TweakTown NewsRefine News by Category:
Minnesota has become the first state to make kill switches mandatory, following Governor Mark Dayton's decision to sign the bill into law last week. The new law will go into effect on July 1, 2015, and all smartphones sold in Minnesota must have some type of antitheft - or kill-switch technology - pre-installed on phones sold to consumers.
The California Senate recently passed a smartphone kill switch bill, which must be approved by Governor Jerry Brown, as the smartphone industry is still unsure of kill switches.
Police authorities throughout the United States have called for some type of smartphone theft legislation - around 1 in 3 robberies in the United States led to smartphone loss, the Federal Communications Commission noted. However, officials from the CTIA-The Wireless Association said mandatory laws aren't necessary due to voluntary kill switch initiatives that wireless carriers and smartphone manufacturers have agreed to.
Mobile security is a major effort from handset manufacturers, wireless carriers, and security companies, though many smartphone and tablet users remain blissfully unaware. A lot of users don't have any type of additional security software on their devices, or conduct activities which open themselves up to additional threats, researchers previously noted.
To help share methods on how users can keep themselves better protected, TweakTown asked Roberto Martinez, a Kaspersky Lab researcher with the Global Research and Analysis Team: "There are several ways that the users can be protected. It's recommended to not perform procedures of 'rooting' or 'jailbreaking' in devices because this eliminates protection features of the operative systems. It's also recommended to regularly update any OS and applications."
In addition to avoiding jailbreaks, there are other tips and techniques for users to avoid being compromised: "Users should be very careful with the applications that are installed in devices, especially those that are offered for free and don't come from reliable sources. Additionally, users should be careful when connecting to public Wi-Fi networks, and if applicable, use VPN tools instead. And of course, always use anti-malware and encryption protection tools."
The Federal Trade Commission should be tasked with enforcing security protocols to protect Internet users from security threats posed by online advertising, according to a recent report from the Permanent Subcommittee on Investigations of the Senate's Committee on Homeland Security and Government Affairs.
"Consumers can incur malware attacks [through online ads] without having taken any action other than visiting a mainstream website," the report notes. "Similar attacks have struck across many online advertising platforms."
It seems significantly more likely for users to be infected with malware or security threats when visiting piracy websites, for example, though third-party advertisers have been hacked in the past. Malware creators are getting more creative in their efforts to compromise users, as they find many security loopholes and very little risk.
The Retail Industry Leaders Association (RILA) has teamed up with leading retail brands to create the Retail Cyber Intelligence Sharing Center (R-CISC), with the focus of sharing cyber intelligence and security strategies. It seems like a rather fascinating effort that has been streamlined due to the continued security threats that retailers face - and have struggled with - while trying to keep employee and customer data secure.
"Retailers place extremely high priority on finding solutions to combat cyberattacks and proect customers," noted Sandy Kennedy, RILA President, in a press statement. "In the face of persistent cybercriminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cybercrimes."
In addition to Target's massive data breach, other retailers have been under fire from cybercriminals, including the likes of LaCie, Michaels, Neiman Marcus, Smucker's, and others over the past few years. The R-CISC should help give major retailers an opportunity to discuss potential security threats, and discuss what has - or hasn't worked - in cyber defense strategies.
Police in Tucson, Arizona recently arrested six people involved in an international identity theft and credit card fraud ring, with an unknown number of victims. The criminal group reportedly purchased stolen credit card information from Eastern Europeans, and then were printing their own cards to use in local retailers.
"The scope of the problem is so huge that this is probably a drop in the bucket to what's out there, but it's a significant ring," noted Sgt. Radinsky, from the Tucson Police Department, in a statement to local media.
Credit and debit card fraud continue to be big business for criminals, and is the top security concern facing Americans, according to a study released by Unisys. Meanwhile, retailers are suffering a large variety of data theft issues due to malware and other security threats, which continue to cause problems for consumers.
The Department and Defense (DoD) and Tricare have dodged a legal bullet, when a U.S. federal judge threw out most of the lawsuit related to the theft of personal data. Just two complaints from the case remain, after a Science Applications International Corp. employee had storage drives stolen from his or her vehicle, in September 2011. The drives were en route to a storage facility and the theft took place before they could be properly stored.
Here is what U.S. District Court judge James Boasberg noted: "Since the majority of plaintiffs has been dismissed - potentially altering the scope of the remaining litigants' claims moving forward - the court will pause to confer with the parties before determining which, if any, of the complaint's twenty counts has been properly alleged."
The breach affected 4.9 million people, and plaintiffs reportedly wanted $4.9 billion in damages due to the theft of names, addresses, phone numbers, Social Security numbers, prescription information, and medical test reports.
The Samsung KNOX security platform, designed to provide an additional layer of security for Google Android smartphones, has been approved for use by the British government. The UK Communications and Electronics Security Group (CESG) has tested KNOX for a few months, ensuring public sector communications would remain secured.
Samsung KNOX has been approved in the UK for the following devices: Galaxy Note 3, Galaxy S3, Galaxy S4 and the Galaxy S5 smartphones.
"Our technology is widely used in both the UK public and private sector, and with this approval we are committed to working more closely with government departments and agencies that need to maintain high levels of security and data confidentiality on their mobile devices," said Graham Long, Samsung UK and Ireland VP, in a press statement.
Cybercriminals are largely motivated by money and are honing their abilities to find new methods to crack through security measures and compromise users. Despite a wide variety of new security measures available, end-users are the last line of defense, and it seems that we are largely failing to help ourselves.
"If someone really wants to find a way to target you, they will probably find a way, said Jeff Wilson, Principal Security analyst with Infonetics, which continues to be proven true.
Earlier in the year, Microsoft said malware infections tripled in 2013, with security threats continually evolving and causing both researchers and users headaches. To make matters worse, the use of clever social engineering has tricked users to install malicious software, turn over sensitive information, and makes it even easier to be compromised.
Iranian hackers are targeting U.S. private sector defense companies and Iranian dissidents. The Iranian-based Operation Saffron Rose has evolved from simple website defacement to a sophisticated cyberespionage operation utilizing advanced persistent threats (APTs) attacking US defense companies.
Security researchers are increasingly concerned about the Iranian government's growing cyberwar ambitions, which will largely be used to target the United States. Social engineering techniques, which are continually being improved upon, also leads to an increased number of western Internet users infected with malware.
Here is what FireEye said in a statement: "There is an evolution underway within Iranian-based hacker groups that coincides with Iran's efforts at controlling political dissent and expanding its offensive cyber capabilities," said Nart Villeneuve, senior threat intelligence researcher at FireEye. "We have witnessed not only growing activity on the part of Iranian-based threat actors, but also a transition to cyber-espionage tactics. We no longer see these actors conducting attacks to simply spread their message, instead choosing to conduct detailed reconnaissance and control targets' machines for longer-term initiatives."
Google account owners are being targeted by a new round of phishing attack, with cybercriminals targeting uniform resource identifiers (URIs) that helps display data in Google Chrome. The attack is mainly targeted at Chrome users, but has also reportedly succeeded against Mozilla Firefox users as well, according to security researchers.
The initial introduction email mimics something sent from Google, with email subjects of "New Lockout Notice" or "Mail Notice" in the subject line. The email itself is written poorly, with bad grammar and odd capitalizations, though that hasn't stopped users from being tricked due to the email.
"With access to users' Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents," said Catalin Cosoi, Bitdefender chief security strategist, in a statement to Infosecurity. "The scam starts with an email allegedly sent by Google, with 'Mail Notice' or 'New Lockout Notice' as a subject."