TweakTown NewsRefine News by Category:
The Federal Trade Commission (FTC) has received a letter from 19 automakers stepping up to promise new efforts to keep customer data secure. The 13-page statement outlines how automakers will keep customer privacy secure, especially as cybersecurity experts are concerned hackers will be able to compromise onboard vehicle computer systems.
The following automakers are some of the companies supporting the effort: BMW, the Fiat Chrysler Automobile's Chrysler Group, Ford, General Motors, Honda, Hyundai, Kia, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Toyota, Volkswagen.
"As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative," said John Bozzella, president of Global Automakers.
BlackBerry has announced a new corporate partnership with Samsung, providing mobile security software on Samsung smartphones and tablets. During a presentation in San Francisco, BlackBerry CEO John Chen, who has been at the company for one year, the company again reaffirmed its efforts to create enterprise-focused partnerships.
"This isn't a concession of defeat as much as it's a concession to reality - most people aren't going to choose BlackBerry devices and so BlackBerry needs to find a way to make its management solutions relevant beyond its own devices," said Jan Dawson, Jackdaw Research principal, when discussing the news. "BlackBerry's handset business is a tiny fraction of what it once was, and that's not going to change whatever happens."
BlackBerry still has a strong portfolio of enterprise-based software and technology - and instead of trying to cram them onto its own devices - looks for business partnerships with rivals. Years ago it would have been an impossible scenario, but as BlackBerry's smartphone market share drops, it only makes sense that the company wants to ensure it can find new ways to stay relevant.
The use of Near Field Communication (NFC) payments continue to expand, but cybercriminals are finding security bugs they can exploit as they try to hijack smartphones. During the Mobile Pwn2Own competition sponsored by Hewlett-Packard in Tokyo, Japan, security experts showed their abilities to compromise devices.
Eight devices, including the Apple iPhone, BlackBerry Z30, Google Nexus 7 and Amazon Fire phone were the targets of focus - and five teams were able to use security bugs to compromise devices, with three teams using NFC exploits to hijack devices. The LG Nexus 5, Amazon Fire phone, iPhone 5S and Galaxy S5 were compromised - and now the phone manufacturers have been informed of the security problems, so they can create security patches.
NFC technology is common place in the United States and Western Europe, with most smartphones featuring NFC - and as Apple Pay and other mobile payments continue to expand - these types of security exploits need to be quickly addressed.
Cybercriminals successfully breached the National Oceanic and Atmospheric Administration (NOAA), with the US weather agency confirming several of its websites were hacked. The attack likely originated from China and occurred in late September, but NOAA officials kept the breach secret until October 20.
The NOAA didn't confirm whether the attack led to stolen classified data and if weather notification to citizens was affected - but said "incident response began immediately."
Earlier in the year, a report indicated the NOAA was at a risk of cyberattacks - and it appears the cybercriminals were following the news. Since officials kept news of the breach secret for so long, the Commerce Department inspector general is investigating the security breach.
Online privacy is something that most Americans believe they have lost control of, as governments and companies collect and use even more personal information, according to a survey from the Pew Research Internet Project.
"It's a bundle of concerns," said Lee Rainie, a Pew researcher involved in the project. "It's party surveillance, it's partly tracking, and this generalized sense that I'm losing control of my identity and my data."
The survey also found that 91 percent of adults "agree" or "strongly agree" that consumers no longer have control over how their personal information is collected and used by companies - and with the government collecting even more data about citizen phone calls and Internet communications, 80 percent of adults "agree" or "strongly agree" that Americans should be concerned about the government monitoring.
Cybercriminals are compromising users with sophisticated code and clever social engineering attacks, with private companies, enterprises, and government agencies under attack. Cybersecurity is now the No. 1 threat to the United States, ahead of terrorism, and at least $10 billion is being invested each year in security efforts - that don't seem effective.
It's an unfortunate time for customers and private citizens, as their personal information is valuable to hackers - and companies seem to be unable to keep information secure.
Marc Maiffret, a former hacker turned cybersecurity specialist and co-founder of Beyond Trust cybersecurity firm, explained why today is more frightening than previous years: "There's also a much bigger allure to use these skills to make money, in a criminal sense." It's true that rogue hacker groups and state-sponsored hackers are finding lucrative opportunities and easy access to sensitive data.
Even with a drastic increase in significant data breaches, 77 percent of IT professional and executives in the retail, energy and financial services in the United States and UK feel "confident" of their basic security controls, according to a recent survey. Meanwhile, 10 percent of respondents said they feel "very confident" in their patch management efforts, while 47 percent feel "confident" in their current configurations of routers, firewalls and modems.
In the past 12 months alone, more than 100 million records have been stolen from retailers via malware infecting point of sale (POS) devices - and JPMorgan Chase's networks were breached - indicating there is still a significant amount of work that must be done.
"It's not surprising that IT and security professionals have confidence in foundational security controls," said Jane Holl Lute, Council on CyberSecurity president and CEO. "The Controls are instrumental in defending against common cyberattacks and lay the foundation for effective defense against more sophisticated intrusions. But to be effective they must be implemented consistently across the entire enterprise."
The United States Postal Service confirmed a data breach that affected more than 800,000 employees and customers that called its data center from January to August 2014. The compromised employee data includes names, dates of birth, addresses, Social Security numbers, employment timeline and emergency contact information, but the data intrusion was relatively "limited in scope."
The unknown attackers wanted to breach the USPS network - and used a sophisticated cyberattack - but it appears credit card data and identity theft weren't the goals of the breach. However, the USPS is a lucrative target for foreign-based hackers, as there is a significant amount of information available, security experts say.
Here is what the USPS said in a statement: "Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised."
The Apple iOS mobile operating system has a major security flaw that leaves a large portion of iPhones and iPads vulnerable to security breaches by cybercriminals looking to hijack devices and steal sensitive information.
The "Masque Attack" exploits the Apple enterprise/ad-hoc provisioning system, and is a powerful vulnerability that cybercriminals can easily exploit. Apple is working to fix the bug after being informed by cybersecurity experts in July, FireEye said.
Here is what the FireEye blog notes: "Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps, such as banking and email apps, using attacker's malware through the Internet. That means the attacker can steal user's banking credentials by replacing an authentic banking app with malware that has identical UI."
Companies from small and medium businesses to enterprise organizations are aware how damaging a data breach could be, but still aren't doing enough to prevent them. Analyzing everything from how files are saved and stored, evaluating third-party providers, and real-time security monitoring are all important steps to keeping data more secure, whether on-prem or in the cloud.
To make matters worse, targeted attacks are expected to rise in 2015 - as organized groups test network security procedures, and then compromise vulnerable companies as they see fit.
"Hackers have so many things working their favor, from anonymous currencies and "Dark Web" sites which allow them an easy way to turn stolen information into real cash, to the nightmare it is to not only find them, but to have any real success in prosecution and recovery due (to) the global nature of the problem and the tangled mess of foreign jurisdictions," said Joe Caruso, Global Digital Forensics (GDF) CEO and CTO.