It looks like some enterprising business people approached the Raspberry Pi Foundation with an odd business proposal, to pre-install their malware on the Raspberry Pi mini-computer.
Amazing. This person seems to be very sincerely offering us money to install malware on your machines. pic.twitter.com/1soL0MIc5Z— Raspberry Pi (@Raspberry_Pi) December 23, 2015
In an email to the Foundation, a company, whose name was obviously redacted, was asking them to make available an exe file for installation (which wouldn't run on Linux anyway) in exchange for a sum of money for the amount of installations they detect.
This kind of tactic is surprising given the sheer audacity of asking a well-known organization, that prides itself on the many security applications of its minuscule box, outright to cheat its customers. It goes without saying that the Raspberry Pi Foundation didn't go along with their idea. It's even more hilarious that these peddlers of malware didn't seem to understand the platform being run on those devices. Maybe they'll ask Microsoft or Apple next?
The Hyatt chain of hotels just yesterday found malware running on their systems that operate the payment processing for their hotels.
In their statement they said that they've launched a full-scale investigation and are cooperating with some of the leading cyber-security experts in order to get the issues resolved. In the meantime, if you happen to have stayed at a Hyatt owned hotel within the past six months, be sure to keep an eye out on your bank accounts just in case something suspicious happens to show up.
How does one get malware onto a payment processing system? It's not terribly hard but there are best practices in place to make sure that it's difficult to do. Segmenting the network used and keeping it separate from other networks used for browsing the web, making sure that a proper IDS is in place to detect weird activity and limiting any IP addresses that actually access those systems processing card data to those on a whitelist. But those don't make it impossible, just harder and more likely to scare away all but the most seasoned and prepared of individuals.
In an effort to bolster account security, tech giant Google has confirmed that it's testing a new login system that doesn't require passwords.
Google is currently testing a new authentication method that could pave the way to password-free accounts in the near future. Google's method is very much like Yahoo's Account Key logins, which uses smartphone push notifications instead of manual passwords to log into Google accounts. The company's new sans password login method with a small batch of users, and one Reddit user has shared a few details on the new system.
According to an early access tester, the new method is pretty simple and is very much like linking a smartphone to a Roku to use a remote, or tethering a phone to an Xbox One to use Smartglass. Once your phone is linked and authorized to login to your Google account, the app sends a code that's shown on both screens, and users must type the same code to link the devices. Once that's done, users are logged in and can freely use their accounts. Basically Google's new method hinges on syncing, meaning you'll be matching digital pairs rather than typing in a per-session password.
While we wrote that relatively small 'Western Nations' such as Australia are under possible infrastructure hacker threat due to low-security measures, news has come to light that a New York dam was infiltrated by Iranian hackers back in 2013.
With the dam being located no more than 20 miles from New York City, this Iranian hack likely came around thanks to Leon Panetta, ex-Defense Secretary, calling out Iran's hacking prowess in October 2012, putting Governments on high alert for possible hacker threats. With this hack taking place and being kept under the covers until recently, it's just one example of how infrastructure infiltration is a very real threat.
This classified dam is one of the very few public accounts of infrastructure control loss, with all major suppliers of electricity, sewage, water and more all linked to the internet.
sanriotown.com is as a massive Hello Kitty community database and contains around 3.3 million accounts, with Gizmodo reporting that this website has been breached, leaking sensitive member information online.
The data stolen from 'sanriotown' includes first and last names, encoded birthdays, member country of origin, email addresses, passwords, password hints and answers, plus various "other data points," says Chris Vickery , researcher from CSO online.
In addition to this hacked database, information from official Hello Kitty websites has also been spotted, including the original .com website, plus .sg, .my, .th and finally mymelody.com. If you beleive you have been involved in this hack it is advised that you change your password immediately.
Juniper Networks has had quite the week. On Thursday it seems that some unauthorized code was found to have been inserted into their ScreenOS, which forms the basis for their hardware filewalls. This malicious code would allow a backdoor into the firewall, letting potential attackers decrypt VPN traffic with the keys found inside.
The fun doesn't stop there, however. Now the FBI has now gotten involved and will be investigating the possibility of whether foreign governments had been involved with inserting the malicious code for the purposes of intercepting encrypted communications from government employees.
It looks like some Linux distributions have a considerable security hole, with security researchers from the Cybersecurity Group at Polytechnic University of Valencia (UPV) in Spain finding an incredibly easy way to hack into numerous Linux distributions.
The researchers found that by using the Grub2 bootloader, immediately bypasses the lock screen, initiates the "Grub rescue shell" and then grants users the ability to access the system for whatever they need. The team found that pressing the backspace key 28 times triggers a memory error, which then displays the rescue shell. This isn't a massive threat as it means someone has to have physical access to your Linux-based machine, but still - this is quite serious, and considering the security hole wasn't found until now, is shocking to say the least.
Ubuntu, Red Hat, and Debian have all released security patches - so these Linux distributions should now be safe.
After we reported that the children's toy company, VTech, was hacked recently, exposing the information on over 4.8 million accounts belonging to parents and children, the man believed to be behind this illegal endeavour has now been arrested.
Arrested due to gaining "unauthorized access" to the VTech servers, a 21-year-old man has been arrested in the UK recently, caught by police in Berkshire thanks to the South East Regional Organized Crime Unit. Craig Jones from this unit told the BBC that the investigation is currently sitting in "the early stages," with further inquiries to be made.
The stolen account information included names, email addresses, IP addresses and encrypted passwords, all taken from the VTech Learning Lodge database.
We've all seen bots spamming phishing links on company social media promotions, trying to make use of the companies social networking promotion budget in order to lure in clicks from unsuspecting victims. Taclking the Instagram side of things is a company called Proofpoint, offering a cybersecurity service that aims to limit the exposure these phishing bots receive - named SocialPatrol.
With there being five million monthly active Instagram users in Australia alone and 400,000,000 'Instagrammers' across the globe, Proofpoint's aim is to ensure company promotions stay safe of hackers and retain legitimacy. Quite often when looking at promoted post on social media, customers will switch off when something is covered in "work from home!" or "buy cheap sunglasses here!" statements, sometimes cheapening the brand and possibly resulting in customers turning away.
In a recently issued press release, Global Customer Relations for General Mills Director, Jeff Hagen, spoke positively of this new technology, stating that it has "Helped us control high levels of spam and inappropriate comments on our Instagram accounts," adding "Without the Proofpoint SocialPatrol technology, our only recourse would have been costly expansion of our manual moderation or risk losing followers." While this will likely have little affect on the tech savvy audience TweakTown normally gathers, this technology should be a great invention for the elderly and youngster population alike, further helping protect them from threats online.
Australia's second-largest city is set to receive the first satellite office of Oxford University's Global Cyber Security Capacity Centre (GCSCC). This opening was confirmed by signature thanks to the Victorian Minister for Small Business, Innovation, and Trade on Tuesday.
Signed by Phillip Dalidakis, he believes that the opening of this site will strengthen Victoria's commitment towards cybersecurity. At TweakTown we reported some weeks ago that security experts have long seen Australia as an easy target for hackers, explaining that a small team could take down important infrastructure such as power and water without too much effort. While Dalidakis explained that Victoria has cemented "the state's reputation as a hub for cybersecurity," as seen in a report by ZDNet, this move could also very much be one to help ensure safety should a hacker attack commence.
Further addressing this opening, Dalidakis stated that "Their [Oxford's] decision to locate their first Global Cyber Security Capacity Centre international office in Melbourne is a huge vote of confidence for Victoria's tech sector," with this office set to complete audits on national cybersecurity risks and discuss strategies in order to heighten security.