TweakTown NewsRefine News by Category:
The recent Google Android bug discovered by security researcher Ibrahim Balic reveals a common technique could compromise the popular OS due to memory corruption - resulting in the device crashing.
In extreme cases, it appears memory code corruption vulnerability could be boosted and lead to arbitrary code execution, with users at risk of operating a rooted device.
"Although it's true that this vulnerability is capable of crashing Android mobile devices, it's important to point out that at this time there are no known instances or infections of this particular vulnerability 'in the wild,'" said Ryan Smith, Mojave Networks Lead Threat Engineer, in a statement. "Mobile malware distributors are typically motivated by money and information, and are therefore unlikely to use their established distribution channels to disseminate malware an app that simply crashes the device and doesn't gain them anything."
Even so, it's frightening the large amount of malware targeted towards Android devices - and security experts recommend using anti-malware and anti-virus software at the very least.
The leader of the Appbucket group, which was responsible for trafficking pirated Google Android apps, has pleaded guilty to one count of conspiring to commit criminal copyright infringement.
Nicholas Anthony Narbone from Florida pleaded guilty, while co-conspirator Thomas Allen Dye from Florida pleaded guilty earlier this month. Both Narbone and Dye will be sentenced in July, while two others have court dates scheduled for April.
"These men trampled on the intellectual property rights of others when they and other members of the Appbucket Group distributed more than one million copies of pirated apps," said David O'Neil, Justice Department attorney general, in a statement. "These mark the first convictions secured by the Justice Department against those who illegally distribute counterfeit mobile apps."
The group shared more than 1 million copies of pirated apps worth more than $700,000 before being shut down.
The steady popularity of smartphones and tablets has led to a rush to steal apps - and either distribute them freely - or offer them for sale.
Companies need to be aware of so-called "password fatigue" and create easier-to-use password-protected system access, as employees are in a rush to get work done, according to a study released by the National Institute of Standards and Technology (NIST).
Employees are more inclined to remember a single password, even if it's longer and more complex, as opposed to needing multiple passwords for each account. This behavior could lead to potential security issues, so password managers or some other type of authentication could be utilized instead.
"'Password fatigue' is, in fact, a very common problem," the study states. Expecting users to simply adapt to an excessive authentication workload is not realistic. But from the user's perspective, what is excessive? In any case, if our participants' coping and avoidance strategies are any indication, the ways in which users adapt may not be desirable from an organizational perspective. Rather than trying to force users to adapt to authentication, organizations, security experts, developers, and engineers must find ways to make authentication adapt to users - in other words, to make it more usable."
Microsoft Windows XP remains an extremely popular and well-liked operating system, but the security benefits alone of Windows 7 and 8/8.1 haven't been enough to get users to migrate. However, Microsoft and security experts are strongly urging both users and companies to upgrade, or potentially face harmful cyberattacks.
Pure Hacking has a few tips regarding XP: Disable what users don't need on the OS, replace XP with Windows 7, segregate legacy installations, and implement application whitelisting control.
"Across Australia there are tens of thousands of machines still running Windows XP - just think POS terminals, let alone all those SMBs," said Gordon Maddern, Pure Hacking CTO, in a statement. "Anyone still on XP will be wide open to attack. All new vulnerabilities - and countless numbers of these are likely - will no longer be fixed by Microsoft. I cannot stress enough, it's time to migrate, migrate, migrate."
In reality, SMBs and corporations should have created a migration plan long ago - and should be well underway with the migration plan - but it's become evident that many companies will instead try to scramble to stay in compliance.
As the Microsoft end of support for the aging Windows XP operating system quickly approaches, security researchers believe the banking industry faces a serious risk of compromised ATMs, according to Symantec.
The Backdoor.Ploutus.B malware variant, an upgraded version of sophisticated malware that proved effective in 2013, allows cybercriminals to force ATMs to dispense cash.
The criminals simply send an SMS to a compromised ATM, walk up, and collect the stolen cash - using a network packet monitor (NPM) and other tools to properly infect the ATM.
"As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number '5449610000583686' at a specific offset within the packet in order to process the whole package of data," said Daniel Regalado, Symantec security researcher, in a blog post. "Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus."
The University of California at San Francisco (UCSF) recently suffered a data breach and almost 10,000 people have been compromised, according to school officials. Several desktop PCs with unencrypted information were stolen from the university's Family Medical Center in January, including personal and health information.
Social Security numbers were exposed for 125 people, with a mix of patient names, birth dates, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers exposed in the breach.
The data theft is now being investigated by the California Department of Public Health, federal authorities, and the California Attorney General, with notification letters and free credit monitoring being offered to some of those exposed.
Security experts strongly urge companies, universities and research groups to encrypt data on PCs, especially if it includes personal or medical information.
The Chinese government is angry and now demands the US government to explain its reported spying actions against Huawei, a major Chinese electronics and telecom company. The report, led by insight taken from former NSA contractor Edward Snowden, accuses the NSA of spying on the company - and stealing information about Huawei customers.
The NSA was specifically trying to find ties between Huawei and the People's Liberation Army, though stumbled across intellectual property of Huawei network switches and routers, reporters state.
"China has already lodged many complaints with the United States about reports of its espionage activities," said Hong Lei, Chinese foreign ministry spokesperson, in a statement to the media.
It's ironic that countries such as Russia and China, which have been accused of launching cyberattacks - and violating human rights - are now demanding the US government to explain itself.
Time Warner Cable processed almost 12,000 government requests in 2013, with 82 percent subpoenas, 12 percent court-ordered incidents, 4 percent were search warrants, 2 percent were emergency requests, and 0.3 percent were wiretap orders.
TWC says the company received between 0 and 249 National Security Orders, though cannot identify an exact number. The company wants to become more open about customer information requests, especially after Edward Snowden's spying disclosures made last year.
We will issue future Transparency Reports on a semi-annual basis," TWC said in a statement. "We have also provided answers to frequently asked questions related to the practices we follow to strengthen protections for the privacy of customer information."
The NSA itself might begin offering transparency reports, as American citizens and foreign residents angry over organized NSA spying. Despite promised transparency from the US federal government and private Internet and telecom companies, users are now significantly more aware of snooping and other questionable behavior.
As multiple retailers learned over the past few months, improving security to defend against cyberattacks such as malware can be extremely difficult.
The massive data breach at Target garnered the most attention, but attacks at everyone from Neiman Marcus to Smucker's and Sally Beauty show consumers they need to closely pay attention to personal security.
"If authentication technology can be simple enough to use and noninvasive, our customers see this as a good thing... because it makes it clear to them that someone's looking out to protect their identity," said Paul Donfried, LaserLock CTO, in a statement.
Moving forward, security companies are developing next-generation anti-malware solutions designed to protect retailers - though consumers need to be aware of the links they click on and apps they install - with cybercriminals successfully using social engineering to cause breaches.
Chinese Internet and telecom giant Huawei didn't take kindly to reports the NSA targeted it with spying operations, along with preparing cyber weapons designed specifically to target the company if needed.
The NSA targeted Huawei as part of operation "Shotgiant," aimed to verify links between the company and the People's Liberation Army. US officials believed better understanding how Huawei works internally would give insight into the Chinese government's influence in the company.
"If the actions in the report are true, Huawei condemns such activities that invaded and infiltrated our internal corporate network and monitored our communications," said John Suffolk, Huawei global cyber security officer, in a statement to Reuters. "Corporate networks are under constant probe and attack from different sources - such is the status quo in otday's digital age."
It wouldn't be a surprise to hear US government officials snooped on Huawei, a Chinese electronics giant, which has also been accused of industrial espionage against US and western companies.