Tech content trusted by users in North America and around the world
6,317 Reviews & Articles | 41,888 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 54

Symantec uncovers 'Dragonfly' group targeting western energy companies

Western energy companies are under attack by cybercriminals located in Eastern Europe, compromising industrial control system software updates. The attackers, known as "Dragonfly," are able to spy on energy sector targets, and could have damaged or disrupted energy service to customers, according to security firm Symantec.

 

TweakTown image news/3/8/38787_01_symantec_uncovers_dragonfly_group_targeting_western_energy_companies.jpg

 

In addition, Dragonfly utilizes a large library of malware and other cyberattack tools capable of causing damage to targets. Along with infecting industrial control systems, the group is responsible for sending out spam emails to target select companies. The U.S. government wants a stronger stance on cybersecurity, and often points towards the financial and energy infrastructure as two sectors that need to adhere to strict security protocols.

 

"This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems," according to the Symantec report. "While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."

Edward Snowden leak damage manageable, new NSA chief says

Former NSA contractor Edward Snowden generated anger among politicians and military leaders when he revealed organized surveillance programs. However, it's not causing the new head of the National Security Agency (NSA) to panic, saying the damage done is manageable and hasn't led him to believe "the sky is falling."

 

TweakTown image news/3/8/38803_01_edward_snowden_leak_damage_manageable_new_nsa_chief_says.jpg

 

When responding to damage caused by Snowden, the new director, Adm. Michael S. Rogers, said the risk was manageable: "You have not heard me as the director say, 'Oh, my God, the sky is falling.' I am trying to be very specific and very measured in my characterizations."

 

Similar to a handful of lawmakers, they claim Snowden's information has led to terrorists changing tactics, but refuse to indicate which groups have altered their tactics - while citizens remain frustrated about such organized snooping practices.

Apple two-stage iCloud authentication system launches

Apple is currently testing a way to make its iCloud system more secure by using two-step verification. Before the new system went into testing, all people needed was a simple password to gain access to iCloud.com. Using only a password makes access easier to gain by nefarious hackers.

 

TweakTown image news/3/8/38800_8_apple_two_stage_icloud_authentication_system_launches.jpg

 

iCloud now uses Apple's normal two-factor authentication system with users logging in using a password and a four-digit verification code. That four-digit verification code has to be sent to a trusted device.

 

Once that four-digit code is entered, iCloud apps are unlocked and can be accessed normally. The only iCloud app that can be accessed without the verification code is the Find my iPhone button. Find My iPhone is not secured with two-factor authentication to allow you to find your device if it is lost or stolen and is your trusted device.

US companies facing DDoS attacks that prove to be very effective

Cybercriminals are finding success launching distributed denial of service (DDoS) attacks against companies, causing disruptions and sometimes halting organizations during business days. Forty one percent of organizations across the world were targeted, with 78 percent hit at least two or more times in the past 12 years, according to BT.

 

TweakTown image news/3/8/38783_01_us_companies_facing_ddos_attacks_that_prove_to_be_very_effective.jpg

 

"DDoS attacks have evolved significantly in the last few years and are now a legitimate business concern," said Mark Hughes, BT Security President, in a press statement. "They can have a damaging effect on revenues and send an organization into full crisis mode. Reputations, revenue and customer confidence are on the line following a DDoS attack. Finance, e-commerce companies and retailers in particular suffer when their websites or businesses are targeted."

 

DDoS cyberattacks were up 43 percent during Q4 2013, according to security company Akamai - and the problem only seems to be intensifying. Due to the increase in DDoS attacks, 78 percent of US organizations are increasingly concerned about the popular cyberattack method used by hackers.

Microsoft battles against malware crime groups in Algeria, Kuwait

Malware linked back to cybercriminals in Algeria and Kuwait was disrupted when Microsoft named several parties in a civil suit accused of creating malicious code that infected millions of victims. The strategy is a unique new method by Microsoft, attempting to disrupt communication channels used by cybercriminals and the infected PCs they've compromised.

 

TweakTown image news/3/8/38786_01_microsoft_battles_against_malware_crime_groups_in_algeria_kuwait.jpg

 

The foreign nationals, Naser Al Mutairi and Mohamed Benabdellah, along with the Vitalwerks Internet Solutions domain hosting company - almost 94 percent of compromised machines used Vitalwerks servers so the criminals were able to control the machines - in a rather clever method to try to stay under the radar.

 

Meanwhile, Vitalwerks claims millions of Internet users have suffered disrupted service because of the legal proceedings. Microsoft didn't directly say Vitalwerks was involved in the cybercriminal activities, but said the company didn't do enough to prevent it.

