TweakTown NewsRefine News by Category:
Credit card companies and financial institutions indicate the California Department of Motor Vehicles may have been breached, with MasterCard recently sending an alert memo of a "card-not-present" breach indicating online transactions.
It's unknown how the California DMV was compromised, but stolen information includes credit card numbers, three-digit verification codes, and expiration dates are at risk - and an investigation will try to determine if driver's license numbers, Social Security numbers, phone numbers, and addresses were also at risk.
"We're seeing two percent of our card base compromised as a result of this, and our cards are 100 percent concentrated here in California," said a representative at an undisclosed bank, speaking to Krebs on Security. "That's still a big number, and it's a huge exposure window."
Consumers need to be vigilant in how they handle their own personal information, and follow these types of high-profile security breaches.
Another year, another sophisticated Internal Revenue Service (IRS) scam targeting users, with the IRS already receiving 20,000 reports about the clever scam. This particular scam is the largest scam IRS officials have found, and is stealing millions of dollars from US taxpayers across the country.
The scam first gained prominence last August, and largely targeted immigrants - but has evolved into anyone the scammers can trick.
"This is the largest scam of its kind that we have ever seen," said J. Russell George, IRS Treasury inspector, in a statement. "The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver's license."
It's not uncommon for residents to receive a phone call from someone claiming to be with the IRS, stating the victim needs to pay or face arrest. The scam might seem ridiculous, but is a major problem - and certainly harms victims - with law enforcement and federal investigators trying to identify those involved.
The malicious BlackOS software package has been updated and is now available on the cybercriminal underground for $3,800 per year.
As noted by Trend Micro, the updated software is better suited to process and manage website exploitation, providing a great return-on-investment for cybercriminals. A custom Web interface allows for better web traffic management and access to features that lead to redirected traffic and iframes injection.
"They do a mass attack, there are no specific targets as these websites are just a launch pad to perform their malicious attacks," said Chris Budd, Trend Micro threat communications manager, in a statement to SC Magazine. "They are usually looking for an easy access, once they are inside they will try to level up the privileges to gain root access on the machine and therefore be able to [make] use of the BlackOS features, which is inject a malicious IFrames in all web pages."
There is an alarming trend in sophisticated, well-written malicious programs that are readily available on underground cybercriminal forums.
Up to 20,000 current and former employees with the US Internal Revenue Service (IRS) are at risk due to a reckless employee that took an unencrypted flash drive home and accessed it on an unsecure network.
Employee names, addresses and Social Security numbers were exposed, with all potentially affected employees notified by IRS officials.
"This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data - whether it involves our fellow employees or tax payers," said John Koskinen, in a memo sent to employees. "This was not a problem with our network or systems, but rather an isolated incident."
The biggest threat is to employees in Delaware, New Jersey and Pennsylvania, with the information dating back to 2007, which is when the IRS began mandatory encryption for sensitive data.
President Obama is trying to win over Silicon Valley tech leaders and US citizens by meeting to discuss the current state of government surveillance. The tech meeting roundtable lasted around two hours and focused on Obama's promise in January to cut back on the NSA's phone data surveillance - and to provide greater privacy, especially to Internet users outside of the US, after they were unknowingly caught up in spying behavior.
However, it's going to be difficult to reassure Facebook CEO Mark Zuckerberg and other tech company executives from Google, Netflix, Box, Dropbox and Palantir after they met with Obama and his top cabinet officials.
As revealed by former NSA analyst Edward Snowden, the NSA has done an excellent job to undermine encryption and slip through computer security - at epic proportions - and has left citizens, foreign residents, politicians, and others quite angry.
To embrace the global spirit of the World Cup, software company Panda Security will give new customers one month of additional protection for each goal scored by a chosen team during the soccer tournament.
The World Cup begins on June 12 to July 13 and will be hosted in Brazil, with an opening match of Brazil playing Croatia.
"We love soccer and computer security, and we are sure this promotion will be very well received among users," said Alvaro Elorriaga, Panda Security Worldwide Retail Director, in a press statement. "We already have participants from the 80+ countries where we operate, including the US, Spain, Germany, England, France, Brazil and many others. Given the worldwide popularity of soccer, and the imperative need to protect our PCs and mobile devices, this is a natural and fun campaign to reward our customers."
New customers with the following software suites are eligible for the promotion: Panda Antivirus Pro, Panda Internet Security, Panda Global Protection, Panda Gold Protection, Panda Mobile Security and Panda Antivirus for Mac.
Popular Twitter platform HootSuite suffered a DDoS attack yesterday morning, though was back up and running following the temporary interruption. There was no risk to user accounts or personal information, according to HootSuite officials, as they were able to swiftly resolve the problem.
HootSuite defends against numerous DDoS attacks, which typically is a rudimentary approach to crippling a website.
"I'm writing today to let you know that the HootSuite Engineering and Security teams are working to mitigate the DoS attack," said Ryan Holmes, HootSuite CEO, in an e-mail to users. "This interruption was the result of a malicious attempt by an outside party to flood our services in order to shut down the system."
Cybercriminals use DDoS attacks to flood networks and knock websites offline - and while most companies and online services bounce back quickly - it's still an annoyance that diverts IT teams and can lead to angry users and lost revenue. However, some security analysts believe DDoS attacks are being used by organized crime groups as an extortion technique, offering to cease cyberattacks in exchange for cash payments.
In an effort to keep users safer on the Internet, NoBullying.com, an online anti-bullying campaign, listed 10 Internet security tips that users should be aware of.
For those of you trying to provide a comprehensive guide to Internet safety for education purposes, NoBullying has a series of helpful documents available.
"It is essential for parents and educations to learn those online safety tips to make exploring the cyber world a much easier (and) safer experience for our children," said Macartan Mulligan, NoBullying.com co-founder, in a press statement.
An online predator group targeting children as young as three years old utilizing Tor was recently busted by the US Department of Homeland Security. So far, 14 members accused of leading the child pornography website were arrested and face charges related to conspiracy to operate an organized child exploitation enterprise.
Operating from June 2012 to June 2013, the group had more than 27,000 members across the world, with access to at least 2,000 videos.
"These indictments represent a strong coordinated strike - by Homeland Security, the U.S. Postal Inspection Service, and several U.S. Attorney's Office around the country - against child pornography and those who allegedly seek to harm our most vulnerable citizens, our young children," said Kenneth Allen Polite, Jr., U.S. Attorney, in a press statement.
Jonathan Johnson, 27, a Louisiana-based resident is accused of operating the organized Tor child porn ring, creating fake female personas to target and exploit children - while also teaching others in his group to conduct the same activities. He now faces 20 years to life in prison.
The growing threat of data theft and sophisticated malware could top $491 billion in 2014 alone, according to a joint study from the National University of Singapore (NUS) and IDC Research Group.
The research is focused specifically on piracy and the potential ramifications both consumers and businesses face when running pirated and illegal software.
Consumers face a large amount of different cyberthreats, with an estimated 1.2 billion hours of lost time and $25 billion spent to try and deal with malware from pirated software. However, four out of 10 consumers admit to rarely installing security updates on PCs and other devices.
Meanwhile, enterprises will spend $491 billion "because of malware associated with pirated software," with $127 billion related to security issues and $364 stemming from associated data breaches.