TweakTown NewsRefine News by Category:
Supermarket chain Supervalu and Albertsons confirmed it was hit in yet another data breach this year, with customer data at risk all over again. This most recent attack took place sometime in late August or early September, with the malware installed to target payment card transactions at retail grocery stores.
"We care greatly about our customers, and the safety of their personal information will continue to be a top priority for us," said Sam Duncan, SuperValu CEO and President, in a press statement. "We've taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward."
Evolving point-of-sale (POS) malware is proving difficult for retailers to defend against, as significant data breaches continue to rack up. Some cybersecurity previously warned retailers that aren't quick to make changes could be the victim of follow-up attacks, as cybercriminal groups are aware they are susceptible to attack.
The little-known Lizard Squad hacker group recently disrupted online servers of Destiny and Call of Duty: Ghosts, as the group continues to rack up victims. This is more troubling for Destiny, one of the most anticipated game launches of the year, as it was only released on Sept. 9 and has a large following. Lizard Squad has been relatively dormant the past few weeks, staying out of the headlines as it prepared distributed denial-of-service (DDoS) attacks against Destiny and CoD: Ghosts servers.
Following its initial introduction to the world, the group received a large amount of criticism from gamers, game industry officials, and fellow hackers. After the group issued a fake bomb threat against an American Airlines flight carrying a Sony executive, many wondered how much longer the group would be able to operate.
The U.S. government has arrested Hammad Akbar, CEO of InvoCode, a company known to sell a type of spyware designed to snoop on mobile users. The app in question, StealthGenie, allowed users to record outgoing and incoming calls, intercept calls, activate a device and monitor surrounding conversations within a short distance, and track email, SMS messages, voice mail, and other critical phone behaviors.
It would only take a few moments to successfully install the spyware on a phone, which would give the app user a frightening amount of surveillance capability. Akbar reportedly tried to advertise and sell the spyware app over the Internet, with a focus on helping users catch cheating partners and spouses.
"Selling spyware is not just reprehensible, it's a crime," said Leslie Caldwell, Assistant Attorney General, in a press statement. "Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim's personal life - all without the victim's knowledge. The Criminal Division is committed to cracking down on those who seek to profit from technology designed and used to commit brazen invasions of individual privacy."
Google and Apple are facing criticism from the FBI and other government agencies over their decision to encrypt data on smartphones that would make it inaccessible to law enforcement. The FBI reportedly opened dialogue with both companies to discuss the matter at hand in the future. It's unsettling the government, which was embarrassed and angered after details of NSA surveillance was leaked by former contractor Edward Snowden, wants to learn more about why companies want to encrypt data.
"What concerns me about this companies marketing something expressly to allow people to hold themselves beyond the law," said James Comey, FBI director, during a recent press conference.
While Apple declined comment to the Wall Street Journal, Apple CEO Tim Cook recently shared these thoughts regarding data protection: "People have a right to privacy. And I think that's going to be a very key topic over the next year or so."
As the threat of organized cyberattacks continue to rise at a rapid pace, the fight to combat these types of costly cyber intrusions can be extremely difficult. Over the past five years alone, there have been more than 236 million reported data breaches suffered by companies.
There are a growing number of university research labs focused on helping train the next generation of cybersecurity experts. Just one dozen colleges and universities currently provide degrees in cybersecurity, and the University of Southern Maine hopes to become lucky number 13.
"There is somebody trying to come over the wall in every business, every entity, every enterprise, every day," said Charles Largay, University of Southern Maine technology solution executive, in a recent interview. "We show them the kinds of things that people do to get ahold of critical information. Then you can defend against it. If you don't understand how it's happening, how do you stop it?"
The Home Depot suffered from a recent data breach targeting customer debit and credit card information, and the fraudulent transactions are currently taking place. Most major banks issued their customers new debit and credit cards, with JPMorgan Chase, Capital One Financial, and other companies sending out new account holders.
It appears the malware was on point-of-sale (POS) terminals from April to September, with an estimated 56 million customers affected. It's a costly proposition for banks to send out new cards, which can cost up to $5 per card to mail out. Capital One didn't say how many account holders will receive a new debit or credit card, but it's a proactive approach to keep customers safer.
There is at least one class-action lawsuit filed in Canada and another in the United States, with other legal actions expected in the future.
The Taiwanese government is investigating Chinese smartphone manufacturer Xiaomi over possible cybersecurity concerns, with a decision expected within three months. Xiaomi provides low-cost smartphones in Taiwan - but data being sent from Taiwanese customer devices to Xiaomi's Beijing headquarters has investigators worried.
Xiaomi was recently harshly criticized due to unauthorized data access, so Xiaomi provided users the chance to reject data collection.
Political tensions between the United States and China over cybersecurity-related matters have intensified as of late - but many tend to forget about the political battles between China and Taiwan.
Auction website eBay has been urged to take action against more than 100 fraudulent listings that reportedly put users at risk, tricking them to turn over personal information. Cybercriminals hijacked accounts, targeting users with 100 percent feedback over hundreds of transactions, as bank account information was requested.
eBay was hacked in May and auction website users were urged to change their passwords as soon as possible - and yet another security threat will only hamper the company further.
Lizard Squad, a hacking group, has claimed responsibility for taking down various low servers for Destiny and Call of Duty: Ghosts yesterday. The attack left some gamers unable to play the two games.
Last month, the group took credit for the DDoS attack on Sony's PlayStation network, as well as calling in a bomb threat on the president of SOE's plane, requiring it to be diverted. Players of both Destiny and Call of Duty: Ghosts took to Twitter to complain about the server outage, as it happened during peak times: the weekend.
The recent Home Depot breach has proven to be larger than retailer Target's breach late last year, with as many as 56 million credit card uses at risk. Former employees accuse the company of leaving data vulnerable, a charge that executives have denied, but there were alarm bells reportedly dating back to 2008. An estimate of the stolen data, which is becoming available online, could lead to $3 billion in illegal purchases over time.
This is a huge bungle by Home Depot," noted Jeff Macke, Yahoo Finance analyst. "It's more than an inconvenience... it's a huge, ridiculous hassle. We need an upgrade of the whole cycle."
Indeed, security experts are calling on banks to embed credit cards with microchips rather than rely on magnetic strips. Home Depot uses EMV chip-based technology for Visa and MasterCard in Europe and Canada, and plans to introduce it into the United States later in 2014.