TweakTown
Tech content trusted by users in North America and around the world
6,135 Reviews & Articles | 39,408 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 47

US government warns that cybercriminals could use Heartbleed

The US government is increasingly concerned that cybercriminals will use Heartbleed to steal personal information, with the Department of Homeland Security asking corporate victims to step forward and report breaches.

 

TweakTown image news/3/7/37013_01_us_government_warns_that_cybercriminals_could_use_heartbleed.jpg

 

The OpenSSL issue involved impacts two-thirds of all websites, with many companies frantically improving security to negate the threat.

 

"While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems," said Larry Zelvin, Department of Homeland Security National Cybersecurity and Communications Integration Center director, in a blog post.

Continue reading 'US government warns that cybercriminals could use Heartbleed' (full post)

UK government also paying millions to Microsoft for XP support

The UK government signed a multi-million-dollar contract to continue receiving Microsoft Windows XP support, and will receive critical software security updates for one-year. As part of the deal, Microsoft will receive $9.2 million to provide support for Windows XP, Office 2003 and Exchange 2003 until next April.

 

TweakTown image news/3/7/37011_01_uk_government_also_paying_millions_to_microsoft_for_xp_support.jpg

 

"We have made an agreement with the Crown Commercial Service to provide eligible UK public sector organizations with the ability to download security upgrades to Windows XP, Office 2003 and Exchange 2003 for one year until April 8, 2015,"Microsoft said in a statement to ComputerWeekly. "Agreements such as these do not remove the need to move off Windows XP as soon as possible."

 

Public sector organizations have a plan to begin migrating from XP, and all necessary changes should be made before the one-year support contract is up.

Continue reading 'UK government also paying millions to Microsoft for XP support' (full post)

NSA used 'Heartbleed' to help snoop on Internet users

A recent report published by Bloomberg says the NSA was familiar with Heartbleed and used the flaw to collect intelligence, choosing to stay silent not to compromise a valuable spying asset.

 

TweakTown image news/3/7/37005_01_nsa_used_heartbleed_to_help_snoop_on_internet_users.jpg

 

Around two-thirds of websites on the Internet have been affected by Heartbleed, and websites are scrambling to improve security.

 

Meanwhile, the federal government is denying using Heartbleed: "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," said Caitlin Hayden, National Security Council Spokeswoman, in a statement. "The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report."

Continue reading 'NSA used 'Heartbleed' to help snoop on Internet users' (full post)

IRS missed Windows XP deadline, pays millions to Microsoft for support

The US Internal Revenue Service (IRS) didn't migrate from Microsoft Windows XP before the April 8 end of support deadline, and will pay millions to Microsoft for extended support.

 

TweakTown image news/3/7/37006_01_irs_missed_windows_xp_deadline_pays_millions_to_microsoft_for_support.jpg

 

Microsoft pulled the plug on its popular 13-year-old operating system, urging users to migrate to Windows 7 or 8/8.1. However, millions of PCs are still running XP and haven't been migrated, including many business PCs.

 

"Now we find out that you've been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014," said Rep. Ander Crenshaw (R-Fla), chairman of the House Financial Services and General Government subcommittee, in a statement. "I know you probably wish you'd already done that."

Continue reading 'IRS missed Windows XP deadline, pays millions to Microsoft for support' (full post)

Iranians are increasing their cybercriminal activities, report says

The Iranian government is increasing its cyberattack capabilities and wants to target government rivals, according to security company Mandiant. The country still doesn't have modernized cyber weapons at the moment, but is willing to invest time and energy into expanding its digital weapons.

 

TweakTown image news/3/7/37004_01_iranians_are_increasing_their_cybercriminal_activities_report_says.jpg

 

Iran was reportedly behind malware attacks that infected Saudi Aramco and RasGas, in retaliation following the suspected infection of an Iranian nuclear facility by the United States and Israel.

 

"Although Iran has long been considered a second-tier actor behind China and Russia, recent speculation has focused on Iran's interest in perpetrating offensive network attacks against critical infrastructure targets," the Mandiant report says.

