TweakTown NewsRefine News by Category:
VTech Holdings is a technology toy maker specializing in fun and educational wares for kids, and it's Learning Lodge app store was raided recently by hackers, stealing account information from the database within.
Although there hasn't been official confirmation from this company just yet, reports claim that 4.8 million accounts have been compromised, including some made by, for, or about children.
VTech was not aware of these attacks, with the breach happening on November 14, this company didn't know anything until asked by a reporter on November 23. While VTech states that it has put measures in place to stop this from happening again, the accounts compromised are encrypted with an outdated algorithm, leaving little hope of safety for those already hacked. In addition, the database contains information on 200,000 children, including first names, genders and birthdays.
Kaspersky Lab has reported that a group of approximately 20 Russian hackers has stolen $790 million recently. Around 70 percent of this money has come from individuals and businesses within USA and Europe since 2012, supplementing this income with the further 30 percent coming from Russian bank accounts.
Describing them as a highly organized and sophisticated syndicate, Intel Security's Mike Sentonas told News.com.au that "We've been tracking a lot of these groups for years now and they have such strong architecture it's hard to shut it down."
While hackers can be placed around the globe, Deakin University's Professor Mathew Warren claims that a major concentration of these criminals are located within Russia and the surrounding countries of Ukraine and Bulgaria.
While Dell recently admitted that a dangerous vulnerability was pre-installed on their systems, they refused to believe that it was created by them but still pledged to remove it.
In a great move my Microsoft, its Windows Defender security system has now begun locating and removing the certificate itself, as long as you've updated your Windows OS. Discovered by ZDNet in a routine action just this morning, Windows Defender identified a threat named "Win32/CompromisedCert.D" and removed it from the system.
Dell has reportedly started issuing updates to its maintenance utility to also rid this issue for all concerned, but it doesn't hurt to update Windows Defender to be safe.
"Malicious hackers already know us to be weaker than the rest of the world," the director of Hacklabs, Chris Gatford, told News.com.au in an interview. He believes that without much effort, Australia's water and electricity supply lines could become a complete shambles with a single hacker attack.
Gatford went on to draw the comparison between Australia's national infrastructure and your mothers Microsoft Surface, stating: "It would only take a skilled individual to breach these computer systems, because more often than not they are not patched as frequently as corporate or home systems which have automated updates." While he did comment mainly on security concerns within Australia, Gatford also made mention of other technical mishaps around the world, touching on "historical examples of traffic lights being overtaken, denial-of-service attacks at airports and organisations in Wall Street coming under attack to see its 100 per cent possible."
The whole situation isn't quite as dire as it may initially seem though, the Hacklabs director did reassure us that these necessary utilities would recover quickly from attack, rather than send Australia into a Fallout 4-like existence.
Utilizing a staff ID card to gain unauthorized access to a staff-only area of the University of Queensland (UQ), a student recently completed a hack into the private University grading system in an attempt to alter his marks before graduation.
As a result, this man is now scheduled to appear in court on December 3rd and faces 14 total charges, with these charges being partly made up of six based around use of a restricted computer and four for fraud. The 24-year-old man is in what the University called a "very serious matter," refusing to further comment on the allegations.
A statement by UQ Deputy Vice-Chancellor, Professor Joanne Wright, reminded students that they "should be aware that academic misconduct can lead to expulsion and criminal charges," further stating "I won't detail how we monitor for and detect cheats, but we have a range of measures to expose hacking and other breaches of information technology systems, plagiarism, and other misconduct."
While the LED light turns off when deactivated through the linked application, researchers have discovered that Google's Nest Cam doesn't fully deactivate, stating that it continues to function in a lower power state.
Expanding on these findings, The BBC says that the tested device "continued to draw a current of 340 mA" even when switched completely off, compared to a draw of 370 mA when turned on and operational.
While this draws concerns of 'Big Brother' Google or hackers being able to watch you at any time, Nest released a statement claiming that "when Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time." Further reassuring customers, they also said "when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings."
After users had their Amazon account passwords force-reset by the company itself, it has become apparent that a leak was possibly afoot.
In an email to customers, Amazon stated that it "recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party." While this email assured users that the issue was fixed "to prevent this exposure," Amazon also made sure to point out that no third party will have had access to your private password information.
ZDNet reported that these warning emails were coming from both Amazon.com and Amazon.co.uk. While Amazon.com had implemented two-factor authentication for users recently, it's UK counterpart has not yet installed this safety mechanism.
With China joining the rest of the world in moving away from hard currency towards various card options, Trend Micro says that cyber criminals are beginning to run rampant, stepping up their efforts in card fraud.
As part of a new study, Trend Micro pinpoints that the strong Chinese cyber criminal market has shown particular interest in gathering card payment information online. Trend Micro Forward-Looking Threat Research Team member, Lion Gu, wrote this lengthy report and referred to the growth in the market as an obvious fraud issue. With more users comes more risk of crime, it's not exactly rocket science.
What isn't obviously is exactly how this crime will come about. It's not just dodgy online stores that are being used, some machines are being modified to illegally store and send information, says Gu. Due to the machines passing through many hands and it being sometimes hard to track exactly who has touched them and when, there's a large possibility that criminals are placing these information capture facilities on products at some stage through the supply line, without the end-user or buying business being aware.
British police have arrested two young people believed to be spearheading a website named reFUD.me, a company which offered services to malware makers, assisting them to navigate past anti-virus programs.
The two 22 year-olds arrested allegedly kicked off their project in Feburary 2015, advertising themselves through various online malicious forums. Providing support to surpass between 30 and 40 anti-virus programs, the offered service utilized Cryptex Reborn packaging to bypass any new issues that arose during its time of operation.
reFUD.me charged license fees to many of its users, asking for $20-90 per month while offering updates when new issues were to arise.
Described as an "unintended security vulnerability," Dell has admitted that a root certificate preinstalled on some of its models exists and promises to remove it.
A Dell spokesperson explained that "to address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site, and technical support," further commenting that the computer giant does not install malware on user systems pre-delivery.
While Dell claims no responsibility for this flaw, a security blogger by the name of Hanno Bock disagrees. He says that this root certificate is not only shipped within these pre-built machines, but it's under the name 'eDellRoot' and is linked to 'Dell Foundation Services' drivers.