TweakTown
Tech content trusted by users in North America and around the world
5,675 Reviews & Articles | 36,068 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 7

Malware that mines cryptocurrency recently found on DVRs

A new clever cryptocurrency mining malware has been located on digital video recorders (DVRs), in a continuing evolution of connected devices being targeted by security threats.

 

TweakTown image news/3/6/36717_01_malware_that_mines_cryptocurrency_recently_found_on_dvrs.jpg

 

The malware actively searches for vulnerable devices, and then the exploit comes later. Researchers are still unsure how the camera DVRs are being infected with the malware, though with many home users installing custom surveillance systems at home, this could be a growing concern.

 

"After accessing a couple of the DVRs, we noticed that the malware was running on the

DVR itself," said Johannes Ullrich, from the SANS Technology Institution, which discovered the bug. Two pieces of malware typically ran: a customized version of minderd, the Bitcoin miner - [we] actually learned today that, in this case, it may mine Litecoin, not bitcoin - [and] a piece of software called cmd.so, which initiated the scans for Synology devices that we observed before and that led us to investigate the DVR."

Continue reading 'Malware that mines cryptocurrency recently found on DVRs' (full post)

Even if we don't support Edward Snowden, we want NSA disclosures

Americans are still unsure what to think about former NSA contractor Edward Snowden's disclosures of widespread NSA spying, though appreciate the knowledge of such snooping activities.

 

TweakTown image news/3/6/36708_01_even_if_we_don_t_support_edward_snowden_we_want_nsa_disclosures.jpg

 

In a recent poll, 33 percent of Americans believe Snowden leaking information was "the right thing to do," with 33 percent believing It was "the wrong thing to do," and 36 percent still on the fence regarding the entire situation. Interestingly, 45 percent believe Snowden should face prosecution if returned to the U.S., while 35 percent would support a full pardon.

 

However, more than half of those surveyed believe Americans have the right to know about the NSA surveillance programs revealed by Snowden.

Continue reading 'Even if we don't support Edward Snowden, we want NSA disclosures' (full post)


Windows XP end of service looming, and security risks will continue

Just days away from the Microsoft Windows XP end of service, to take effect on Tuesday, April 8, there are still millions of users relying on the aging operating system.

 

TweakTown image news/3/6/36712_01_windows_xp_end_of_service_looming_and_security_risks_will_continue.jpg

 

Between business computers and consumer PCs, XP market share is still 28 percent worldwide, amounting to about 300 million PCs - many of them including ATMs, electric and water, and similar critical infrastructure.

 

"[It's like] there's a big air bubble on the side of your tire and it's going to fail,"said Mark Bernardo, General Electric GM of automation software, when speaking to WSJ. "It's not a question of if, it's a question of when."

 

Microsoft and security vendors have repeatedly warned current XP users they will face significant security threats after the April 8 deadline.

Continue reading 'Windows XP end of service looming, and security risks will continue' (full post)

Pentagon expands its effort to recruit workers for cyber defense roles

The United States military is boosting its cyber capabilities as the Defense Department has almost 1,800 employees as part of its Cyber Mission Force. By the end of 2016, that staffing figure is expected to increase up to 6,000 before the end of 2016, while the US government continues to support in cyberattacks.

 

TweakTown image news/3/6/36705_01_pentagon_expands_its_effort_to_recruit_workers_for_cyber_defense_roles.jpg

 

To try and increase the staffing level in such a short amount of time, military officials hope to recruit current military personnel - Silicon Valley cybersecurity specialists are unlikely to leave behind high-paying jobs to join the government's new programs.

 

"We spent a lot of time in the last two years in particular figuring out what the [recruiting] model would be,"a senior defense official recently told reporters. "Initially sometimes people will think about recruiting highly skilled people from the outside, and that is one option... but quite honestly, the way we're going to be most successful is using people within the force [including those with no cyber background] and giving them the training.

Continue reading 'Pentagon expands its effort to recruit workers for cyber defense roles' (full post)

Google Chrome plugin lets you view LinkedIn profile email addresses

A free Google Chrome plugin that lets users view the email address of other LinkedIn profiles, even if they aren't connected, is in the legal cross hairs of LinkedIn.

 

TweakTown image news/3/6/36696_01_google_chrome_plugin_lets_you_view_linkedin_profile_email_addresses.jpg

 

The free Sell Hack extension provides a "hack in" button, and while it is being defended by its creators, LinkedIn and security experts aren't overly impressed with the feature.

 

"LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted," said Krista Canfield, LinkedIn Senior Manager of Corporate Communications, in a statement to TNW. "We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent."

