TweakTown
Tech content trusted by users in North America and around the world
6,207 Reviews & Articles | 40,147 News Posts
TRENDING NOW: GTA V will have 'just for PC' features, including a video editor

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 3

Made in China e-cigarette apparently can also be infected by malware

The rise in popularity of e-cigarettes in the United States and Western Europe has led to the potential of malware infection from e-cigarettes made in China, according to recent reports. Cybercriminals have become more creative in their attempts to compromise devices, and ensuring devices from Chinese production facilities are pre-loaded with malware has become increasingly popular.

 

TweakTown image news/4/1/41330_01_made_in_china_e_cigarette_apparently_can_also_be_infected_by_malware.jpg

 

"The Made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer's USP port the malware phoned home and infected the system," according to a report posted on Reddit.

 

Trend Micro security consultant Rik Ferguson seems to agree with the assessment: "Production line malware has been around a for a few years, infecting photo frames, MP3 players and more. For consumers it's a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat."

Employees using work-issued tech for social media, online shopping

Companies are struggling to try to teach their employees appropriate use of work-owned PCs and laptops, as they struggle to keep their networks secure. During typical business hours, 36 percent of survey respondents say they browse social media, while 34 percent enjoy online shopping. Meanwhile, 42 percent play online games and 36 percent use their work laptops to search for a job - all while at home.

 

TweakTown image news/4/1/41321_01_employees_using_work_issued_tech_for_social_media_online_shopping.jpg

 

"People seem to understand that at work there's a little bit more protection," said Sergio Galindo, GFI Software general manager, while speaking to SCMagazine. "They don't do riskier stuff at the office. They're doing riskier stuff (at home) and then bring this equipment that was exposed at home back to the office."

 

Companies are more focused on trying to keep employees safe from social engineering-based phishing attacks, which lead systems and networks to be compromised by malware and other threats.

Amnesty anti-spyware app informs users if government is snooping

Amnesty International's Detekt is a free, open source tool that will help allow journalists and human rights activists know if they are being targeted by surveillance spyware. This is the first time Amnesty International and several non-profit coalitions have released something publicly.

 

TweakTown image news/4/1/41293_01_amnesty_anti_spyware_app_informs_users_if_government_is_snooping.jpg

 

"Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists' private emails and remotely turn on their computer's camera or microphone to secretly record their activities," said Marek Marczynski, Amnesty International Head of Military, Security and Police, in a press statement. "They use the technology in a cowardly attempt to prevent abuses from being exposed."

 

The global market for surveillance technologies is estimated to be worth $5 billion per year, and is climbing even higher.

Continue reading 'Amnesty anti-spyware app informs users if government is snooping' (full post)

Survey: One-third of IT failures caused by employee browsing habits

At least 38.6 percent of companies suffered a major IT disruption due to employees visiting non-work related websites and other questionable material on work-owned electronics, leading to malware and other IT issues, according to a survey conducted by GFI Software.

 

TweakTown image news/4/1/41301_01_survey_one_third_of_it_failures_caused_by_employee_browsing_habits.jpg

 

Almost half of employees, 48 percent, report using Dropbox, OneDrive, Box, or some other personal cloud-based solution to store company information - something that isn't necessarily shocking, but a concern for companies trying to keep data secure. If their employment ended, 35.8 percent admitted they would try to save company data, including customer lists and confidential data, despite knowing it is illegal to do so.

 

"Data protection is a big problem, and one that has been exacerbated by the casual use of cloud file sharing services that can't be centrally managed by IT," said Sergio Galindo, GFI Software general manager. "Content controls are critical in ensuring data does not leak outside the organization and doesn't expose the business to legal and regulatory compliance penalties. Furthermore, it is important that policies and training lay down clear rules on use and reinforce the ownership of data."

US government worried China could down US power grids with cyberattack

China is on the short list of countries that have the ability to launch a cyberattack that would be able to shut down the US power grid along with other critical infrastructure, US government officials believe. It would appear these countries already launch reconnaissance probes that have found gaping security holes they can exploit in cyber defenses.

 

TweakTown image news/4/1/41298_01_us_government_worried_china_could_down_us_power_grids_with_cyberattack.jpg

 

"We see them attempting to steal information on how our systems are configured, the very schematics of most of our control systems, down to engineering level of detail so they can look at where are the vulnerabilities, how are they constructed, how could I get in and defeat them," said Admiral Michael Rogers, NSA head and US Cyber Command head. "We're seeing multiple nation-states invest in those kinds of capabilities."

 

Beyond China, Admiral Rogers didn't publicly disclose other nation states believed to be sponsoring cyberattacks, though Russia almost certainly is on the list.

Compromised webcams, baby monitors posted on Russian websites

A Russian website is posting links to hijacked webcams and baby monitors, and US and UK privacy watchdog groups want to try to have the website shut down. The website has a listing of 4,591 cameras in the United States, 2,059 in France, 1,576 in the Netherlands, and numerous other cameras across Europe.

