TweakTown NewsRefine News by Category:
Electronics retailer LaCie is the latest company to suffer a security breach, with scores of customer records up for grabs, left exposed for one year. LaCie, which is now owned by Seagate, was informed of the breach by the FBI, which will also contribute to the investigation.
It's unknown how many customers were exposed in the breach, with limited information until the forensics analysis is completed. However, it appears the hackers were able to compromise LaCie's online store using the same Adobe ColdFusion vulnerabilities that led to breaches among other retailers.
"The information that may have been accessed by the unauthorized person includes name, address, email address, payment card number and card expiration date for transactions made between March 27, 2013 and March 10, 2014," according to a statement emailed to Krebs on Security. "We engaged a leading forensic investigation firm, who conducted a thorough investigation into this matter."
More than one-quarter of Avast's current Microsoft Windows XP customers don't plan to leave behind the OS that is now no longer supported by Microsoft, according to a recent survey conducted by the security company.
Prior to the end of support date on April 8, XP users were already under increased threat of cyberattacks, and that trend is only expected to continue.
"XP users were not planning on doing anything," said Ondrej Vlcek, Avast Chief Operating Officer, in a blog post. "As Avast users they are protecting themselves since we will continue to support Windows XP users for at least the next three years."
Mt. Gox founder Mark Karpeles will not return to the United States to explain the company's demise, leading to bankruptcy, as he waits to investigate a subpoena issued by the U.S. Department of Treasury's Financial Crimes Enforcement Network division.
Karpeles has been ordered to speak during a testimony scheduled for Friday in Washington, D.C. A Japanese court was scheduled to discuss the issue, in case the U.S. asks for him to be turned over.
"Mr. Karpeles is now in the process of obtaining counsel to represent him with respect to the FinCEN subpoena," according to a legal filing. "Until such time as counsel is retained and has an opportunity to 'get up to speed' and advise Mr. Karpeles, he is not willing to travel to the U.S."
The Chinese government is improving its cyberattack and cyberspying abilities, and western nations must work to improve their own cyberdefense, according to security researchers.
The risk of cyberthreats continues to expand as criminals continue to find newer and more creative ways to compromise users.
"Cyberthreat actors are expanding the uses of computer network exploitation to fulfill an array of objectives, from the economic to the political," according to the report. "Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction and influence global decision makers. Private organizations have increasingly become collateral damage in political conflicts. With no diplomatic solution in sight, the ability to detect and respond to attacks has never been more important."
There is a growing need for the US government and private sector to improve communication and work on sharing threat and attack information.
The idea isn't necessarily a new one, with the private sector pestering government agencies to become more transparent regarding cybersecurity threats - especially with sophisticated attacks stemming from Eastern Europe and China.
"We've been trying for three years to get the government to create a protected avenue to share information from the government down to the private sector up to the government," said Tom Ridge, former US Department of Homeland Security secretary, during a recent security conference. "We've been unsuccessful."
The United States wants to improve its Cyber Command over the next two years, and will increase security staff to more than 6,000 employees, Defense Secretary Chuck Hagel recently said. Both military and civilian candidates will be included, as the US government wants to improve both cybersecurity and offensive weapons that can be used to target foreign operations.
The government will likely need to work with universities and private sector companies to try and find candidates - especially with so much competition for skilled cybersecurity experts.
"It has to do with having the skills," said Michael Daly, Raytheon cyber business CTO, in a statement to SCMagazine. "I think that when the jobs are there, the people with the skills are seeking them out and going after them. What we are seeing is a huge backlog as far as being able to hire people into these jobs. The number of security jobs have grown, but these jobs are taking a lot longer to fill."
The FBI is quickly expanding its Next Generation Identification (NGI) biometric photo database, which could balloon up to 52 million photographs by 2015, according to the Electronic Frontier Foundation.
The NGI database had around 16 million photos midyear in 2013, with growing concern of the "non-criminal photo" portion of the program - and how the information will be stored.
President Obama's administration recently started a discussion regarding facial recognition privacy, though after the NSA's spying revelations, there will be a lot of criticism and concern.
The former vice president of the Bitcoin Foundation, Charlie Shrem, has been indicted on money laundering charges related to the now defunct Silk Road website. Shrem and federal prosecutors were trying to work out a plea deal, but negotiations came to an end.
Shrem plans to plead not guilty at arraignment later this month before U.S. District Judge Jed Rakoff, facing up to 20 years in prison if convicted.
Shrem previously worked with the Bitcoin Foundation and also operated the BitInstant bitcoin exchange company - and was arrested in January. Now facing two counts of conspiracy to commit money laundering and operating an unlicensed money transmitting business.
About 18 percent of U.S. Internet users have suffered some type of data breach in which personal data has been stolen, and the problems are only mounting further, according to a recent survey by the Pew Research Center. Just six months ago, the figure stood at just 11 percent of users in the United States, with user accounts and sensitive data under continued attack.
In addition to the Social Security Number, credit card and bank account information that was compromised, 21 percent of online adults also had an email or social media account also compromised.
Many websites trying to boost security due to the Heartbleed vulnerability are finding it difficult and cumbersome, recent reports indicate. If left unpatched, Internet users could find their usernames, passwords, and other sensitive information vulnerable to theft, with two-third of the world's websites vulnerable.
It's important for companies and website owners to fix the vulnerability, as the NSA reportedly used Heartbleed to snoop on users - and there are warnings that cybercriminals will use the vulnerability as long as they can.
There are many hidden costs in trying to boost security to fix Heartbleed, which may not be appreciated until it's too late.