TweakTown NewsRefine News by Category:
Juniper Networks has had quite the week. On Thursday it seems that some unauthorized code was found to have been inserted into their ScreenOS, which forms the basis for their hardware filewalls. This malicious code would allow a backdoor into the firewall, letting potential attackers decrypt VPN traffic with the keys found inside.
The fun doesn't stop there, however. Now the FBI has now gotten involved and will be investigating the possibility of whether foreign governments had been involved with inserting the malicious code for the purposes of intercepting encrypted communications from government employees.
It looks like some Linux distributions have a considerable security hole, with security researchers from the Cybersecurity Group at Polytechnic University of Valencia (UPV) in Spain finding an incredibly easy way to hack into numerous Linux distributions.
The researchers found that by using the Grub2 bootloader, immediately bypasses the lock screen, initiates the "Grub rescue shell" and then grants users the ability to access the system for whatever they need. The team found that pressing the backspace key 28 times triggers a memory error, which then displays the rescue shell. This isn't a massive threat as it means someone has to have physical access to your Linux-based machine, but still - this is quite serious, and considering the security hole wasn't found until now, is shocking to say the least.
Ubuntu, Red Hat, and Debian have all released security patches - so these Linux distributions should now be safe.
After we reported that the children's toy company, VTech, was hacked recently, exposing the information on over 4.8 million accounts belonging to parents and children, the man believed to be behind this illegal endeavour has now been arrested.
Arrested due to gaining "unauthorized access" to the VTech servers, a 21-year-old man has been arrested in the UK recently, caught by police in Berkshire thanks to the South East Regional Organized Crime Unit. Craig Jones from this unit told the BBC that the investigation is currently sitting in "the early stages," with further inquiries to be made.
The stolen account information included names, email addresses, IP addresses and encrypted passwords, all taken from the VTech Learning Lodge database.
We've all seen bots spamming phishing links on company social media promotions, trying to make use of the companies social networking promotion budget in order to lure in clicks from unsuspecting victims. Taclking the Instagram side of things is a company called Proofpoint, offering a cybersecurity service that aims to limit the exposure these phishing bots receive - named SocialPatrol.
With there being five million monthly active Instagram users in Australia alone and 400,000,000 'Instagrammers' across the globe, Proofpoint's aim is to ensure company promotions stay safe of hackers and retain legitimacy. Quite often when looking at promoted post on social media, customers will switch off when something is covered in "work from home!" or "buy cheap sunglasses here!" statements, sometimes cheapening the brand and possibly resulting in customers turning away.
In a recently issued press release, Global Customer Relations for General Mills Director, Jeff Hagen, spoke positively of this new technology, stating that it has "Helped us control high levels of spam and inappropriate comments on our Instagram accounts," adding "Without the Proofpoint SocialPatrol technology, our only recourse would have been costly expansion of our manual moderation or risk losing followers." While this will likely have little affect on the tech savvy audience TweakTown normally gathers, this technology should be a great invention for the elderly and youngster population alike, further helping protect them from threats online.
Australia's second-largest city is set to receive the first satellite office of Oxford University's Global Cyber Security Capacity Centre (GCSCC). This opening was confirmed by signature thanks to the Victorian Minister for Small Business, Innovation, and Trade on Tuesday.
Signed by Phillip Dalidakis, he believes that the opening of this site will strengthen Victoria's commitment towards cybersecurity. At TweakTown we reported some weeks ago that security experts have long seen Australia as an easy target for hackers, explaining that a small team could take down important infrastructure such as power and water without too much effort. While Dalidakis explained that Victoria has cemented "the state's reputation as a hub for cybersecurity," as seen in a report by ZDNet, this move could also very much be one to help ensure safety should a hacker attack commence.
Further addressing this opening, Dalidakis stated that "Their [Oxford's] decision to locate their first Global Cyber Security Capacity Centre international office in Melbourne is a huge vote of confidence for Victoria's tech sector," with this office set to complete audits on national cybersecurity risks and discuss strategies in order to heighten security.
Some Twitter members have been issued official warning notices from Twitter due to possible "state-sponsored hackers" gaining access to information without approval, as reported by Gizmodo and Coldhak.
With the email being published on Twitter by Coldhak, it warned users that "Your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors." Twitter assured everyone that they are "actively investigating the matter," in what is beleived to be the first name-and-shame hacker attack by a Government.
While also suggesting that some user accounts may have not been intended targets, Twitter warned that this hack may have been completed by people associated with the Government, stating "We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers."
While members of the media and public are nicknaming these self-balancing skateboards (or E Boards) as hoverboards, we've seen the first recorded incident of what you could call 'new-age crime', spotted on Gizmodo.
This screenshot of a since-removed video shows a south-west London youngster stealing a package of Lucozade energy drink from a supermarket, smoothly riding his way out through the door without a care in the world.
Riding his LED board in and out of the frame is just about all that this video contained, apparently. Due to it being taken down we can't show you the whole thing, but above you will see a snap that Gizmodo was able to take before the London Metropolitan Police took it down.
A Twitter account with no profile photo and just over 2,000 followers called 'Cturt' has confirmed a Sony PlayStation 4 jailbreak success recently, telling the public that the "PS4 kernel exploit [is] finally working! Thanks to everyone involved!"
This jailbreak is said to enable a few interesting and helpful features, with CTurt explaining that this new breakthrough will enable users to "successfully dump RAM from other processes (like SceShellUI) using ptrace," further explaining that he will next be working on patching RAM.
While there is no posted guide, links or information as to how users can complete the same process on their consoles, there is a GitHub page of the same name, linked in the Twitter, where this information may surface in the near future. This news is exciting for developers looking at making custom firmware for the PlayStation 4, further opening up many other coding possibilities for community advancement of this device.
A recent hack and theft of Government files sent a US Government department into a frenzy in recent past, with further developments urging a spokesperson to inform the public that not every victim has or will be notified of this data breach just yet.
While the Government is meant to be notifying each victim of this breach from May 2014, around 7 percent of the 1.5 million people in danger are currently unable to be contacted. This is said to be due to them moving house or being without a Government-recorded address. Confirmed by the Office of Personnel Management, being the place that was hacked, this notification system is obviously not flawless.
The original hack was traced back to China but wasn't discovered or announced until one year after its occurrence, with the names, addresses, social security numbers and various other pieces of information about employees, contractors and job applicants being now in the hands of an unverified source.
Appointed as a representative for six major Hollywood studios, The Motion Picture Association of America (The MPAA) has published new anti-piracy guidelines, addressing how they are slightly loosening the noose on cinemas and more.
Set to target those who film movies while at the cinema, The MPAA is now telling these facilities that calling the cops on recorders is now an optional endeavor, previously ordering workers to call law enforcement immediately. While this policy is targeted mostly at handy cam users looking to leak movies on torrent websites, The MPAA has included recording devices of any kind, including Google Glass.
The MPAA previously implemented a $500 'bounty' to workers who caught and apprehended pirates looking to steal content, with this also being removed in the latest update. While a bounty was a good token in the first place, the removal of a 'bonus' will possibly breed a negative culture within the cinema employees.