TweakTown NewsRefine News by Category:
Google publicly announced its Project Zero, a new effort aimed at tracking software bugs, with a public vulnerability database also in the works. The company also recruited George Hotz, responsible for hacking the Sony PlayStation 3 and Apple iPhone, among other claims to fame, as an intern to help with the bug hunt.
The Project Zero team will focus solely on tracking down bugs - not just for Google software - to help try to keep the Internet more secure. In addition, Google wants to better understand the techniques, targets and motivations of cybercriminals, as state-sponsored hacking becomes extremely prevalent.
"Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," said Chris Evans, responsible for leading Project Zero.
CBS Interactive-owned tech news site CNET was recently hacked by W0rm, a Russian-based hacker group, which led to usernames, encrypted passwords and emails of more than one million site visitors. Meanwhile, CNET said it has identified the security vulnerability and has worked to fix it already.
The hackers used a Symfony PHP framework security hole to carry out the database theft - and it was reportedly done to improve Internet security. W0rm previously took credit for hacking BBC, Adobe Systems and Bank of America over the past couple of years.
"It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it's actually a good thing," said Robert Hansen, White Hate Security Web security expert, in a statement. "W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred."
Qendrim Dobruna, 27, has pleaded guilty to bank fraud in a case stemming back to 2011, and could face up to 30 years in prison. Operating under the names "cL0sEd" and "cL0z," he played a part in an operation that lasted 48 hours and led to $14 million stolen - with criminals withdrawing the funds via ATMs in 20 different countries.
Dobruna initially decided to plead not guilty, but thought better of it before changing his plea to guilty - and will serve at least nine years. Dobruna and his accomplices chose to defraud "JPMorgan Chase, and to obtain moneys, funds, credits and other property owned by, and under the custody and control of said financial institution, by means of materially false and fraudulent pretenses, representations and promises," according to the federal government's indictment.
It took a growing number of cybercrime-related cases before the federal government jumped into action - but criminals conducting fraud and theft on a large scale are increasingly being targeted by police and federal agencies.
The "Kronos" Trojan is designed specifically to steal log-in credentials and important financial information from unsuspecting users. This particular malware is being offered for use by cybercriminals, as advertising is popping up on underground forums. The ad was found on a Russian cybercriminal hacker forum, it has been recently confirmed.
Kronos is able to exploit Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, stealing credentials on bank websites by form-grabbing and an HTML content injection.
"The cybercriminal underground is a market," said Dmitry Tarakanov, Kaspersky Lab senior security researcher, in a statement to PC World. "Source code leakages and botnet shutdowns have been happening constantly but we see virus writers from time to time come up with new (or based on old but modified) banking malware. It proves that the market wants such tools."
Shortly after reports surfaced accusing Apple iPhones of posing a threat to Chinese national security, the U.S. company rebutted charges lobbied by state media. The iPhone location-tracking function is unable to identify the phone owner's activities, and instead is utilized to help speed up applications based on phone owner location.
"Apple has never worked with any government agency from any country to create a backdoor in any of our products or services," an Apple statement claims. "We have also never allowed access to our servers. Apple does not track users' locations - Apple has never done so and has no plans to ever do so."
China has notoriously made it difficult for western companies to do business in the surging market - pressuring companies into changing features, adhering to sometimes questionable guidelines, and doing little to prevent intellectual property theft. However, companies are determined to cater to Chinese users, with a large number of first-time smartphone owners.
If you think that using the factory reset function on your smartphone will clear your data, you're in for a pleasant surprise! Czech-based security company Avast purchased several phones via eBay to evaluate if they can extract data from it, especially the ones that had a factory reset done by the previous owner.
The factory reset is supposed to be a one-touch feature which should secure erase all the data, settings and other user-related details from the photo and return it to a 'rolled out of the factory' state. But the experiment by Avast proved that this is not entirely true.
The company conducted this experiment by purchasing 20 smartphones from eBay. The experts at Avast were able to extract data from these smartphones, though the company didn't disclose if that was the case with all the smartphones. The experts were able to extract 40,000 photos, out of which 1,500 of those were family photos and others included selfies with their manhood.Other data included emails, text messages, Google search history and even browser history. Avast also added that the factory reset feature does not wipe out the data from the phone. Rather, it only erases the index information.
Symantec is working with the Chinese government so a reported ban of its software is lifted by the Ministry of Public Security, according to Chinese media. Former NSA contractor Edward Snowden's disclosures of widespread surveillance activity has increased political tensions of cyberespionage between China and the United States.
The Ministry sent notices for department PCs to have pieces of Symantec software uninstalled, according to the China Daily news source. There is no official reasoning explaining why Symantec poses a security threat to China - and the company is discussing the problem with Beijing.
"Symantec takes the privacy and security of our customers' information very seriously and our products do not have so-called 'Data Theft Backdoors,'" said Colleen Lacter, Symantec spokesperson, in a recent statement. "We believe (this) is an insolated incident to the Ministry of Public Security."
Chinese state media said the Apple iPhone is a national security threat, citing the tracking ability of the popular smartphone, including its "Frequent Locations" function found in iOS 7.
Apple has worked diligently to build a strong following in China, a booming smartphone market, but has struggled against its rivals. China currently controls 6 percent of the Chinese smartphone market, with Samsung, Lenovo, Coolpad, Huawei, and Xiaomi ahead - but revenue from China is growing, so Apple will continue to promote iPhones there.
Washington and Beijing have an extremely touchy relationship, and cyberespionage and security issues are certainly complicated, with both sides accusing one another of surveillance techniques. Meanwhile, Apple has been criticized by Chinese state media and the government itself on several occasions, along with being criticized for not having good levels of customer service.
Romanian citizen Iulian Schiopu was sentenced to 45 months in prison for his role in a cybercrime operation related to phishing. Schiopu and his accomplices reportedly affected thousands of debit and credit cards of U.S. banking customers.
Stolen information was stored in shared email accounts, with names, addresses, dates of birth, telephone numbers, and Social Security numbers at risk. The group became known in the United States because criminals in Romania were withdrawing money of U.S. bank account holders. So far in the investigation, more than 20 Romanian citizens have been arrested for their various roles in the phishing scheme.
Cybercriminals are able to launch a large amount of attacks with little risk of law enforcement interference, but the U.S. government is ramping up efforts to dismantle organized attack groups.
The rise in cyberattacks and digital threats forced business leaders to pay closer attention, and that means more job opportunities. More than half of CEOs will include some type of "digital" leader by the end of 2015, according to research firm Gartner. Moving ahead, one-third of large organizations participating in digital business will have some type of "digital risk" officer.
It's a complicated time with cybercriminals finding great success compromising companies, stealing employee and customer personal data. IT security teams are suffering while trying to keep information secure, the digital risk officers will be tasked with being business savvy and have appropriate knowledge on how to address digital risk issues.
"Digital risk officers will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," said Paul Proctor, Gartner VP and distinguished analyst. "Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role in its entirety."