Continue reading 'Iranians are increasing their cybercriminal activities, report says' (full post)

Phishing cybercriminals find most success with midweek attacks

The majority of phishing emails are sent during the work week, amounting to 93 percent of activity, with the most popular day Wednesday, according to cybersecurity company Mandiant. The use of clever social engineering techniques, in which cybercriminals create unique attack methods to compromise unsuspecting users, continues to be a leading strategy that helps find success.

 

TweakTown image news/3/7/37002_01_phishing_cybercriminals_find_most_success_with_midweek_attacks.jpg

 

Mandiant studied clients in more than 30 different business industries, with 15 percent of attacks hitting the financial market, with 13 percent aimed towards media and entertainment, according to the company.

 

Companies trying to protect employees must teach them the basic threats that phishers use, especially in financial intuitions, which receive one-third of all phishing attempts.

Universities struggle to keep personal data safe from theft

It seems likely colleges and universities could face a higher number of cyberattacks and data breaches, as security vulnerabilities and other challenges remain a problem, according to HALOCK Security Labs.

 

TweakTown image news/3/6/36995_01_universities_struggle_to_keep_personal_data_safe_from_theft.jpg

 

University IT staff need to prioritize their networking and security budgets to address the most glaring security threats - and separating sensitive systems from public systems can be a good start. PCs and servers with sensitive information can be supervised by IT staff, while student employees can manage public systems, according to HALOCK.

 

"Universities in general have limited budgets for information security, and therefore struggle to comply with the numerous laws and regulations regarding the data in their custody," said Terry Kurzynski, HALOCK Senior Partner, in a press statement.

Continue reading 'Universities struggle to keep personal data safe from theft' (full post)

Members of the 'Jabber Zeus Crew' indicted by Department of Justice

Nine men behind the "Jabber Zeus Crew" have been indicted for charges including conspiracy to participate in racketeering activity, multiple counts of bank fraud, conspiracy to commit computer fraud and identity theft, and aggravated identity theft.

 

TweakTown image news/3/6/36993_01_members_of_the_jabber_zeus_crew_indicted_by_department_of_justice.jpg

 

The group allegedly used the Zeus Trojan to collect bank account numbers, account passwords, PIN numbers, and other significant information. Conviction could lead to a monetary fine that would total at least $70,000,000, the DOJ said in its indictment.

 

"It was further part of the conspiracy that [defendants] used 'money mules' residents of the United States who received funds transferred over the Automated Clearing House ('ACH') network or through other interstate wire systems from victims' bank accounts into the money mules' own bank accounts, and then withdrew some of those funds and wired the funds overseas to conspirators," the indictment stated.

Continue reading 'Members of the 'Jabber Zeus Crew' indicted by Department of Justice' (full post)

Department of Homeland Security offers advice to fight 'Heartbleed'

The recent revelation of the "Heartbleed" OpenSSL bug has made it an extremely hectic week for Internet users, technology companies, banks, and the U.S. government. The Department of Homeland Security (DHS) recently issued a public advisory about "working together to mitigate cybersecurity vulnerabilities."

 

TweakTown image news/3/6/36992_01_department_of_homeland_security_offers_advice_to_fight_heartbleed.jpg

 

The DHS offers this advice to Internet users: verify the website has patched the vulnerability, then change passwords; closely monitor email, bank and social media accounts to spot suspicious activity; and become more vigilant to ensure websites are using HTTPS for all data exchanges.

 

"While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems," the DHS noted in a recent news release. "That is why everyone has a role to play to ensuring our nation's cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary."

Hackers hit South Korea users, stealing credit card data on customers

Cybercriminals have compromised at least 200,000 credit card owners in South Korea, with forged credit cards and fraudulent charges being reported. South Korean police authorities have identified more than 250 cases of fraudulent charges, and expect that number to increase as customers are notified to look for suspicious activity.

 

TweakTown image news/3/6/36988_01_hackers_hit_south_korea_users_stealing_credit_card_data_on_customers.jpg

 

The hacker successfully breached a company in South Korea responsible for managing card payment processing terminals, collecting credit card numbers, expiration dates, and loyalty card passwords, according to the Financial Supervisory Service (FSS).

 

The FSS found credit information from three credit card companies and one bank were leaked, with two of the credit card companies already publicly punished for significant data breaches. Earlier in the year, more than 100 million South Korean credit card and bank accounts were compromised, with bank officials resigning and facing heavy scrutiny from government officials.

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases