TweakTown NewsRefine News by Category:
Computer security companies have had their hands full keeping PCs and other devices secure from cyberattackers, and while mobile malware is still overlooked, the threats are continuing to grow. There is serious concern that hackers will infect smartphones and tablets using malicious programs that are able to act like legitimate apps - giving them access to a large amount of information on mobile devices.
"We think the threat is real; we think it's a growing threat," said Gary Davis, McAfee chief consumer security evangelist. "We think there's a laissez-faire attitude with consumers not giving it the same kind of attention they give other threats."
Despite the lack of mobile attacks, where Google Android devices receive 98 percent of total mobile threats found in the wild, other operating systems need to be aware of security problems. Furthermore, mobile malware still has a lot of room to grow, even with thousands of Android-based malicious threats already spotted by security researchers.
Russian hackers were able to target NATO, Ukraine, European Union and private sector companies using a Microsoft Windows exploit, according to iSight Partners. Russia reportedly has organized state-sponsored cyberattacks, so it's no surprise to hear they launched attacks against geographic and political rivals. iSight informed Microsoft about the problem so the company is able to resolve problems and plug the hole to prevent future intrusions.
iSight wasn't able to confirm what type of data was taken in the data breaches, though cyberattacks originating from Russia continue to plague companies. Furthermore, the five-year cyber espionage effort, named "Sandworm Team" by iSight, also included references to science fiction series in the malicious code.
"Your targets almost certainly have to do with your interests," said John Hultquist, iSight cyber espionage head. "We see strong ties to Russian origins here."
Information service company Experian wants consumers and businesses to be more aware of current fraud, identity theft, and cyber threats that face us every day. Cyberattacks largely were ignored by oblivious consumers, but recent point-of-sale (POS) attacks that hit the likes of Target and Home Depot has consumers more interested in potential threats.
"Serious risks are emerging for consumers and businesses as fraudsters identify new targets to attack," said Charles Chung, Experian Decision Analytics president, in a press release. "The monetary cost of fraud losses can be high, but the impact a loss or breach can have on customer relationships and brand integrity can be even higher. Combing comprehensive authentication processes with proportionate measures to monitor user activities and protect consumer data throughout the life cycle is a competitive requirement in today's market."
To help businesses better understand current fraud and cyberattacks, Experian is hosting the Future of Fraud and Identity summit on Monday, October 21 in New York City. It's a difficult time for companies trying to adapt to changing customer needs - and waves of cyberattacks that have been difficult to defend against.
Hundreds of Dropbox usernames and passwords were posted online, and the hackers reportedly have almost 7 million other compromised accounts. The breach took place because of third-party apps which can access Dropbox, and wasn't a direct breach of Dropbox.
Dropbox denied it was hacked (via The Next Web): "Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well."
Despite the appeal of online storage services, users must be cautious when they grant third-party applications access to accounts. While Dropbox wasn't directly hacked, it's questionable as to what apps should be allowed access - as these third-party services are now popular targets for cyberattacks.
Things do not look good as Sears Holding Corp said on Friday that its Kmart retail chains customer database may have been compromised last month. As a result, some of its customer's credit card and debit card details may have been stolen.
The company said on Friday that its Kmart's servers was affected by a malware. Kmart was not able to say how many customers are affected, and according to their investigation so far, no debit card pin numbers, email and phone contacts, social security number and personal information was stolen.
But, to be on the safe side, Kmart made an announcement that it will be providing a free credit-monitoring service for its customers who used a debit or a credit card during since last month until Thursday. Customers can then call Kmart customer service and report the unauthorized charges immediately. In the meantime, the company hired a security firm to look into the matter while working with its banking partners and federal authorities.
New anti-theft technologies for smartphones and tablets allow owners to lock and remotely wipe their device, but these solutions are giving suspects the ability to secure seized devices. Several police agencies in the UK recently reported that devices previously seized as evidence were wiped, all of them while in police custody.
"There were six incidents, but we don't know how people wiped them," said a spokesperson from the Dorset police department in the UK. "We have cases where phones get seized, and they are not necessarily taken from an arrested person - but we don't know the details of these cases as there is not a reason to keep records of this."
If this becomes a widespread problem, police need to change their practices, which should begin with putting all seized electronics in a radio-frequency shielded bag.
Hackers aren't only interested in embarrassing celebrities, as thousands of pictures and videos were stolen from Snapchat users and will be posted online. The online service was quick to confirm its servers weren't breached, however, users of third-party Snapchat apps were targeted - and will be posted online in a searchable database.
Unfortunately for the users, they believed the images were quickly purged after being sent - instead, "The Snappening" will be posted on 4chan and other websites soon enough.
Chinese officials are angry at the United States for allegedly inflating the real-world cost of defending against cyberattacks blamed on China. The U.S. government and private sector companies are routinely targeted by foreign hackers, with the cost of data breaches sometimes in the billions of dollars, though Beijing not surprisingly rejects those claims.
"We express strong dissatisfaction with the United States' unjustified fabrication of facts in an attempt to smear China's name and demand that the U.S.-side cease this type of action," said Hong Lei, Chinese Foreign Ministry spokesperson. "We also demand that the U.S. side cease its large-scale systematic Internet attacks on other countries. The United States tries to divert attention by crying wolf. This won't succeed."
FBI director James Comey recently said China is the top cyber threat to U.S. infrastructure, as state-sponsored hacking remains common place. Meanwhile, the Chinese military wants a larger emphasis put on domestic software development - and increased defenses to prevent cyberattacks - as computer-based computer espionage is a major threat to both countries.
Former NSA contractor Edward Snowden will speak via video chat during the Observer Ideas festival this weekend in the UK. An Observer technology columnist will ask questions to Snowden regarding technology, privacy, and other issues - and will be the first time Snowden has answered questions or been invited to an event in England since revealing mass surveillance activities by the NSA.
"We need to figure out how (and whether) societies can reassert effective democratic control over our security agencies, whether the technology that has enabled comprehensive surveillance can be re-engineered to protect privacy; how our law-making in these areas could be improved, and whether citizens can be persuaded to take an interest in these matters before it's too late," said John Naughton, Open University professor of the public understanding of technology.
As Snowden remains safely tucked away in Russia, the American whistleblower has become more vocal during media interviews and video-linked public appearances.
Cybercriminals are targeting ATMs in Russia and Eastern Europe with the Tyupkin malware, compromising the cash dispensing machines. More than 50 ATMs were running with the malware, but it has spread to the United States, France, India, China, Israel and Malaysia.
The ATMs need to be physically accessed by the criminals, with a bootable CD containing the malware deployed - with those responsible infecting the ATMs on Sunday and Monday nights, ensuring their faces are covered.
"The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure," said Vicente Diaz, Kaspersky Lab Global Research and Analysis Team principal researcher. "We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions."