TweakTown NewsRefine News by Category:
Apple is reportedly going to begin moving personal iCloud data of Chinese users onto servers that are located inside the country's borders. The decision was made in an effort to make data access faster and more reliable for Apple customers, and the company has partnered with China Telecom.
"Apple takes user security and privacy very seriously," Apple noted in a statement sent to Reuters. "We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland China. All data stored with our providers is encrypted. China Telecom does not have access to the content."
The encryption keys will not be located in China and China Telecom will not have access to them, according to sources.
Cybercriminals successfully breached Albertson's and SuperValu, which are two of the largest and most popular grocery store chains in the United States. The massive data breach also impacts their umbrella companies, including Acme, Jewel-Osco, Shaw's, Star Market, Cub Foods, Farm Fresh, Shop 'N Save, Hornbacher's, and Shoppers Food & Pharmacy.
The SuperValu breach might have affected customers between June 22 and July 17 in Illinois, Maryland, Minnesota, Virginia and Missouri. It's unknown how many Albertson's customers might be affected from the data breach.
"The safety of our customers' personal information is a top priority for us," said Sam Duncan, SuperValu President and CEO, in a statement. "The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores."
Following a data breach suffered by Rady Children's Hospital in June 2013, a mother has filed a lawsuit against the company related to a security breach that led her daughter's medical records to be exposed.
The Rady data breach occurred when an employee emailed a spreadsheet containing patient admittance records from July 1, 2012 to June 30, 2013 to four job applicants. The records included patient names, birth dates, primary medical diagnoses, medical record numbers, insurance carrier information, and admittance and discharge dates.
"This is not one or two records dropped in the parking lot," said David A. Miller, an attorney representing the mother, in a statement to the media. "The people they gave this information to didn't even work there. They were job applicants."
USB portable data storage company Kanguru has released an unencrypted USB 3.0 flash drive, utilizing onboard trusted firmware that defends against malicious firmware-based attacks. The drive has read speeds up to 230MB/s with 85MB/s write speed, Kanguru noted. Storage capacities range in size: 8GB, 16GB, 32GB, 64GB and 128GB, with a starting price of $29.95 for the 8GB drive. The flash drive also has a strong aluminum housing to keep it safe from any significant external damage.
"Our Kanguru Defender series of secure, hardware encrypted USB drives is immune to a potential attack like 'BadUSB' because of the digitally signed secure firmware," said Nate Cote, Kanguru EVP, in a press statement. "With the release of the new Kanguru FlashTrust, we now offer this same level of firmware protection to the multi-billion dollar market segment of unencrypted USB device users."
As many users and business workers rely on flash drives, there has been an increase in secure flash drives - IronKey, Kingston secure USB flash drives, Imation Defender, Kanguru, and the Apricorn Aegis secure key, among others. There is a good selection of secure products that can be chosen, using various security protocols to keep data safe.
Amobile Spy recently launched the iKeyMonitor Android Spy App, a custom app designed to help parents track what their children do using their smartphones.
The app has the ability to log passwords and keystrokes, monitor WhatsApp message recording, Web history tracking, capture screenshots, log email reporting and 2-side SMS/call logging. The keylogger monitors everything from Facebook, Twitter, Gmail, Skype, Yahoo Messenger and other popular social media or communication apps.
"iKeyMonitor Android Keylogger offers simple, secure, and secret ways to record the activities on Android devices with incredible monitoring features," said Kyle Davis, Amobile Development Department Manager, in a press statement. "We're also giving users smart features to review the logged data remotely."
A new Chinese malware infected more than 75,000 jailbroken Apple iPhones, with the malware hijacking 22 million advertisements. AdThief, also known as Spad, is the iOS malware and was able to covertly operate around four months - and only works on jailbroken devices. Although originally found by researcher Claud Xiao in March, Fortinet senior mobile researcher Axelle Apvrille took a closer look at AdThief.
Operating on 15 different mobile adkits, the malware changed a developer or affiliate ID so the attacker would collect the revenue. Eight of the adkits are Chinese, and jailbreaking devices is a rather common technique among Chinese consumers. Security experts continually warn users that jailbroken smartphones and tablets pose significant threats to users.
The Chinese hacker, known as Rover12421 did contribute to the code, but denied saying he or she is behind the entire project.
Newer generations of malware are finding their way to virtual machines - and instead of fleeing like before - are still executing when on VM. At least 70 percent of companies plan to utilize server virtualization by the end of 2015, so malware reaching the virtual machines could prove problematic.
In a study of 200,000 malware samples, analyzed on both VM and non-VM machines by Symantec, only 18 percent wouldn't operate on a virtual machine.
"The host server, as well as any virtual machine running on it, needs to be protected against malware," said Liam O'Murch, Symantec Security Response researcher, in a statement to SCMagazine. "To achieve this, advanced malware protection with proactive components that go beyond the classical static antivirus scanner needs to be in place. This can be agentless on the hypervisor or in the guest image themselves."
Suspected foreign-based cyberattackers hit the Tuscaloosa Police Department earlier in the week, disrupting phone lines at the Alabama station for a short time. The distributed denial-of-service (DDoS) attack took place 5:30 p.m. local time on Tuesday, with the phone system slammed by irrelevant phone calls.
Cyberattacks are not uncommon, but are highly disruptive when they hit police and emergency responders. The TPD is working with federal authorities and will no longer allow blocked numbers or international phone numbers to dial non-911 administration lines. The changes will have no impact on 911 emergency lines reaching the call center, officials noted.
Another local business received up to 184 phone calls in a short time before unplugging the phone - with the caller reportedly saying they were trying to collect a debt.
An unnamed 19-year-old software engineering student, identified only as "Li," was arrested just 17 hours after his "Heart App" Google Android malware infected more than 100,000 phones. The malware was able to spread so quickly by relying on the contact lists of compromised devices, with users downloading the fake app, which then sent out a text urging users to download the app as well.
Chinese wireless carriers were quick to block more than 20 million infected messages from being sent out to new users. The 19-year-old will be identified following completion of the investigation by Shenzhen police, where the student went for vacation. It seems the custom malware was designed just as proof of his ability to write code.
To uninstall the malware, Sophos recommends the following: head to Settings | Apps | Downloaded and uninstall XXshenqi app.
Although the U.S. government is desperate to improve its own cyber defense ability, the NSA already has sophisticated cyberwarfare tools at its disposal. A custom program is able to track down cyberattacks from foreign-based criminals, and then can respond with an attack in an automated fashion without a security specialist present.
Dubbed "MonsterMind," the NSA uses the software to identify traffic patterns - likely from Eastern Europe and China - able to block attacks from damaging U.S. infrastructure and automatically respond against attackers.
"The government has used excessive secrecy to prevent real debate over the wisdom and legality of many of its most sweeping surveillance programs," said Alex Abdo, ACLU staff attorney, in an email to ComputerWorld. " This newly described program is just another example of that secrecy. If the government truly is scanning all internet traffic coming into the United States for suspicious content, that would raise significant civil liberties questions."