TweakTown
Tech content trusted by users in North America and around the world
6,052 Reviews & Articles | 38,922 News Posts
Weekly Giveaway: Win a Biostar J1800NH2 Motherboard (Global Entry!)

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 45

Medicaid agencies face "high-risk" security threats, HHS report finds

As many as 10 state Medicaid agencies faced "high-risk" security issues, found while studying audits conducted from 2010 to 2012, according to the Department of Health and Human Services' (HHS) Inspector General's Office.

 

TweakTown image news/3/6/36879_01_medicaid_agencies_face_high_risk_security_threats_hhs_report_finds.jpg

 

The report didn't identify the Medicaid programs, so the affected programs didn't suffer further attack. A mix of access control problems, network operation controls, and entity-wide controls were found in programs spread across 10 states - with 79 confirmed security problems noted.

 

Employers aren't encrypting information, keeping patches updated, or taking basic steps to keep information secure. The Government Accountability Office (GAO) recently said government agencies don't do enough after suffering data breaches, and this report further confirms the problem.

Continue reading 'Medicaid agencies face "high-risk" security threats, HHS report finds' (full post)

Leading website compromised, turns users into "DDoS zombies"

A major global website was recently hit by cybercriminals, with the hacked website turning visitors into "zombies" that in turn launched distributed denial of service (DDoS) attacks. A Persistent XSS vulnerability gave cybercriminals the chance to embed malicious JavaScript code, according to enterprise security company Incapsula.

 

TweakTown image news/3/6/36867_01_leading_website_compromised_turns_users_into_ddos_zombies.jpg

 

Each user that views a compromised profile image with the malicious code then ends up sending a GET request to targeted websites. The group responsible also posted comments on large quantities of other videos, to ensure the profile image was viewed as many times as possible.

 

"As a result, each time a legitimate visitor landed on that page, his browser automatically executed the injected JavaScript, which in turn injected a hidden with the address of the DDoSer's C&C domain," according to Incapsula. "Obviously one request per second is not a lot. However, when dealing with video content of 10, 20 and 30 minutes in length, and with thousands views every minute, the attack can quickly become very large and extremely dangerous."

Avast: Smartphone owners are too careless about security

Smartphone users face a growing list of security problems, and many of them are simply ignoring the risks, according to a recent study completed by security company Avast.

 

TweakTown image news/3/6/36858_01_avast_smartphone_owners_are_too_careless_about_security.jpg

 

Men are more likely than women to face vulnerabilities on their smartphones, 36 percent compared to 32 percent, with more than one-third surveyed saying they don't use any type of anti-theft or security software.

 

"The findings suggest an ongoing disconnect people have with their phone and computer when it comes to security protection," Avast said in a blog post. "Many smartphone users have not yet grown accustomed to thinking of their devices as small computers that store valuable, sensitive, and often priceless data. One can now perform the same functions on their phone as the trust PC or laptop, but the majority of people are still learning about the necessary to protect their phones from viruses and hacking."

Continue reading 'Avast: Smartphone owners are too careless about security' (full post)

Eight people charged with identity theft, using AT&T customer files

Eight defendants have been charged with one count of conspiracy for their role in a sophisticated identity theft fraud scheme using stolen information from AT&T. In total, there are 22 counts in the indictment, with some defendants charged with access device fraud and aggravated identity theft.

 

TweakTown image news/3/6/36850_01_eight_people_charged_with_identity_theft_using_at_t_customer_files.jpg

 

One of the defendants charged, Couman Emily Syrilien, 25, from Lauderdale Lakes, Florida, worked for Interactive Response Technologies (IRT), an outsourced call center that provided sales and customer support for AT&T.

 

If convicted of the conspiracy charge, each defendant faces a maximum sentence of 20 years, while the access device fraud charge carries a 10-year max sentence, and each aggravated identity theft charge carries two years.

Continue reading 'Eight people charged with identity theft, using AT&T customer files' (full post)

North Korea wants to join in global cyberattack fun

The western world is closely watching North Korea's military ambitions, with government leaders in Pyongyang investing a large amount of research into cyberwarfare capabilities, the US government recently warned.

 

TweakTown image news/3/6/36824_01_north_korea_wants_to_join_in_on_global_cyberattack_fun.jpg

 

Although not sophisticated as cyber arsenals from China or Russia, North Korea can still find partners to help foster its cyberattack capabilities. If matured further, the attacks will likely focus on South Korea, the United States and Japan, military advisors warned in the past.

 

"North Korea brings risk to the world's fastest-growing economic region, which is responsible for 25 percent of the world's [gross domestic product] and home to our largest trading partners," said Army Gen. Curtis Scaparrotti, in a Department of Defense press release. "Against this real threat, our nation is committed to the security of South Korea and to our national interests."