 

UPDATE: According to the Sell Hack Blog, the plugin no longer works with LinkedIn - and any collected information has been deleted by the company. A future update that doesn't violate the LinkedIn Terms of Service could be available later down the road.

Continue reading 'Google Chrome plugin lets you view LinkedIn profile email addresses' (full post)

RSA provided the NSA with more information than originally thought

The National Security Agency (NSA) had two encryption tools that were adopted by EMC-owned security firm RSA, allowing the federal government easier access to snoop on Web communications, academic researchers recently noted.

 

TweakTown image news/3/6/36673_01_rsa_provided_the_nsa_with_more_information_than_originally_thought.jpg

 

The researchers are largely made up from professors at the University of Wisconsin, University of Illinois and Johns Hopkins, as they found the "Extended Random" extension which is able to nullify the RSA Dual Elliptic Curve software faster.

 

"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," a researcher told Reuters.

Continue reading 'RSA provided the NSA with more information than originally thought' (full post)

Microsoft scam leader given four-month suspended sentence

The man behind a successful Microsoft computer scam was handed a four-month suspended sentence, in what was a rather clever scam. Mohammed Khalid Jamil, based in Luton, England, created a fake company and outsourced calling efforts to an Indian firm, which led to British citizens cold called from people posing as Microsoft reps.

 

TweakTown image news/3/6/36681_01_microsoft_scam_leader_given_four_month_suspended_sentence.jpg

 

Victims were targeted for around $60 up to $250, and scammers would be given remote access from victims - leading to poor PC security - and a "software fix," a Microsoft-provided software patch available for free, which would solve the problem.

 

Jamil needs to pay $8,300 in fines, along with $9,440 in compensation, then pay almost $24,000 in court restitution penalties.

Continue reading 'Microsoft scam leader given four-month suspended sentence' (full post)

Smartphone kill switches would save customers $2.6 billion every year

The addition of smartphone kill-switches could help save up to $2.6 billion per year, with American consumers routinely purchasing dew devices related to theft and other crimes.

 

TweakTown image news/3/6/36679_01_smartphone_kill_switches_would_customers_save_2_6_billion_every_year.jpg

 

California Sen. Mark Leno (D-San Francisco), with support from San Francisco District Attorney George Gascon, currently have SB 962, which aims to make smartphone kill switches mandatory in California. The debate regarding these types of technologies has generated a great debate, with supporters and critics sounding off on both sides.

 

"I thought a high percentage would say yes, but it was a little surprising and maybe a bigger number than I would have guessed," Duckworth told PC World. "I view losing a credit card as a similar frame of reference. If it is stolen or lost, I can call the credit card company and get it canceled and they can issue a new one. There is safety there. My smartphone has tons of information and accounts in there, so the idea that I could call and say 'kill it' is a very reasonable thing."

Continue reading 'Smartphone kill switches would save customers $2.6 billion every year' (full post)

Tesla packs technology into vehicles, but needs to improve security

Tesla vehicles have generated a large amount of interest and controversy across the United States, though is in the headlines for a rather unexpected reason: a potential cybersecurity issue with the Tesla S vehicle.

 

TweakTown image news/3/6/36678_01_tesla_packs_technology_into_vehicles_but_needs_to_improve_security.jpg

 

The iPhone app for Tesla vehicles, which allows owners to control door locks, braking system, sunroof and other car functions, uses only a one-factor authentication system.

 

"The point here (and subsequent attack vectors) is that Tesla needs to implement an authentication mechanism that is beyond 1-factor," said Nitesh Dhanjani, security researcher, in a statement. "Attackers shouldn't be able to use traditional and well known attack vectors like phishing to remotely locate and unlock a $100K+ car built-in 2014."

Continue reading 'Tesla packs technology into vehicles, but needs to improve security' (full post)

UK launches cyber response team to defend against cyberattacks

Launched today, the UK Computer Emergency Response Team (CERT-UK) will help the British government coordinate against sophisticated cyberattacks, and respond to any cybersecurity issues that target the country's infrastructure.

 

TweakTown image news/3/6/36675_01_uk_launches_cyber_response_team_to_defend_against_cyberattacks.jpg

 

The CERT team stemmeed from a National Cyber Security Strategy meeting hosted in 2012, in which other nations discussed their programs - or intention to open a national cybersecurity team - and has grown from there.

 

"The cyber hacker needs to succeed only once, but those protecting us must be successful all the time; around the clock, day after day, week after week," said Francis Maude, Cabinet Officer Minister, when announcing the program. "And of course, nothing in the digital world ever stands still. It's forensic and painstaking work and it's absolutely relentless. I have a very high level of confidence that we can achieve this."

Continue reading 'UK launches cyber response team to defend against cyberattacks' (full post)

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below