TweakTown NewsRefine News by Category:
The battle continues against the use of card skimmers to steal debit and credit card information from customers, with data being stolen at ATMs, gas stations, and other similar locations. Data skimmed often is sold online or used to clone the credit card for use locally, with customers, banks, and law enforcement typically one step behind.
Criminals are using handheld skimmers and small devices that can be installed to compromise point-of-sale (POS) systems. The newer generation electronic skimmers can be installed and remotely controlled inside of ATMs or other POS machines - and often times can be very difficult to detect. Banks and security experts recommend customers always pay attention to their bank statements and credit card bills, in case mysterious charges begin to appear.
"[The skimmer is] hidden, the person using it will never see it, it's simple to add, it's simple to modify it," said Dan DeFelippi, a former credit card hacker. "It only takes seconds to open it up and put it in there. They're ubiquitous. There are gas pumps everywhere. You can easily find a gas station to do it at and go back and gather."
Almost thirty percent of security experts would conduct an overhaul of current enterprise security if they had the necessary resources and opportunity to make changes, according to a survey conducted by Websense. There is a lack of communication between IT security and company decision makers, as many current security systems are outdated and unable to defend against some attacks.
"This Ponemon Institute security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe," said John McCormack, Websense CEO, in a press statement. "It's not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft."
Advanced persistent threats (APTs) remain a top concern among organization security experts, with APTs typically serving as well-coordinated attacks aimed at single corporations. The stealth attack is continuous and many users are unaware they've been compromised - stealing confidential data that can be sold or used for ransom.
The owner of ConnectZone.com, Daniel Oberholtzer, has been sentenced for participating in conspiracy to traffic in counterfeit goods, receiving 37 months in federal prison. The company must forfeit $716,778 that was collected for selling counterfeit products, advertising the sale of network products that were promoted as Cisco products.
"Innovation and our economy demand that the intellectual property of businesses be protected," said Jenny Durkan, U.S. Attorney, in a statement. "Here, the defendants used the hard earned brands of others and slapped it on inferior products."
Business owners and law enforcement have stepped up civil and criminal complaints against Internet pirates and counterfeiters. Leaders of organized rings conducting illegal business are being indicted and face prison time if found guilty.
More than half of the malware detected originated from the United States, a 12 percent increase just two quarters ago, according to security company Solutionary. In addition, around half of all malware sent came from 10 Internet service providers and hosts, the company says in its latest quarterly report.
The list as compiled by Solutionary: Amazon Web Services, Akamai, Akrino, Google, OVH, Hetzner Online, GoDaddy, CloudFlare, Website Welcome and CDN. However, GoDaddy - once well-exploited by cybercriminals to launch attacks, saw a decrease in malware hosting activity by customers.
"The findings on hosted malware in the Q2 threat report reinforce our research from 2013 and provide additional insights into the mindset and cunning of today's attackers," said Rob Kraus, Solutionary SERT team director of research, in a statement. "The findings should provide the information security community with a good understanding of the threat landscape so they better understand the adversaries' behavior."
Former NSA contractor Edward Snowden wants hackers to help develop new technologies that will help users access the Internet without government snooping. His plea for assistance was via video chat from Moscow, where he is becoming more vocal about snooping.
"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," Snowden recently told the Hackers On Planet Earth (HOPE) attendees. "That is what a lot of my future work is going to be involved in."
SecureDrop, a service so whistleblowers can leak documents to the media, is one new technology that is being discussed at the conference. There is a great opportunity for software development after Snowden gave a much better picture of some of the surveillance programs currently underway.
The UK government must do more to help educate consumers about cybercriminal behavior, as political leaders haven't carried out much mainstream messaging, according to security firm Kaspersky Lab. Many national governments are struggling with their own security efforts to defend against cybersecurity, so it might be difficult to try to promote initiatives to the public.
"I'd like to see the government doing more to get the message out to mainstream citizens and individuals because that's the bone in which the industry is growing; the individuals with ideas," said David Emmm, Kaspersky security researcher, during a recent tech roundtable. "If you look at it, the recent Cyber Street Wise campaign aside, I don't think the government is doing very much in terms of mainstream messaging and I would certainly like to see it do more."
The UK government is on a long list of western nations struggling to improve cybersecurity so attacks can be better defended against. The Cyber Street Wise marketing campaign helped drive interest in larger cities, but wasn't well received by many UK residents located in smaller towns.
During its annual QuakeCon LAN party and PC video game convention, id Software and Bethesda Software unveiled the newest Doom video game to attendees. Instead of calling the title Doom 4, however, developers decided to just call it Doom - and it will be available for the PC, Microsoft Xbox One, and Sony PlayStation 4 game consoles.
It has been more than 10 years since the release of Doom 3, and while gamers long expected a fourth title, no one held their breath. The title runs using the id Tech 6 game engine and can run 1080p with 60 fps, described as an "origin game." It appears to be an old school shooter and while it will be graphically pretty, looks like the id team decided to go back to its development roots.
The demonstrations during QuakeCon revealed large weapons with major ass-kicking power, and a load of monsters, both big and small, promising to be a rather enjoyable experience.
One in 10 of all attacks stopped by security company Kaspersky Lab's software are phishing attacks from Facebook accounts, as cybercriminals continue to target the No. 1 social networking website. Despite a drop from 22 percent of all user blocks in 2013 - with the number currently at 11 percent - it is still the second most likely attack source, behind Yahoo.
Many of the phishing messages originate from fake accounts created by cybercriminals, in an effort to compromise as many users as possible. The use of social engineering and phishing tactics to compromise users remains a popular method by cybercriminals - as many people aren't vigilant when clicking links shared by email, social media, or instant messaging.
"Fraudsters often lur their victims by promising them interesting content," said Nadezhda Demidova, Kaspersky Lab Web content analyst. "When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page. If users don't become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals."
The United States and British governments were left angry and embarrassed after former NSA contractor Edward Snowden revealed mass surveillance programs aimed at citizens and foreign nationals. However, there are other governments accused of "rubber-stamping" mass surveillance programs, according to the UN human rights watchdog.
The constant stream of new revelations shows how disturbingly little we really know about the precise nature of surveillance," said Navi Pillay, UN High Commissioner for Human Rights. Pillay also said Snowden should be appreciated for his decision to publish details regarding NSA and GCHQ spying behaviors.
Although many users are upset with government spying, with Pilay's office saying it's "neither necessary nor proportionate," it's a common practice with communications taking place over mobile phones and via the Internet. The more information that is collected, however, the more governments need to try to justify the behavior - and to limit it to avoid too much personal intrusion.
Former NSA contractor Edward Snowden has revealed widespread spying and surveillance, but there has been a large amount of other revelations made by the American. Snowden recently said it's not uncommon for NSA workers to share "intimate nude photos of someone in a sexually compromising situation," including intercepted sexts sent among phone users.
"You've got enlisted guys 18-22 years old," Snowden said. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all your private records. During the course of their work, they stumble across something that is completely unrelated to their work in any sort of necessary sense, for example, an intimate nude photo of someone in a sexually compromising situation. But they're extremely attractive. So what do they do? They turn around in their char and show a coworker who says, 'Hey that's great. Send that to Bill down the way.' Then Bill sends it to George, who sends it to Tom."
An NSA official didn't deny the activities occurs, but said the organization "has zero tolerance for willful violations" of professional conduct and would address "credible allegations of misconduct." If true, it's not necessarily surprising to hear that this type of behavior happens, though certainly is inappropriate.