TweakTown NewsRefine News by Category:
A large number of online security threats emerge from Asia, and while many state-sponsored groups aim at committing data breaches, stealing username and passwords also is a popular operation. To counter these threats, SecurEnvoy hopes its tokenless two-factor authentication helps keep passwords on PCs and mobile devices secure, providing a new layer of security for login procedures.
In addition to usernames and password or PINs that must be entered, further authentication is required using a passcode. The smartphone is used as a token, with users requesting passcodes to be sent by voice phone call, email, SMS or soft token apps.
"Users of conventional two-factor authentication will be thrilled by SecurEnvoy's tokenless method," said Desmond Teo, Infinite Data Sdn Bhd Managing Director. "Inflexible and expensive network logins using physical tokens such as smart cards are now a thing of the past. The straightforward two-factor authentication procedure using a smartphone and the additional security provided by the SecurEnvoy solutions make things easy for us as an ICT distributor."
The FBI's Internet Crime Complaint Center (IC3) has received 6,800 complaints of online ad fraud-related activity, costing consumers upwards of $20 million from June 2009 to June 2014. The criminals post fake Internet ads for cars, boats, heavy equipment and other expensive items, with each ad including a fake phone number.
Once a criminal has someone lured in, they respond with a text message and ask for an email address - and the criminal tells the victim a deal needs to be put together rapidly, typically saying they will use eBay as a legitimate means for transaction completion. Unfortunately, instead of using eBay, the victim wires or otherwise transfers money to the perpetrators and no longer receives follow-up contact once the deal is done.
These types of Internet scams are typical - but as cybercriminals continue to evolve their tactics - Internet users need to be extremely careful when making purchases. Try to verify seller information, look into company policies, and if a deal is too good to be true, it probably is. Possible scam victims can report incidents to the IC3 website.
Privacy experts would like to see GCHQ boss Robert Hannigan stop criticizing technology companies and be more open about British government surveillance activities. Hannigan previously said digital privacy is not an "absolute right" for Internet users, and wants tech companies to essentially stop aiding terrorists.
"Given everything we've learned in the past 18 months, he chose not to address at all the very serious things that GCHQ stand accused of: blanket surveillance of the UK population with public knowledge and without parliamentary knowledge, [and] receiving warrantless bulk intercepts from the NSA on US and people around the world," said Annie Machon, former MI5 intelligence officer and whistleblower.
Following former NSA contractor Edward Snowden's disclosures regarding widespread - and organized - NSA and GCHQ spying practices, there has been continued criticism of government agencies.
The Romanian hacker known as "Guccifer," Marcel Lazar Lehel, is serving a seven-year prison sentence for numerous cybercrime-related charges. Prior to his arrest, the hacker became increasingly paranoid, even smashing his PC hard drive and mobile phone, as an international manhunt for the brash self-taught cybercriminal was underway.
"I was expecting them, but the shock was still very big for me," the hacker recently said. "It is hard to be a hacker, but even harder to erase your tracks."
After being sentenced in Romania, the hacker was also indicted in the United States, but extradition still seems unlikely at this point in time. Rather than rely on malware and social engineering attacks, Lazar used patience and trial and error while guessing correct passwords to compromise Romanian politician Corina Cretu, former US President George W. Bush, and Colin Powell.
The FBI is aware of state-sponsored cyberattacks, with a large volume of attacks blamed on the Chinese and Russian governments, but finding ways to arrest and prosecute hackers overseas is difficult. Companies are struggling to keep their networks secure, as more employees and customers are at risk of data breaches with these groups evolving into better organized, well-funded cybercriminals.
"Since cybercrime is not found in only one country and is globally dispersed, law enforcement agencies must work together on identifying and arresting the actors perpetrating the crimes," a Special Agent from the FBI recently said during a webinar. "The biggest challenge is when these actors live in countries where the cybercrime laws are not distinct, or in some cases non-existent. There have been cases where these actors have traveled through cooperative regions of the world and arrests have been made."
Realistically, many of the state-sponsored cybercriminals will remain out of the reach of the FBI - and other Western European governments - but China, Russia, and select other countries are the largest perpetrators of attacks.
Apple hasn't heard reports of any users that have been compromised by the "Masque Attack," but cybersecurity experts are still asking Apple engineers to develop new protections to ensure enterprise users are more secure.
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesman recently said. "We're not aware of any customers that have actually been affected by this attack."
Cybercriminals want to hijack OS X and iOS users - and have largely struggled to find security loopholes - but are increasing their efforts into malware development.
Airplane flights have given the US Department of Justice (DoJ) the perfect opportunity to snoop on American citizens with a custom surveillance program operated by the US Marshals Service. The covert program originally started in 2007 and uses "dirtboxes," portable cell towers, that can secretly collect identity and phone locations on subscribers.
The flights leave from five different airports across the United States, and can snoop on thousands of citizens during any given flight. Specific details regarding the program remain unclear, but the US Marshals conduct these missions "on a regular basis" - and not surprisingly, the DoJ is refusing to comment. The phones are in continuous communication with local cell towers, providing a great opportunity to snoop while being discreet.
Following former NSA contractor Edward Snowden's mass surveillance disclosures, American citizens have become more concerned of government spying.
The US Federal Trade Commission (FTC) is reportedly speaking with Apple regarding privacy of health data that is gathered by the HealthKit framework, which will also be applicable to the upcoming Apple Watch wearable. Apple's HealthKit allows patients to control how medical information is used via mobile health apps, and the FTC has taken great interest in the Apple Watch.
Apple spokesperson Trudy Muller noted that the Silicon Valley company continues to work with government oversight bodies to ensure patient privacy is secured - and with no confirmation of an official FTC investigation - Apple is reportedly preparing just in case a future problem arises.
It's not surprising to hear US regulators are interested in HealthKit - and other similar medical-based applications - which will become more common place in the coming years.
Cybersecurity experts continue to have concerns over state-sponsored hacking activity, with China and Russia typically blamed for organized cyberattacks. There were a number of significant data breaches throughout 2014, and it would appear many of them were conducted by state-sponsored hacking programs orchestrated by organized, knowledgeable computer specialists.
Following troubling news that Chinese-sponsored hackers breached the National Oceanic and Atmospheric Administration (NOAA), there has been more attention on hackers that are well-paid and well-organized.
"Whether or not China perpetrated this particular hack or not, the fact remains that nation states are sometimes our enemy," said Robert Twitchell, Jr., President and CEO of Dispersive Technologies, in a statement. "Many of them, including China and Russia, will engage in hacking to steal corporate secrets (for economic advantage), military secrets (for national defensive AND offensive purposes), to embarrass the US and show their technical superiority, and to divert our attention from other activities."
Small- and medium-sized businesses (SMBs) are becoming aware that their employees pose a significant threat to cybersecurity, as attacks begin to ramp up attacks on companies. To make matters worse, many SMBs either don't have IT security staff - or an overwhelmed IT manager - unable to ensure employees are avoiding potential security threats.
It's true that cybercriminals are finding new methods to attack business workers, including using social engineering tactics to trick them into clicking fraudulent links, turning over login and password credentials, or installing malware. Many companies struggle to properly teach their employees on better security practices, such as accurately identifying and deleting phishing emails, reusing passwords, and other common behaviors that lead to major security risks.
Here is what Tom Smith, SVP of CloudEntr, which sells password protection to companies: "The employee factor is huge. For most companies it's the single biggest exposure point."