TweakTown
Tech content trusted by users in North America and around the world
6,100 Reviews & Articles | 39,139 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 52

Cybercriminals compromise ATMs to spit out cash by sending SMS message

As the Microsoft end of support for the aging Windows XP operating system quickly approaches, security researchers believe the banking industry faces a serious risk of compromised ATMs, according to Symantec.

 

TweakTown image news/3/6/36528_01_cybercriminals_compromise_atms_to_spit_out_cash_by_sending_sms_message.jpg

 

The Backdoor.Ploutus.B malware variant, an upgraded version of sophisticated malware that proved effective in 2013, allows cybercriminals to force ATMs to dispense cash.

 

The criminals simply send an SMS to a compromised ATM, walk up, and collect the stolen cash - using a network packet monitor (NPM) and other tools to properly infect the ATM.

 

"As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number '5449610000583686' at a specific offset within the packet in order to process the whole package of data," said Daniel Regalado, Symantec security researcher, in a blog post. "Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus."

University of California at San Francisco hit with data breach

The University of California at San Francisco (UCSF) recently suffered a data breach and almost 10,000 people have been compromised, according to school officials. Several desktop PCs with unencrypted information were stolen from the university's Family Medical Center in January, including personal and health information.

 

TweakTown image news/3/6/36501_01_university_of_california_at_san_francisco_hit_with_data_breach.jpg

 

Social Security numbers were exposed for 125 people, with a mix of patient names, birth dates, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers exposed in the breach.

 

The data theft is now being investigated by the California Department of Public Health, federal authorities, and the California Attorney General, with notification letters and free credit monitoring being offered to some of those exposed.

 

Security experts strongly urge companies, universities and research groups to encrypt data on PCs, especially if it includes personal or medical information.

China wants US government to explain itself over Huawei spying

The Chinese government is angry and now demands the US government to explain its reported spying actions against Huawei, a major Chinese electronics and telecom company. The report, led by insight taken from former NSA contractor Edward Snowden, accuses the NSA of spying on the company - and stealing information about Huawei customers.

 

TweakTown image news/3/6/36523_01_china_wants_us_government_to_explain_itself_over_huawei_spying.jpg

 

The NSA was specifically trying to find ties between Huawei and the People's Liberation Army, though stumbled across intellectual property of Huawei network switches and routers, reporters state.

 

"China has already lodged many complaints with the United States about reports of its espionage activities," said Hong Lei, Chinese foreign ministry spokesperson, in a statement to the media.

 

It's ironic that countries such as Russia and China, which have been accused of launching cyberattacks - and violating human rights - are now demanding the US government to explain itself.

Continue reading 'China wants US government to explain itself over Huawei spying' (full post)

Time Warner Cable received less than 250 national security orders

Time Warner Cable processed almost 12,000 government requests in 2013, with 82 percent subpoenas, 12 percent court-ordered incidents, 4 percent were search warrants, 2 percent were emergency requests, and 0.3 percent were wiretap orders.

 

TweakTown image news/3/6/36513_01_time_warner_cable_received_less_than_250_national_security_orders.jpg

 

TWC says the company received between 0 and 249 National Security Orders, though cannot identify an exact number. The company wants to become more open about customer information requests, especially after Edward Snowden's spying disclosures made last year.

 

We will issue future Transparency Reports on a semi-annual basis," TWC said in a statement. "We have also provided answers to frequently asked questions related to the practices we follow to strengthen protections for the privacy of customer information."

 

The NSA itself might begin offering transparency reports, as American citizens and foreign residents angry over organized NSA spying. Despite promised transparency from the US federal government and private Internet and telecom companies, users are now significantly more aware of snooping and other questionable behavior.

Retailers one step behind, unsure how to deal with cyberattacks

As multiple retailers learned over the past few months, improving security to defend against cyberattacks such as malware can be extremely difficult.

 

TweakTown image news/3/6/36496_01_retailers_one_step_behind_unsure_how_to_deal_with_cyberattacks.jpg

 

The massive data breach at Target garnered the most attention, but attacks at everyone from Neiman Marcus to Smucker's and Sally Beauty show consumers they need to closely pay attention to personal security.

 

"If authentication technology can be simple enough to use and noninvasive, our customers see this as a good thing... because it makes it clear to them that someone's looking out to protect their identity," said Paul Donfried, LaserLock CTO, in a statement.

 

Moving forward, security companies are developing next-generation anti-malware solutions designed to protect retailers - though consumers need to be aware of the links they click on and apps they install - with cybercriminals successfully using social engineering to cause breaches.

Continue reading 'Retailers one step behind, unsure how to deal with cyberattacks' (full post)

Huawei officials not happy to hear NSA reportedly snooped on them

Chinese Internet and telecom giant Huawei didn't take kindly to reports the NSA targeted it with spying operations, along with preparing cyber weapons designed specifically to target the company if needed.

