TweakTown NewsRefine News by Category:
Security firm KnowBe4 is so confident that its Kevin Mitnick Security Awareness series is so beneficial, the company will pay a ransom if a client is compromised due to employee error. The new generations of ransomware typically can slip by traditional anti-virus software, and end-users are responsible for accidentally installing software on work PCs. The security awareness training is ongoing and the KnowBe4 offer to pay ransoms via bitcoin is valid until June 30.
"Many employees take work home and access the network on personal laptops or devices shared with family members," said Stu Sjouwerman, KnowBe4 CEO, in a statement. " KnowBe4 recognizes the need to help users stay secure in a variety of environments and we offer our clients a separate Home Internet Security Course for their whole family as an extra bonus. We are so confident our training works, we'll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer and your employees stepped through our training."
It's a bold decision by KnowBe4, as 234,000 people have been hit with some type of ransomware, such as CryptoLocker, CryptoDefense or CryptoBit, according to the FBI. These data breaches led to $20 million in ransom fees during a four-month span in 2013 alone, according to the report.
Cybercriminals trying to compromise users continued to find new and innovative ways to target unsuspecting users in April, launching malicious attachments and conducting well-coordinated phishing attacks, according to security company Kaspersky Lab.
Email and search engines were the most popular targets, accounting for 31.9 percent of attacks, with social media in second with 23.8 percent, and financial and payment organizations slotted in third with 13 percent. The most notable target in April was Chinese telecommunications company Tencent, with criminals seizing user logins and passwords.
"Last month, we saw a new wave of so-called pump and dump spam," said Tatyana Shcherbakova, Kaspersky Lab Senior Spam Analyst, in a press statement. " The scammers behind these mailings advertised offers to buy stock in a certain company at super low prices, which were allegedly meant to increase considerably in the near future. As a result, the demand for the stock in the company rose, the prices became artificially inflated - and the scammers would then sell off their stock in said company. The stock prices would then begin to fall, and the bamboozled investors were left with depreciated shares and lost their investments."
Marcel Lazar Lehel, operating under the hacker pseudonym "Guccifer," was convicted by a Romanian court and sentenced to serve four years in prison. Lehel has a day job serving as a cab driver, but his miscellaneous activities are what led him to be arrested in January - and already has a three-year suspended sentence that could force him to spend even more time in prison.
In late May, the hacker admitted to illegally accessing email accounts, targeting Romanian government officials, celebrities, and other well-known personalities. In addition, "Guccifer" targeted former U.S. President George W. Bush, along with several of Bush's family members, in his global hacking operation.
"The aggrieved parties Corina Cretu and George Cristian Maior did not turn into civil claimants ... the defendant is obliged to pay $3,400 in legal fees to the state," according to the Romanian government.
The British government should severely punish cybercriminals responsible for "serious" cyber-based attacks, according to the Queen. Following a recent speech, it seems a recently proposed crime bill will ask for possible life sentences if hacking leads to "loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof."
The Computer Misuse Act of 1990 would also be modified, so criminals conducting industrial espionage operations would receive additional jail time. Instead of a 10-year sentence for attacks that lead to "a significant risk of severe economic or environmental damage or social disruption," the modification would call for a 14-year sentence.
"It's good to see government trying to be proactive to put specific law enforcement tools in place before they're needed, but they should be careful to not accidentally criminalize good faith efforts," said Beau Woods, I Am The Cavalry security expert.
New evidence has been presented to a court in defense of Pirate Bay founder Gottfrid Svartholm, who last year was extradited to Denmark and remains in custody.
Svartholm was accused of illegally accessing the mainframe of CSC. But now new evidence has emerged that, according to TorrentFreak, backs up the theory a third party was using Svartholm's PC.
A February investigation of Svartholm's computer apparently reveals hundreds of suspicious files. His lawyer, Luise Høj, told TorrentFreak that threats on the PC could be traced all the way back to 2011, some of which could potentially have permitted backdoor access into the computer.
A German startup that's promising to deliver a secure private server free from government snooping has reached its $1 million crowdfunding target in just under an hour and a half.
Protonet hit over 100,000 euros on the crowdfunding service Seedmatch in minutes, before sailing past the $1 million mark 89 minutes after going live, IBTimes reports. Protonet's product aims to combine the best of server capabilities, according to the company, with the security and control of local hardware.
"We offer location independent data access, a though through social collaboration platform and all this with no necessary maintenance and installation," the company says on its website.
A recently discovered Trojan targeting Google Android turns out to be a nasty piece of ransomware, encrypting files on a compromised user's device. The Android/Simplelocker ransomware demands a small payment of about $22 in that must be paid to the Eastern European cybercriminals behind the malicious software.
The Trojan scans for the following file formats on a phone's SD card: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4, which will be encrypted and made inaccessible.
"File-encrypting malware has proved to be a lucrative criminal enterprise so it is unsurprising that Android has become a new target," said Dr. Steven Murdoch, University of Cambridge security researcher, in a statement. "Smartphone users should be very cautious of installing software from sources other than the operating system-provided application store, and should pressure their phone supplier to promptly provide security updates to defend against known vulnerabilities."
A privacy campaigner for "Stop The Cyborgs" has come up with a novel way to prevent being recorded by a Google Glass wearing Glasshole - a simple program that knows when Glass is being used and prevents it from connecting to a network.
The program will no doubt be to the chagrin of the Valley's Glass-wearing enthusiasts, as it prevents it from connecting to the cloud completely. But Stop The Cyborg's Julian Oliver claims it's a hassle-free approach to gaining some privacy in public places.
"To say 'I don't want to be filmed' at a restaurant or playing with your kids is perfectly OK," he said, speaking with Wired. "But how do you do that when you don't even know if a device is recording? This steps up the game. It's taking a jammer-like approach."
Security software company Bitdefender plans to become more proactive in helping Community Emergency Response Team (CERT) and police authorities fight cybercrimes. The company hopes its botnet mapping and malware reverse-engineering will provide a method to identify - and disrupt - cyberattacks before they victimize users. Bitdefender has experience working with law enforcement, so disabling command and control servers, with the help of forensic analysis, also is possible.
Here is what Catalin Cosoi, Bitdefender Chief Security Strategist, in a press statement: " Bitdefender has been in the fight against cyber crime since the beginning, so we find ourselves with more knowledge and capabilities than we can use in our regular business. We want to use that capacity and expertise to contribute to bolster the work of other well-meaning groups who are seeking to make the internet a cleaner, safer place to work, play and socialize."
There is an ongoing fight against cyberattacks, though many companies are simply overwhelmed due to increasingly sophisticated attacks. The U.S. federal government is targeting organized cybercriminal groups, but tend to only operate in damage control after a breach occurs.
The Chinese government decided to ban Microsoft Windows 8 from government PCs last month, expressing fears of cyberespionage by the U.S. government. As Microsoft tries to build support for its software, the company quickly opened up discussions with the Chinese government - and the headaches still haven't gone away. The state-run China Central Television criticized Microsoft during a noon news broadcast, opening questioning Windows 8 security.
"Whoever controls the operating system can control all the data on the computers using it," the broadcast claimed.
Ironically, Microsoft and security specialists have recommended upgrading to Windows 8 because increased security. This is just another step for the Chinese government to torment the U.S. government - and major tech companies - which have been accused of providing the NSA access to Chinese technologies.