TweakTown NewsRefine News by Category:
Crafts store Michaels confirmed that as many as 2.6 million customers, totaling almost 7 percent of customers paying with debit and credit card, were affected by a data breach that began last year.
Customer information exposed includes card numbers and expiration dates, though the store didn't confirm if names, addresses and PIN numbers were also breached. Since the news of the breach earlier this year, the popular arts and crafts store has removed the malware and reportedly boosted security to try and prevent future incidents.
In addition to Michaels, its Aaron Brothers subsidiary also suffered a data breach affecting around 400,000 debit and credit cards.
Former NSA contractor Edward Snowden recently had the chance to quiz Russian President Vladimir Putin about his country's cyber surveillance and snooping activities. During a video interview, Snowden posed the following question: "Does Russia intercept or store or analyze the communication of millions of individuals?"
Putin's response to the question: "Our agents are controlled by law. You have to get court permission to put an individual under surveillance. We don't have mass permission, and our law makes it impossible for that kind of mass permission to exist."
Of course, western intelligence sources are hesitant to believe what Putin claims, especially with Russia often blamed for cyber espionage and various cybercrimes. Meanwhile, it seems Putin is having a fun time poking fun at the United States and England, which following Snowden's disclosures last year, indicate both nations have sophisticated spying programs.
Samsung followed in Apple's footsteps with the addition of a fingerprint sensor on the front of the Galaxy S5, but it now appears that Apple's implementation of bio-metric security may actually be safer than Samsung's version. A new video has surfaced that shows just how easy it is to spoof the Galaxy S5's sensor with nothing but a casting made from common wood glue.
The video was created by SRLabs, and shows the company using a false finger with the correct fingerprint unlocking the phone. While SRLabs was able to do the same with the iPhone 5S, Apple's Touch ID also utilized a password prompt that prevented further entry. Furthermore, SRLabs was able to use the fake finger to complete transactions on the PayPal app with its new fingerprint authentication feature. This is actually quite scary when you consider that lifting a fingerprint is actually quite easy.
Smartphone kill switches will be added to new devices by manufacturers and wireless carriers, but law enforcement officials are concerned the "baseline anti-theft tool" doesn't go far enough to prevent smartphone theft.
As part of the voluntary agreement, the CTIA-The Wireless Association says the functionality will be added starting after July 2015 - and can ship pre-loaded on smartphones, or as a follow-up download.
"We strongly urge CTIA and its members to make their anti-theft features enabled by default on all devices, rather than relying on consumers to opt-in," according to San Francisco district attorney George Gascon, a supporter of mandatory kill-switches, in a statement. "The industry also has a responsibility to protect its consumers now and not wait until next year."
Electronics retailer LaCie is the latest company to suffer a security breach, with scores of customer records up for grabs, left exposed for one year. LaCie, which is now owned by Seagate, was informed of the breach by the FBI, which will also contribute to the investigation.
It's unknown how many customers were exposed in the breach, with limited information until the forensics analysis is completed. However, it appears the hackers were able to compromise LaCie's online store using the same Adobe ColdFusion vulnerabilities that led to breaches among other retailers.
"The information that may have been accessed by the unauthorized person includes name, address, email address, payment card number and card expiration date for transactions made between March 27, 2013 and March 10, 2014," according to a statement emailed to Krebs on Security. "We engaged a leading forensic investigation firm, who conducted a thorough investigation into this matter."
More than one-quarter of Avast's current Microsoft Windows XP customers don't plan to leave behind the OS that is now no longer supported by Microsoft, according to a recent survey conducted by the security company.
Prior to the end of support date on April 8, XP users were already under increased threat of cyberattacks, and that trend is only expected to continue.
"XP users were not planning on doing anything," said Ondrej Vlcek, Avast Chief Operating Officer, in a blog post. "As Avast users they are protecting themselves since we will continue to support Windows XP users for at least the next three years."
Mt. Gox founder Mark Karpeles will not return to the United States to explain the company's demise, leading to bankruptcy, as he waits to investigate a subpoena issued by the U.S. Department of Treasury's Financial Crimes Enforcement Network division.
Karpeles has been ordered to speak during a testimony scheduled for Friday in Washington, D.C. A Japanese court was scheduled to discuss the issue, in case the U.S. asks for him to be turned over.
"Mr. Karpeles is now in the process of obtaining counsel to represent him with respect to the FinCEN subpoena," according to a legal filing. "Until such time as counsel is retained and has an opportunity to 'get up to speed' and advise Mr. Karpeles, he is not willing to travel to the U.S."
The Chinese government is improving its cyberattack and cyberspying abilities, and western nations must work to improve their own cyberdefense, according to security researchers.
The risk of cyberthreats continues to expand as criminals continue to find newer and more creative ways to compromise users.
"Cyberthreat actors are expanding the uses of computer network exploitation to fulfill an array of objectives, from the economic to the political," according to the report. "Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction and influence global decision makers. Private organizations have increasingly become collateral damage in political conflicts. With no diplomatic solution in sight, the ability to detect and respond to attacks has never been more important."
There is a growing need for the US government and private sector to improve communication and work on sharing threat and attack information.
The idea isn't necessarily a new one, with the private sector pestering government agencies to become more transparent regarding cybersecurity threats - especially with sophisticated attacks stemming from Eastern Europe and China.
"We've been trying for three years to get the government to create a protected avenue to share information from the government down to the private sector up to the government," said Tom Ridge, former US Department of Homeland Security secretary, during a recent security conference. "We've been unsuccessful."
The United States wants to improve its Cyber Command over the next two years, and will increase security staff to more than 6,000 employees, Defense Secretary Chuck Hagel recently said. Both military and civilian candidates will be included, as the US government wants to improve both cybersecurity and offensive weapons that can be used to target foreign operations.
The government will likely need to work with universities and private sector companies to try and find candidates - especially with so much competition for skilled cybersecurity experts.
"It has to do with having the skills," said Michael Daly, Raytheon cyber business CTO, in a statement to SCMagazine. "I think that when the jobs are there, the people with the skills are seeking them out and going after them. What we are seeing is a huge backlog as far as being able to hire people into these jobs. The number of security jobs have grown, but these jobs are taking a lot longer to fill."