Continue reading 'Microsoft battles against malware crime groups in Algeria, Kuwait' (full post)

Companies are aware of cyberattacks, but still learn the hard way

Companies are familiar what to do during a cybersecurity incident, and how to defend against phishing and social engineering tactics, but tend to only learn lessons the hard way. Fifty four percent of respondents to a recent survey said they were not hacked or experienced a data breach in the past 12 months, according to TrainAce, a cybersecurity training organization.

 

TweakTown image news/3/8/38784_01_companies_are_aware_of_cyberattacks_but_still_learn_the_hard_way.jpg

 

For companies that did suffer a data breach, 70 percent found a Trojan on a PC or on theur network - and 20 percent of those hacked don't have a cybersecurity incident plan ready.

 

"The findings we've compiled suggest that while most companies are employing best practices when it comes to cybersecurity, there is still a way to go before adoption is universal," said Ralph Sita, TrainACE CEO and President, in a press statement. "All companies have different reasons and needs when it comes to cybersecurity, but it's troublesome to learn that many still don't have the basics in place, such as a cyber incident plan or set of updates guidelines."

Continue reading 'Companies are aware of cyberattacks, but still learn the hard way' (full post)

Most healthcare providers struggle to keep data secure, earning a 'D'

A whopping 58 percent of healthcare vendors scored a "D" when it came to data security and privacy standards, as cyberattacks trying to steal medical records become more common, according to security risk management firm Corl Technologies. To put together the report, everything from security incidents, security and privacy policies, and quality of security team in place helped calculate scores.

 

TweakTown image news/3/8/38777_01_most_healthcare_providers_struggle_to_keep_data_secure_earning_d.jpg

 

"[The] majority of health care vendors lack minimum security practices, well short of HIPAA standards," according to the report. "Health organizations are often unaware of how many of their vendors have access to protected information."

 

It's unfortunate that healthcare vendors earned such a low score, as patient medical records are a valuable asset for cybercriminals. As such, medical identity theft amounted to 43 percent of identity theft cases in 2013, according to a study released by the Ponemon Institute - and HIPAA laws are scrambling to catch up to the current rash of healthcare-related cyberattacks.

Cybercriminals using the cloud to successfully launch attacks

Following new technology trends, cybercriminals are always-on the lookout for new methods to launch successful attacks to compromise information. There has been an uptick in attackers hosting botnets and malware in the cloud, successfully remotely controlling criminal behaviors remotely in the cloud.

 

TweakTown image news/3/8/38755_01_cybercriminals_using_the_cloud_to_successfully_launch_attacks.jpg

 

Recently, criminals were found to be using DropBox to issue command and control instructions, in an effort to get malware and botnets around firewalls deployed by corporations, according to the Trend Micro security firm.

 

"At the end of the day, cybercriminals are business people," said Christopher Budd, Trans Micro Global Threat Communications Manager, in a statement. "The same logic that drives business people to using cloud-based services is driving the bad guys to use the cloud too."

Continue reading 'Cybercriminals using the cloud to successfully launch attacks' (full post)

Company shows global cyberattacks in real-time per hour

U.S. threat intelligence company Norse has unveiled a real-time animated map that shows the obnoxious amount of cyberattacks being carried out around the world. Many of the attacks are launched by automated bots, aimed at finding vulnerabilities to steal personal information, banking data, and other sensitive information that can be valuable on the black market.

 

TweakTown image news/3/8/38752_01_company_shows_global_cyberattacks_in_real_time_per_hour.jpg

 

In 45 minutes, the United States suffered 5,840 cyberattacks - 27 times the number that the second most targeted country, Thailand, faced with just 220 cyberattacks in 45 minutes.

 

China launched the most amount of attacks, accounting for 2,513 attacks in 45 minutes, while the United States was No. 2 on the list with 1,550 attacks. Many of the U.S. attacks targeted computer networks inside of the country, while others tend to attack foreign targets.

Continue reading 'Company shows global cyberattacks in real-time per hour' (full post)

U.S. wants to open up cyberespionage talks with China again next month

Even though hacking and cyberespionage talks between the United States and China have stalled, it's an effort that U.S. lawmakers want to open up again. U.S. officials hope to see both sides begin discussions during the U.S.-China Security and Economic Dialogue scheduled to take place in Beijing next month.

 

TweakTown image news/3/8/38748_01_u_s_wants_to_open_up_cyberespionage_talks_with_china_again_next_month.jpg

 

Talks temporarily halted after the U.S. government indicted five Chinese Army officers for cyberespionage, a move that angered Beijing.

 

"That's an economic problem as well as a bilateral problem and that kind of behavior risks undermining the support for the U.S.-China relationship among the U.S. and international business community," said Daniel Russel, U.S. Assistant Secretary of State, during a recent interview. "That's a problem and it's a problem we believe the Chinese must can address."

Continue reading 'U.S. wants to open up cyberespionage talks with China again next month' (full post)

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases