Hacking, Security & Privacy News - Page 44

Following news of which films are up for Oscars, online piracy of nominated movies increased 385 percent since January 15, according to the Irdeto piracy monitoring firm.

Irdeto uses a crawler to monitor torrent downloads, and saw increased interest following the Oscar nominations - largely due to increased media coverage - with screener films sometimes leaked online.

"Hollywood screeners specifically accounted for a substantial 31 percent of the total illegal downloads tracked between January 15 and February 14," according to Irdeto, as published by TorrentFreak. "Six nominated movies currently unavailable for retail purchase on Blu-ray, DVD, VOD or legal streaming/download sites saw the majority of piracy coming directly from these screeners: American Sniper, The Imitation Game, Wild, Selma, Whiplash and Still Alice."

Computer manufacturer Lenovo will no longer pre-install the controversial Superfish adware on PCs and laptops, due to growing public backlash from customers. Cybersecurity experts warned Superfish potentially left them vulnerable, after injecting advertisements to browsers.

"The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert ads," said Eric Rand, researcher for Brown Hat Security, in a statement to Reuters. "This amounts to a wiretap."

Lenovo must now answer questions regarding its use of Superfish, including how long it was pre-installed, and how much data was collected by the software. Superfish was installed on consumer PCs and notebooks only.

Swedish citizen Alex Yucel, 24, has pleaded guilty for his role in being co-creator of the BlackShades malware, which infected more than 500,000 PCs across the world. Yucel pleaded guilty to one count of distribution of malicious software, and faces a maximum sentence of 10 years.

In exchange for his guilty plea, there is a stipulated agreement that will see Yucel receive a sentence ranging from 70 to 87 months. "I do actually want to plead guilty," Yucel said in his court appearance. "I knew that the program would be used to cause damage."

Yucel was arrested in November 2013 while in Moldova, and was extradited to the United States. As the operator of the criminal organization, Yucel hired administrators, marketing and customer support staff to interact with customers - generating upwards of $350,000 in revenue.

Companies are under cyberattack, and many of them are being caught off guard when a data breach occurs. More than half of small and midsize businesses (SMBs) don't have an appropriate breach response plan currently in place, according to a survey from Software Advice.

There are 47 states with breach notification laws that force companies to disclose data breaches when personal information is impacted. However, just 33 percent of SMB decision makers feel "very confident" they understand their state laws regarding breach notification - and it remains a confusing matter.

"Most of the time, when [valuable] information leaks out of a company, it is instantly being monetized on underground forums," said Bogdan Botezatu, senior e-threat analyst of the Bitdefender antivirus firm. This data can be moved quickly, as cybercriminals tend to want to exploit data before changes are made - and companies must inform their clients and customers promptly.

Vladimir Drinkman, 34, has pleaded not guilty after being charged of allegedly serving as part of an international hacker ring responsible for stealing up to 160 million credit cards. The group is accused of installing malware on vulnerable computer systems, with stolen information sold on the black market.

Drinkman's specialty was penetrating networks to gain access to corporate databases that could later be mined.

The hacker group hit NASDAQ, 7-Eleven, Dow Jones, JetBlue, and other high-profile targets - with the "far-reaching" scheme responsible for compromising usernames, passwords, along with debit and credit card numbers.

To help defend against cyberattacks, executives at private corporations need assistance from the US government and cybersecurity firms.

It took longer than experts would have liked, but it appears 90 percent of CEOs in the United States find cybersecurity strategically important, according to a PwC survey. The survey also found 87 percent are worried about cyberattacks, and 45 percent are extremely concerned about mounting attacks - many aimed at stealing employee and customer personal data.

President Barack Obama hosted a cybersecurity summit last week at Stanford University, seeking greater cooperation between the United States and Silicon Valley. "When you step back and look at the role of a company versus the role of a government, clearly if we're going to provide the safest possible [customer] experience in [the] aggregate, government and companies need to work together," said John Donahoe, CEO of eBay, in a statement to Fortune.

The Operation Arid Viper campaign has successfully stolen more than 1 million files with current malware campaigns underway, though it's not the usual suspects, according to Kaspersky Lab and Trend Micro.

The Arab-speaking group, with ties to Gaza, have targeted foreign government offices, critical infrastructure, military, universities, and other high-profile targets. The attacks likely occurred starting in mid-2013 and a full investigation into their actions is underway.

"Whoever the real culprits are, it is clear that they are part of the Arab world, evidence of a budding generation of Arab hackers and malware creators intent on taking down their chosen adversaries," researchers said in a study. "Some of the black hats - be they mercenaries or cybersoldiers - are actively targeting countries such as Israel due to political motivations. We have seen all of the ingredients of a cyberskirmish guerrilla war that goes unnoticed by mainstream IT security media."

Japanese infrastructure endured 25.6 billion cyberattacks in 2014 alone, with 40 percent reportedly traced back to Chinese sources, according to Japan's National Institute of Information and Communications Technology (NICT).

It wouldn't be surprising to hear Japan faced a large number of cyberattacks tied to China, especially with political turbulence between Tokyo and Beijing. There were a number of attacks originating from the United States, South Korea and Russia - as cybersecurity efforts continue to grow.

When the survey was first conducted, in 2005, there were just 310 million cyberattacks detected by the Japanese government. The latest NICT report discovered a growing number of attacks aimed at compromising home and business routers, IoT-enabled systems, networks, and security cameras.

A recent flaw has been discovered in multiple Netgear router models, reportedly allowing hackers to bypass administrator authentication and gain full access to the device as found by Network engineer, Peter Adkins.

Adkins discovered that routers in the popular Netgear 'WNDR' range are running a Simple Object Access Protocol (SOAP) service as part of the Netgear Genie device administration application. Seemingly secure, he was able to bypass filtering and authentication for the SOAP service over a Wi-Fi connection without much effort.

Once the connection had been established, Adkins was able to extract the admin password, Wi-Fi interface credentials, station identifiers, the device serial number and even information on connected clients. He then notified Netgear of this security issue, however was met with a response which included "the network should still stay secure" - apparently due to hidden built-in security features.

Following news that millions of dollars have been stolen from banks by cybercriminals was yet another startling wakeup call for cybersecurity experts. Not surprisingly, hackers delivered the malware payload via social engineering phishing attacks targeted at reckless employees.

"Even after 20 years, social engineering is still the easiest way into a target's network and systems, and it's still the hardest attack to prevent," said Kevin Mitnick, legendary hacker and Chief Hacking Officer of KnowBe4.

Companies need to be aware that employees - in a number of different departments - are often untrained and rather careless when checking their emails. Spear-phishing tends to be a popular choice among cybercriminals, able to trick employees by using a customized approach.