
Once the connection had been established, Adkins was able to extract the admin password, Wi-Fi interface credentials, station identifiers, the device serial number and even information on connected clients. He then notified Netgear of this security issue, however was met with a response which included "the network should still stay secure" - apparently due to hidden built-in security features.
Following news that millions of dollars have been stolen from banks by cybercriminals was yet another startling wakeup call for cybersecurity experts. Not surprisingly, hackers delivered the malware payload via social engineering phishing attacks targeted at reckless employees.
"Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent," said Kevin Mitnick, legendary hacker and Chief Hacking Officer of KnowBe4.
Companies need to be aware that employees - in a number of different departments - are often untrained and rather careless when checking their emails. Spear-phishing tends to be a popular choice among cybercriminals, able to trick employees by using a customized approach.
Kaspersky has some damning claims against HDD giants Seagate and Western Digital, where it has said that the NSA has spying backdoors installed onto the HDD firmware of the leading HDD manufacturers products.
The cyber-security giant says that the US spy agency has full access to raw data, agnostic of partition method (low-level format), file system (high-level format), operating system, or even at the user access level. Kaspersky has said that it has found PCs in at least 30 countries with the spying programs installed, with the most infections found in Iran. After that, we have Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Kaspersky has said that the HDD firmware backdoors are used right now to spy on foreign governments, telecommunication giants, banks, nuclear researchers, the media, and many more. Kaspersky isn't outright naming the company that has designed the malware, but it has said that the company responsible has close ties with the development of Stuxnet. But it does get worse, as the company adds that each time you turn your PC on, the malware is activated, which means it has utter control to all of the critical OS components - possibly gaining access to your network, and file system.
Do you want to know if the GCHQ illegally spied on you? Privacy International wants to help you find out, and has the chance to do so, after dragging the UK intelligence agency into court.
The GCHQ illegally acquired millions of private communication records from the NSA, with Privacy International, Amnesty International and Bytes for All bringing the case before a UK Investigatory Powers Tribunal (IPT). As such, anyone in the world can determine if the NSA and GCHQ unlawfully shared communications - with requests for emails, phone calls and Internet communication data to be deleted.
"The public have a right to know if they were illegally spied on, and GCHQ must come clean on whose records they hold that they should never have had in the first place," said Eric King, deputy director for Privacy International. "There are few chances that people have to directly challenge the seemingly unrestrained surveillance state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions."
Mobile phones are under attack by cybercriminals, trying to steal personal data and possible financial information stored on devices. Studying information collected on cellular networks, 0.68 percent of mobile phones suffer from malware infection, according to Alcatel-Lucent.
Google Android devices - the No. 1 mobile OS across the world - make up 99 percent of the infected devices, with infection rates increasing. Adware.Uapush, Trojan.Ackposts and SMSTracker are the top three infections, commonly hidden in legitimate looking mobile applications.
"Most importantly is the fact that there is less control - you can download the apps from third-party app stores and there is very little checking of the digital signature that you sign the app with," said Kevin McNamee, director of Alcatel-Lucent's Motive Security Labs.
Cybercriminals carrying out data breaches on organizations are helping create a suddenly booming cyberattack liability insurance market.
Traditional insurance companies - and a growing number of niche cyberattack insurance providers - are overwhelmed by an avalanche of new applications. The cyberattack insurance industry reached close to $2 billion in 2014, which is double the previous year, according to industry analysts.
"Think of a massive cyberattack as an intelligent hurricane," said Ty Sagalow, COO of the eBusiness division of AIG, in a statement published by the Los Angeles Times. "If it hits a house that doesn't fall down it learns why the house didn't fall and it changes. It is a scary thing... scary things sell insurance."
North Korea isn't a cyberespionage powerhouse like Russia or China, but the country has a budding cyber warfare program that could cause major headaches for the United States and South Korea. Pyongyang is investing more resources into its cyber capabilities, evolving attack habits to be highly disruptive.
"A prime example could be if we're imagining that North Korea was under attack from South Korea, which was being supported by the US Army," said Egle Murauskaite, trainer at the US National Consortium for the Study of Terrorism and Responses to Terrorism, in a statement to the Christian Science Monitor. "North Korea could attack satellites to disrupt communication between the US and allies and imped the US ability to reach targets."
Along with satellites, precision guided missiles largely rely on electronics, so there are fears that attacks would be able to effectively disrupt these signals.
Companies and government agencies understand the need for improved cybersecurity to help defend against attacks and insider threats. It's a confusing mix of trying to defend against outside threats, and keeping reckless and improperly trained employees from causing harm.
Fifty-three percent of federal IT professionals believe insider threats, whether from intentional threats or untrained employees, remains the largest threat, according to a report from IT software firm SolarWinds. Furthermore, 64 percent of those surveyed think insider threats can be as damaging - or more damaging - than malicious external threats posed by hackers and cyberespionage.
"Contrasting the prevalence of insider IT security threats against a general lack of threat prevention resources and inconsistently enforced security policies, federal IT pros absolutely must gain visibility into insider actions to keep their agencies protected," said Chris LaPoint, group VP of product management at SolarWinds. "However, given the unpredictability of human behavior, the 'Why?' of those actions is an elusive query."
The surging biometrics market is predicted to reach $13.8 billion in 2015, largely due to government adoption, however, there could be growing interest in the private sector, according to the ABI Research group.
The United States and European Union nations will continue to adopt biometrics, with fingerprint recognition still the leading solution. Consumer and private sector biometrics spending could outpace government spending in 2018, according to ABI, as wearables and smartphones implement enhanced security protocols.
The healthcare industry is still trying to cope with news that Anthem suffered a major data breach - and there are increased talks regarding cybersecurity technologies that can be utilized to prevent future incidents. As more companies transition to electronic health records, biometrics supporters hope that it will present a great opportunity for hardware and software adoption.
According to some security researchers at Kaspersky, a group of hackers have used tricky malware to steal at least $300 million from bankers throughout 30 countries across the world.
The hackers tricked bank staff into installing a virus, or malware, through a spoofed email, where they spied on staff to learn their behavior. From there, they were able to mimic bank staff, to learn telltale signs that money is being taken from the bank, and transferred to various accounts. The attacks did just that, transferring money to other bank accounts, but some of it is sent to ATMs where criminals are monitoring specific ATMs.
The banks that were hit are now aware of the attack, but Kaspersky cannot name the banks due to non-disclosure pacts. Some of the firms don't want to admit they were hit, as they would be looked at as victims, and that their security has failed them. As for the breaches of security, the hackers injected malware into banks in the United States, Russia, Japan and many more countries.