TweakTown NewsRefine News by Category:
Despite more than 40 million credit and debit card accounts stolen by cybercriminals inside of Target's network, the amount of real-world fraud has been minimal, Target and Visa recently stated. Specifically for Visa accounts, there has been $2 million in fraud, according to Target officials, as the company promised to undergo internal reform.
"As long as we continue to have a guest lens and use that data for the value of our guest, we're in a good place," said John Mulligan, Target Chief Financial Officer, in an interview. "We need to continue to invest and make it better. That's the challenge for us."
Despite Visa and Target reporting a low number of actual fraud cases, the retailer has been hit with class-action lawsuits from customers and banks.
Companies are desperate to try and keep employee data and customer records safe from cybercriminals, with varying levels of success, as sophisticated cyberattacks continue to target corporations.
Although companies are increasingly taking security awareness training seriously, human error remains a major threat, even if IT security is properly implemented.
"The human factor is a leading source of security threats for today's IT manager," said Stu Sjouwerman, founder and CEO of KnowBe4, in a press statement. "To maintain security, every company should adopt the 'defense-in-depth' strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training as this affects every aspect of an organization's security profile."
Although cybercriminals enjoy targeting end-users with malware - to compromise their personal information - stealing data from businesses can yield employee information, customer data, and large amounts of valuable data in a short amount of time.
The debate regarding a mandatory smartphone kill switch, proposed by Sen. Mark Leno (D-San Francisco), with support from San Francisco District Attorney George Gascon, has ignited a debate among consumers and security researchers.
SB 962 is designed to help clamp down on the market for stolen devices in California, though smartphone manufacturers have been against similar efforts. If passed in California, the legislation could have major ramifications for other states trying to battle against the growing black market for stolen smartphones and tablets.
Although some are fighting the effort, some security experts and consumers approve of such legislation. Here is what Brent Hutfless, IT director for Austal USA, said in a recent blog post published via Tripwire:
"The premise of the bill is sound, the desire to reduce violence is both commendable and desirable, and despite carrier reluctance this technology already exists to some degree through current mobile device management solutions. Beyond the obvious benefit of reducing consumer costs associated with replacement devices, there is a potentially huge security implication, as this better positions the cell phone as a form of personal identity."
A rather shocking 43 percent of identity theft cases last year can be traced back to medical identity theft, as security experts and healthcare providers struggle to keep up with security challenges, according to a recent study.
Unfortunately, medical records are significantly more lucrative to cybercriminals, meaning it's a popular target for attacks.
"Despite concerns about employee negligence and the use of insecure mobile, 88 percent of organizations permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their organization's networks or enterprise systems such as email," according to the Ponemon Institute's Fourth Annual Patient Privacy and Data Security report.
Many healthcare companies and hospitals embrace "bring your own device," but don't require any type of anti-virus or anti-malware security software - an alarming rate when 88 percent of companies rely on employees to use their own smartphones on the job.
Android had a greatly successful year in 2013, capturing around 87 percent of the international smartphone market - but during the same year, the Android community had to deal with a large amount of malware and security threats.
Ninety-seven percent of current mobile malware targets Android, and users will continue to face a large amount of threats moving forward.
Security company F-Secure recommends sticking to the Google Play Store to download apps, as one in every 1,000 apps might have had malware - while purchasing or downloading apps from other sources can easily lead to malware infection.
Cybercriminals rely on malware for both targeted attacks and to try and infect as many people as possible.
In the world of gun safety, companies are scrambling to try and manufacture some type of technology to prevent accidents - and from stolen weapons used in later crimes - but there haven't been a lot of easy answers. The Identilock biometric authentication technology, created by Omer Kiyani, a gunshot victim from Detroit, provides an added layer of handgun security.
The lock connects to a handgun's trigger and uses biometric authentication to ensure only the authorized gun owner is able to disable the lock - which takes less than one second from initial contact on the fingerprint sensors.
"The key is reliability," said Kiyani, when speaking to CNN. "The sensor has proved itself in different sectors over the past few years and the market is aware of its capability. The main point of firearms ownership is home defense, and home defense means quick access. But the other side of that is accidents."
Kiyani isn't interested in trying to get into a debate regarding gun ownership, rather wants to create a safe, easy-to-use locking mechanism.
The "Coinkrypt" malware is making its rounds, infecting Google Android devices, letting cybercriminals mine Litecoin, Casinocoin and Dogecoin courtesy of hijacked devices.
Most malware today is designed to either steal information or create some type of financial incentive for criminals - and Coinkrypt follows that same strategy, but with a rather unique twist.
Although it isn't prevalent at the moment, security researchers want users to be aware of the potential ramifications if they are infected - including potentially causing batteries to drain faster - or eventually leads to overheating.
"While mining as a strategy hasn't paid off for these malware authors, as these digital currencies continue to grow, we predict that the number of new malware families targeting them will also continue to grow as malware authors experiment with various different strategies in their desire to cash in," a blog by security firm Lookout indicates.
The legal woes for popular retailer Target continue to mount, with Green Bank NA and Trustmark National Bank filing a class-action lawsuit, accusing the company of not properly securing customer data. Also named in the suit was Trustwave Holdings, a company specializing in credit card security services, with other complaints likely in the immediate future.
Target outsourced data security operations to Trustwave, and "failed to live up to its promises or to meet industry standards," the suit claims.
Target already faces numerous class-action lawsuits from customers affected by the data breach, so this will only further rack up the legal fees. In addition, disclosures indicating Target may have known about a potential security breach - and ignored numerous security warnings from internal IT - will add fuel to the fire.
Target was the biggest breach, but other retailers have been hit with various types of malware, targeting point-of-sale registers, online stores, and company records.
The Bennington Area Chamber of Commerce recently suffered a major annoyance after needing to spend $5,000 to upgrade PCs, servers and HDDs that were crippled by the Cryptolocker ransomware.
The chamber wanted to pay the ransom but suffered a power failure, losing the connection with the Cryptolocker cybercriminals.
"We had to replace our entire computer system because of it," said Joann Erenhouse, Bennington Area Chamber of Commerce director, in a statement to local media. "Right now we are just about up and running."
Similar to other forms of malware, users are the first line of defense, but tend to be too fast to read emails and open attachments from unknown sources.
Cryptolocker is an especially tricky piece of ransomware, with infected users typically forced to pay the ransom - or restore from what hopefully was a recent backup. Almost 40 percent of affected companies choose to pay the ransom, which is typically pay $500-$750 - or face having files permanently encrypted.
In a double whammy, the Fareit Trojan targeting Microsoft Windows PCs also has been found to spread the Cribit ransomware, as security researchers transition to defend against sophisticated cyber threats.
There are two versions of Cribit in the wild - one version encrypts files on the infected PC and shows an English ransom, while the other version has messages also available in Chinese, French, Arabic and Spanish, researchers note.
"After all, cybercriminals are after one goal: to get a person's money," said Christopher Budd, Trend Micro threat communications manager, in a statement to SC Magazine. "Returning/decrypting a victim's files won't certainly be a priority or major concern for these people. Additionally, paying the ransom may encourage and help expand the operations of cybercriminals."
Cybercriminals are gladly enjoying the use of sophisticated malware to compromise devices, in an effort to steal information - and now to demand monetary payments for releasing a computer from malicious and disruptive software.