 

TweakTown image news/4/1/41285_01_compromised_webscams_baby_monitors_posted_on_russian_websites.jpg

 

Some of the webcams listed on the website show a static image but don't appear to be running, while others still work just fine.

 

"The fact that a website is able to stream footage from thousands of cameras, illustrates the risks that consumers are taking by not changing the default passwords on camera enabled devices," said David Emm, Kaspersky Lab Principal Security Researcher. "It only takes a minute to change a password, and the longer it is left unchanged, the greater the chance that the device will be compromised."

Continue reading 'Compromised webcams, baby monitors posted on Russian websites' (full post)

Attack that hit US Postal Service described as 'very sophisticated'

The cyberattack that recently targeted the US Postal Service, affecting 800,000 employees nationwide, was a "very sophisticated" attack that is likely tied to the Chinese government. While there haven't been confirmed cases of identity theft, it appears names, addresses, Social Security numbers, and other personal information were stolen in the breach.

 

TweakTown image news/4/1/41284_01_attack_that_hit_us_postal_service_described_as_very_sophisticated.jpg

 

Meanwhile, Congress wants faster notification of a data breach from the USPS and other agencies - a strong likelihood considering the growing sophistication of cyberattacks. No one has claimed responsibility for the USPS data breach, and government officials didn't want to publicly comment on which group they believe is behind the attack.

 

"At this time, we do not believe that Postal Service transactional revenue systems in Post Offices, as well as on usps.com where customers pay for services with credit and debit cards, were affected by this incident," said Randy Meskanic, USPS cybersecurity official, during a recent testimony. "There is no evidence that any customer credit card information from retail or online purchases, change of address or other services was compromised."

NATO's largest cyber defense exercise is currently underway

The North Atlantic Treaty Organization (NATO) is currently engaged in its largest cyber defense exercise, designed at testing its network security protocols. Organized cyberattacks, with growing threats from state-sponsored attacks originating from China and Russia, have forced government agencies and military branches to be prepared for potential attacks.

 

TweakTown image news/4/1/41283_01_nato_s_largest_cyber_defense_exercise_is_currently_underway.jpg

 

There are 670 technical, government and cyber experts from dozens of Alliance and partner locations - in addition to testing their defense, NATO also helps strengthen partnerships with universities and private-sector companies.

 

"Among the priorities highlighted in the Enhanced NATO Policy on Cyber Defense, endorsed at the Wales Summit, is training and exercises," said Ambassador Sorin Ducaru, NATO Assistant Secretary General for Emerging Security Challenges. "The cyber threat is not just a potential threat, it is daily reality. Conflicts can be virtual but with consequences that are real and destructive."

Kaspersky Lab says it blocked one billion malicious attacks during Q3

The Kaspersky Lab security software firm blocked more than one billion attacks during Q3, which is a 33.1 percent increase over Q2. Targeted attacks and malware are significant threats to consumers and businesses alike, and continue to keep security software companies busy.

 

TweakTown image news/4/1/41254_01_kaspersky_lab_says_it_blocked_one_billion_malicious_attacks_during_q3.jpg

 

The company also added 74,500 new mobile malware samples to its library, a 14.4 percent increase - and an indication that cybercriminals still want to find ways to compromise smartphones, tablets, and other mobile devices.

 

"In Q3, Web antivirus modules were triggered at least once on almost one third of computers while owners were surfing the Web," said Maria Garnaeva, Kaspersky Lab Security Researcher of the Global Research and Analysis Team. "This figure has been falling for a year: in Q3 2013 it was 34.1 percent, in Q1 2014 it fell to 33.2 percent and starting from Q2 it 'froze' at 29.5 percent. This is due to a number of factors. First, browsers and search engines started helping to combat malicious sites. Second, there were fewer attacks involving exploit packs following the arrests of several developers."

Report: Data breach of Staples, Michaels likely connected

The office supply store Staples and Michaels craft stores were both hit by data breaches in 2014, joining a growing list of companies hit by point of sale malware attacks. It would appear both retailers were hit by identical criminal infrastructure, with the malware targeting debit and credit card data captured on POS machines at checkout. The malware that hit Staples was connecting to the same control networks as the malware that hit Michaels - and it wouldn't be surprising if the same cybercriminal group was behind the incident.

 

TweakTown image news/4/1/41251_01_report_data_breach_of_staples_michaels_likely_connected.jpg

 

"We are continuing to investigate a data security incident involving an intrusion into some of our retail point of sale and computer systems," said Mark Cautela, Staples spokesman, in a statement to KrebsOnSecurity. "We believe we have eradicated the malware used in the intrusion and have taken steps to further enhance the security of our network."

 

The volume of data breaches in 2013-2014 indicate these attacks are likely being orchestrated by state-sponsored hackers, and trying to prevent these incidents has proven difficult.

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases