Hacking, Security & Privacy News - Page 67

The rise in popularity of e-cigarettes in the United States and Western Europe has led to the potential of malware infection from e-cigarettes made in China, according to recent reports. Cybercriminals have become more creative in their attempts to compromise devices, and ensuring devices from Chinese production facilities are pre-loaded with malware has become increasingly popular.

"The Made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer's USP port the malware phoned home and infected the system," according to a report posted on Reddit.

Trend Micro security consultant Rik Ferguson seems to agree with the assessment: "Production line malware has been around a for a few years, infecting photo frames, MP3 players and more. For consumers it's a case of running up-to-date anti-malware for the production line stuff and only using trusted devices to counter the threat."

Companies are struggling to try to teach their employees appropriate use of work-owned PCs and laptops, as they struggle to keep their networks secure. During typical business hours, 36 percent of survey respondents say they browse social media, while 34 percent enjoy online shopping. Meanwhile, 42 percent play online games and 36 percent use their work laptops to search for a job - all while at home.

"People seem to understand that at work there's a little bit more protection," said Sergio Galindo, GFI Software general manager, while speaking to SCMagazine. "They don't do riskier stuff at the office. They're doing riskier stuff (at home) and then bring this equipment that was exposed at home back to the office."

Companies are more focused on trying to keep employees safe from social engineering-based phishing attacks, which lead systems and networks to be compromised by malware and other threats.

Amnesty International's Detekt is a free, open source tool that will help allow journalists and human rights activists if they are being targeted by surveillance spyware. This is the first time Amnesty International and several non-profit coalitions have released something publicly.

"Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists' private emails and remotely turn on their computer's camera or microphone to secretly record their activities," said Marek Marczynski, Amnesty International Head of Military, Security and Police, in a press statement. "They use the technology in a cowardly attempt to prevent abuses from being exposed."

The global market for surveillance technologies is estimated to be worth $5 billion per year, and is climbing even higher.

At least 38.6 percent of companies suffered a major IT disruption due to employees visiting non-work related websites and other questionable material on work-owned electronics, leading to malware and other IT issues, according to a survey conducted by GFI Software.

Almost half of employees, 48 percent, report using Dropbox, OneDrive, Box, or some other personal cloud-based solution to store company information - something that isn't necessarily shocking, but a concern for companies trying to keep data secure. If their employment ended, 35.8 percent admitted they would try to save company data, including customer lists and confidential data, despite knowing it is illegal to do so.

"Data protection is a big problem, and one that has been exacerbated by the casual use of cloud file sharing services that can't be centrally managed by IT," said Sergio Galindo, GFI Software general manager. "Content controls are critical in ensuring data does not leak outside the organization and doesn't expose the business to legal and regulatory compliance penalties. Furthermore, it is important that policies and training lay down clear rules on use and reinforce the ownership of data."

China is on the short list of countries that have the ability to launch a cyberattack that would be able to shut down the US power grid along with other critical infrastructure, US government officials believe. It would appear these countries already launch reconnaissance probes that have found gaping security holes they can exploit in cyber defenses.

"We see them attempting to steal information on how our systems are configured, the very schematics of most of our control systems, down to engineering level of detail so they can look at where are the vulnerabilities, how are they constructed, how could I get in and defeat them," said Admiral Michael Rogers, NSA head and US Cyber Command head. "We're seeing multiple nation-states invest in those kinds of capabilities."

Beyond China, Admiral Rogers didn't publicly disclose other nation states believed to be sponsoring cyberattacks, though Russia almost certainly is on the list.

The Interactive Advertising Bureau's Anti-Malware Working Group has teamed up with the FBI and US Department of Justice in their effort to fight malware and cybercrime. There has been an increase in organized cyberattacks targeting the IAB, and federal partnerships could help limit future widespread issues.

The FBI and other government agencies want to increase proactive behavior to clamp down on cybercrime, and this marks the first industrywide relationship they have created. The IAB Anti-Malware Group formed in September and has generated widespread interest, including from the US government, as cybercriminals make millions from compromising companies and users.

"We have become such a target of organized crime that we think this is the only way to truly be successful long-term," said Mike Zaneis, IAB executive vice president. "In the advertising space, what we're particually worried about is the type of malware that will basically make your computer a zombie, or a bot, and will begin to generate non-human traffic back to criminal websites or just selling traffic on networks or exchanges."

There were a number of major data breaches reported in 2014, but it would appear companies have higher hopes for data security in 2015, according to a study published by ThreatTrack Security. In its "2015 Predictions from the Front Lines," 81 percent of enterprise security staffers said they would be willing to "personally guarantee that their company's customer data will be safe in 2015."

Hearing that eight out of 10 security staff would be willing to guarantee customer data sounds absolutely ridiculous - but might be a necessary leap of faith to win over customers, increasingly concerned their personal information could be leaked.

Millions of US consumers faced debit and credit card fraud from the Home Depot and Target breaches alone, with a number of other companies also breached in between.

Kaspersky is imagining the future of the world, with the increase in use of technology, the increase of threats are there too. Infrastructure attacks, financial system attacks, governments being hit, and much more. The video below does an incredible job of showing us how Kaspersky view the future.

One of the scarier things Kaspersky says in its video, is "will a single click trigger a global economic crisis", but follows it by a "world where technology works for us", or "controls us". The video continues, sayign "could it be a truly connected universe, where we'll be able to express the full power and imagination. Or one where those connections make our critical infrastructure vulnerable to attack".

The ad makes you really think about the many, many possibilities we as a human race have to face - as the world is constantly changing around us. Not only are we dealing with things at a personal level, but societal level, and then infrastructure level. Are the governments of the world prepared for these attacks, or simply taking our freedoms away with far-reaching government agencies like the NSA and GCHQ spying on all citizens at once. What do you think?

The Department of Justice (DOJ) program that reportedly uses cell-tower mimicking equipment during airplane flights that allows the federal government to snoop on mobile phones has drawn an angry response from many Americans.

Senator Ed Markey (D-Mass) wants Attorney General Eric Holder to provide details about the DOJ operation, such as mission length, additional surveillance programs, and which cities were impacted.

"Americans are rightfully disturbed by just how pervasive collection of mobile phone information is, even of innocent individuals. While this data can be an important tool for law enforcement to identify and capture criminals and terrorists, we must ensure the privacy rights of Americans are protected," Sen. Markey said in a public statement. "We need to know what information is being collected, what authority is being used to collect it, and if and how this information is retained and stored."

The rise and fall of the Mt. Gox bitcoin exchange took just a few years, but left a serious black mark on the budding cryptocurrency market. More consumers and retailers are willing to experiment using bitcoins as currency and potential investments, despite continued security concerns.

The actual bitcoin protocol hasn't been breached by cybercriminals, and thieves have found ways to compromise bitcoin storage solutions, exchanges, and bitcoin owners directly. With no government regulation and very little insurance of recouping lost funds, some have shied away from jumping into the bitcoin market.

"It's important to remember that Bitcoin as a protocol and the blockchain, the record of transactions, has no known security vulnerabilities," said Trevor Murphy, Chief Technology Officer of bitcoin storage solution company BitStash. "It's impossible to counterfeit bitcoin and an impossibility with current computing power to modify a transaction that has been confirmed, say five or six times on the blockchain. This is very important. In fact, bitcoin marks the first time in human history that a currency has these attributes. People have been counterfeiting money, bouncing checks and chipping little bits off gold coins since time began."