Continue reading 'North Korea wants to join in global cyberattack fun' (full post)

Edward Snowden data disclosures hurt trust in companies, government

Former NSA contractor Edward Snowden stirred an international debate about privacy rights, with 80 percent of those polled recently saying Congress should reign in NSA snooping, according to a new Harris Interactive survey.

 

TweakTown image news/3/6/36821_01_edward_snowden_data_disclosures_hurt_trust_in_companies_government.jpg

 

However, over half also said the NSA-related snooping helps reduce the likelihood of terrorism, while believing Internet companies should cooperate with the US government. Ironically, two out of three respondents said ISPs betrayed them while working with the NSA secretly, as a growing number of users aren't trusting of ISPs and other major tech companies.

 

"People clearly are thinking more about the relationship between privacy and security," said Stephen Cobb, Eset Senior Security Research, in a statement. "What the Snowden revelations have done is to surface the unresolved tension over this issue. People would like, on the one hand, to think the surveillance is necessary. But there is push back against unnecessary surveillance."

Continue reading 'Edward Snowden data disclosures hurt trust in companies, government' (full post)

KnowBe4: Ransomware threats goes beyond just Cryptolocker

Ransomware is becoming a major business for cybercriminals, and users can expect sophisticated attacks that go beyond just Cryptolocker, according to Web security company KnowBe4.

 

TweakTown image news/3/6/36820_01_knowbe4_ransomware_threats_goes_beyond_just_cryptolocker.jpg

 

Cybercriminals are developing next-generation malware designed to infect users and steal information, or hijack the computer with ransom demands to unlock affected machines.

 

"There is furious competition between cybergangs," said Stu Sjouwerman, KnowBe4 CEO, in a press statement. "They did their test-marketing in countries like the UK, Canada and Australia and are now targeting the US. CryptoDefense doesn't seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang."

Continue reading 'KnowBe4: Ransomware threats goes beyond just Cryptolocker' (full post)

EFF urges websites to use HSTS protocol to be more secure

Not enough websites and Internet browsers utilize the HTTP Strict Transport Security (HSTS) policy to keep Internet users secure, according to the Electronic Frontier Foundation (EFF).

 

TweakTown image news/3/6/36819_01_eff_urges_websites_to_use_hsts_protocol_to_be_more_secure.jpg

 

HSTS forces encryption by opening HTTPS sessions instead of just HTTP, so information to and from the website is encrypted. Using HSTS, websites never allow Internet users to interact with an HTTP session, with everything automatically converted.

 

The EFF believes not enough web developers know about HSTS, while browser support has also only increased slowly but surely. Google Chrome, Mozilla Firefox, and Opera have long-supported HSTS, while Microsoft said it will use the Web standard with Internet Explorer 12.

Continue reading 'EFF urges websites to use HSTS protocol to be more secure' (full post)

Banks must work to mitigate against DDoS attacks, new rule orders

The Federal Financial Institutions Examination Council (FFIEC) recently released a security notice of required steps that must be followed by banks and financial institutions operating in the United States. All banks under federal government regulation have to beef up security and pay attention to distributed denial of service (DDoS) attacks which plague bank servers.

 

TweakTown image news/3/6/36813_01_banks_must_work_to_mitigate_against_ddos_attacks_new_law_orders.jpg

 

Specifically, these companies need to try and mitigate DDoS attacks to the best of their ability, to keep subscribers more secure.

 

"In the latter half of 2012, an increased number of DDoS attacks were launched against financial institutions by politically motivated groups," according to the FFIEC statement. "These DDoS attacks continued periodically and increased in sophistication and intensity. These attacks caused slow website response times, intermittently prevented customers from accessing institutions' public websites, and adversely affected back-office operations."

Continue reading 'Banks must work to mitigate against DDoS attacks, new rule orders' (full post)

One-third of phishing attacks aimed at financial institutions

One-third of all phishing attacks launched in 2013 targeted global financial institutions, and the attempts are getting even better, according to security company Kaspersky Lab.

 

TweakTown image news/3/6/36811_01_one_third_of_phishing_attacks_aimed_at_financial_institutions.jpg

 

Customer information is a valuable commodity to cybercriminals, with the ability to steal identities, transfer money from accounts, and financially ruin victims. Cybercriminals enjoy using the brand names and logos of well-known companies, making it easier to lure users into clicking fraudulent links.

 

"Phishing attacks are so popular because they are simple to deploy and extremely effective," said Sergey Lozhkin, Kaspersky Lab Senior Security Researcher, in a press statement. "It is often not easy for even advanced Internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialized protection solution."

Continue reading 'One-third of phishing attacks aimed at financial institutions' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases