TweakTown NewsRefine News by Category:
Cybercriminals are always-on the lookout for software bugs they can exploit, allowing them to hopefully compromise users. Keeping software updated, for example, helps close backdoors and make it harder to find access points - but many people fail to update software, and avoid potentially preventable security incidents.
Another aspect to good cybersecurity is understanding what types of software are being targeted - and why - with clues gathered from this type of information. Java, which has been a longtime favorite for exploits, has increased focus on security, so users have shifted attention to Microsoft Silverlight. As such, experts have seen a strong uptick in Silverlight-based attacks:
"We saw a 34 percent drop in exploits in Java," said Jason Brvenik, principal engineer of security business at Cisco, in a statement to SCMagazine.com. "Java has become more secure. Attackers have noted this, so we saw a rise in the exploit of Silverlight consequently."
The GCHQ collected emails sent to and from journalists in the United States and UK, according to documents released by former NSA contractor Edward Snowden. It took less than 10 minutes to harvest up to 70,000 emails during the GCHQ exercise, intercepted from fiber-optic cables, and included correspondence between writers and editors.
As part of its surveillance campaign, the GCHQ archived emails related to journalists from BBC, Reuters, The New York Times, Le Monde, the Guardian, NBC, the Sun and the Washington Post - with data saved on its intranet.
It's no surprise that the NSA and GCHQ have invested in a number of different digital surveillance efforts, but the widespread campaigns have shocked critics. The GCHQ is under increased pressure to ensure journalists' emails are protected, as confidentiality is important - despite government skepticism.
Once again, SplashData have released their annual list of compiled stolen passwords made public throughout the year of 2014, once again showing that people really don't put much thought, time or effort into protecting their own security.
If your password is anything like these below, please change it immediately for your own safety. It's nice to see these users really confusing hackers and 'changing it up' by pushing '12345' up 17 places to a number three placing - it's definitely going to confuse those nasty criminals from guessing the old '123456' code that was set.
Government agencies in the United States and UK increasingly rely on wide-scale surveillance programs, in their efforts to collect intelligence. It's not uncommon for politicians and department heads to claim efforts are designed to prevent terrorism, which is the line being used by a former high-level spy from the UK.
"There needs to be some new compact between the technology companies and those who are responsible for security if we're not to see events like we saw in Paris last week... becoming more and more features of our lives," said John Sawers, former head of the Secret Intelligence Service, in a statement published by BBC.
British elections take place in May, and national security is expected to be a major political talking point.
SplashData has published its list of the most common passwords used on the Internet, compiling data mainly from Internet users in North America and Western Europe. The top 10 worst passwords, per the SplashData list: 123456, password, 12345, 12345678, 1234, baseball, dragon, football.
Simple numerical passwords remain common, with nine of the top 25 passwords consisting of numbers only. However, passwords such as "iloveyou" have disappeared, which was prevalent on the 2013 list, has dropped from the top 25 list for 2014.
"The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years," said Mark Burnett, an online security expert. "The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 percent of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."
Not surprisingly, President Barack Obama has sided with UK Prime Minister David Cameron's demand that computer companies provide a backdoor to governments, even of encrypted communications. The US government has relied on a mix of warrants, wiretaps and direct access from technology companies so they have access to phone calls, social media, and other communications.
Simply demanding access to encrypted communication isn't worthwhile, so Obama played to emotions with his justification: "If we find evidence of a terrorist plot... and despite having a phone number, despite having a social media address or email address, we can't penetrate that, that's a problem," Obama recently said.
Obama wants to ensure a way to keep data private from cybercriminals, but not from police authorities and federal investigators.
The FBI and other US government departments want to recruit cybersecurity specialists, while the private sector also is throwing big money at qualified job candidates. To help fill this jobs void, a growing number of universities are creating programs to develop the next wave of security specialists.
Cybersecurity jobs soared 74 percent from 2007 to 2013, and there are a number of appealing opportunities for candidates. With such fierce competition for the current crop of security specialists, universities are broadening security-themed offerings from one or two courses to minor and major programs, or certifications.
"The demand is very high. I've had students get into cyberspace companies with just one security class, never mind an entire major," said Kenneth Knapp, IT management professor at University of Tampa and head of its cybersecurity program. "With all of the high-profile breaches over this last year or so, more focus has been on security than I've ever seen, and I've been doing it since I was 21 years old in the Air Force."
Chinese cybercriminals stole data related to the B-2 stealth bomber, F-22 Raptor, a nuclear submarine, and Australia's new F-35 Lighting II aircraft, according to data taken by former NSA contractor Edward Snowden. The Australian government plans to purchase 58 F-35 fighter jets for $12 billion, which will bring its JSF fleet up to 72 total.
Using a mix of its own research and development, along with data stolen from western political rivals, China continues to develop its own Shenyang J-31 and Chengdu J-20 aircraft. The J-31 is the most advanced Chinese fighter jet, while the J-20 is the country's first effort to develop a stealth fighter.
The Chinese government has been accused on numerous occasions of running sophisticated cyberespionage attacks against the United States - and its key allies - to steal software code, hardware designs, and military technology.
It would appear the National Security Agency (NSA) is responsible for breaching North Korea's computer systems years ago, before North Korea's alleged role in attacking Sony Pictures. With help from select allies, the NSA targeted North Korea's links to the outside world, such as China and Malaysia.
US security officials installed malware so they were able to monitor the online movements of North Korea's Bureau 121 hackers - a group growing in sophistication - as cyberespionage becomes more popular.
When the FBI was so quick to conclude North Korea was responsible for attacking SPE in late 2014, the cybersecurity industry was skeptical. FBI Director James Comey previously said the hackers got sloppy and forgot to mask their IP addresses. "We could see that the IP [Internet protocol] addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans."
Unknown cybercriminals breached the Lizard Squad's LizardStresser distributed denial of service (DDoS) service, which serves customers as an attack-for-hire tool. There are more than 14,000 registered users, with $11,000 collected via bitcoin to help pay for DDoS attacks against thousands of website URLs and IP addresses.
The Lizard Squad reportedly brought down Microsoft Xbox Live and Sony PlayStation Network (PSN) to promote its service.
Lizard Squad appears to have a number of younger members contributing to its cybercriminal operation, though several reported members have been arrested across the world. However, core members of the group still haven't been identified and arrested, so future cyberattacks are expected to continue against higher-profile targets.