 

TweakTown image news/3/6/36499_01_huawei_officials_not_happy_to_hear_nsa_reportedly_snooped_on_them.jpg

 

The NSA targeted Huawei as part of operation "Shotgiant," aimed to verify links between the company and the People's Liberation Army. US officials believed better understanding how Huawei works internally would give insight into the Chinese government's influence in the company.

 

"If the actions in the report are true, Huawei condemns such activities that invaded and infiltrated our internal corporate network and monitored our communications," said John Suffolk, Huawei global cyber security officer, in a statement to Reuters. "Corporate networks are under constant probe and attack from different sources - such is the status quo in otday's digital age."

 

It wouldn't be a surprise to hear US government officials snooped on Huawei, a Chinese electronics giant, which has also been accused of industrial espionage against US and western companies.

US politicians still believe Edward Snowden 'under Russian influence'

Still reeling from massive NSA spying revelations unveiled by former NSA contractor Edward Snowden, US politicians continue to discuss thoughts he is being greatly manipulated.

 

TweakTown image news/3/6/36497_01_us_politicians_still_believe_edward_snowden_under_russian_influence.jpg

 

Snowden remains somewhere in Russia, protected by temporary asylum by President Vladimir Putin's administration.

 

"He is under the influence of Russian intelligence officials today," said Rep. Mike Rogers (R-Mich), House Intelligence Committee chairman, while speaking on Meet the Press. "He is actually supporting in an odd way this very activity of brazen brutality and expansionism of Russia. No counter-terrorism official in the United States does not believe that Mr. Snowden ... is not under the influence of Russian intelligence services. We believe he is, I certainly believe he is today."

 

US politicians and lawmakers believe Snowden is being manipulated by the Russian government and poses a great threat to US national security. Prior to Snowden's video interview during SXSW earlier this month, Congressman Mike Pompeo (R-Kansas) wanted event organizers to skip the interview.

California DMV suffers data breach, online transactions targeted

Credit card companies and financial institutions indicate the California Department of Motor Vehicles may have been breached, with MasterCard recently sending an alert memo of a "card-not-present" breach indicating online transactions.

 

TweakTown image news/3/6/36490_01_california_dmv_suffers_data_breach_online_transactions_targeted.jpg

 

It's unknown how the California DMV was compromised, but stolen information includes credit card numbers, three-digit verification codes, and expiration dates are at risk - and an investigation will try to determine if driver's license numbers, Social Security numbers, phone numbers, and addresses were also at risk.

 

"We're seeing two percent of our card base compromised as a result of this, and our cards are 100 percent concentrated here in California," said a representative at an undisclosed bank, speaking to Krebs on Security. "That's still a big number, and it's a huge exposure window."

 

Consumers need to be vigilant in how they handle their own personal information, and follow these types of high-profile security breaches.

IRS watchdog says phone scam described as 'largest ever'

Another year, another sophisticated Internal Revenue Service (IRS) scam targeting users, with the IRS already receiving 20,000 reports about the clever scam. This particular scam is the largest scam IRS officials have found, and is stealing millions of dollars from US taxpayers across the country.

 

TweakTown image news/3/6/36489_01_irs_watchdog_says_phone_scam_described_as_largest_ever.jpg

 

The scam first gained prominence last August, and largely targeted immigrants - but has evolved into anyone the scammers can trick.

 

"This is the largest scam of its kind that we have ever seen," said J. Russell George, IRS Treasury inspector, in a statement. "The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver's license."

 

It's not uncommon for residents to receive a phone call from someone claiming to be with the IRS, stating the victim needs to pay or face arrest. The scam might seem ridiculous, but is a major problem - and certainly harms victims - with law enforcement and federal investigators trying to identify those involved.

Updated BlackOS software available to cybercriminals for $3,800

The malicious BlackOS software package has been updated and is now available on the cybercriminal underground for $3,800 per year.

 

TweakTown image news/3/6/36488_01_updated_blackos_software_available_to_cybercriminals_for_3_800.jpg

 

As noted by Trend Micro, the updated software is better suited to process and manage website exploitation, providing a great return-on-investment for cybercriminals. A custom Web interface allows for better web traffic management and access to features that lead to redirected traffic and iframes injection.

 

"They do a mass attack, there are no specific targets as these websites are just a launch pad to perform their malicious attacks," said Chris Budd, Trend Micro threat communications manager, in a statement to SC Magazine. "They are usually looking for an easy access, once they are inside they will try to level up the privileges to gain root access on the machine and therefore be able to [make] use of the BlackOS features, which is inject a malicious IFrames in all web pages."

 

There is an alarming trend in sophisticated, well-written malicious programs that are readily available on underground cybercriminal forums.

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases