TweakTown NewsRefine News by Category:
Email users at the University of Hawaii are being targeted by cybercriminals using phishing attacks, with the school's Information Technology Services office recently sending out a notice to current and former students. UH officials sent out a notice to email account owners, warning them to alert their credit card services if they turned over any personal information.
In an email sent to UH email users, security officials warned that "the attackers took elements from legitimate campus announcements or communications to make the messages look authentic." Specifically, the fraudulent email used a legitimate Google form, which has been removed by Google, with a warning that the university doesn't send unsolicited messages that ask for any type of user personal information.
Universities are popular targets for cybercriminals, either trying to phish users, or steal bulk amounts of personal information that can be later sold or traded. A data breach at Iowa State University could affect up to 30,000 students, and the University of California at San Francisco and University of Pittsburgh Medical Center were both hit by data breaches - with growing concern that university officials are too slow to inform students and faculty of data breaches.
The Chinese government must work to boost Internet security due to "overseas hostile forces" that are launching efforts to "attack, slander and spread rumors," according to Wang Xiujun. Since President Xi Jinping went into office last year, and he has led several crackdowns on Internet freedom for Chinese users - and wants to push his country into a "cyber power."
"Now, overseas hostile forces are using the Internet as a main channel to penetrate and destroy (us)," said Xiujin, China National Internet Information Office deputy director, to Chinese media. "Using the name of 'Internet freedom' to repeatedly attack, slander and spread rumors in an effort to undermine our country's stability and national security."
The Chinese government is well known for limiting Internet usage - and cracking down on dissidents - though is developing its own cyberattack abilities. Along with Russia and Eastern European-linked hacker groups, China has been routinely blamed for launching attacks against western targets.
A participant in the Carder.su cyber fraud ring, David Ray Camez, 22, has been found guilty of one count of conspiracy to participate in a racketeer influenced corrupt organization (RICO) and one count of participating in the criminal group. Camez already is serving a seven-year sentence for similar fraud-related behaviors.
The Carder.su group was responsible for selling stolen credit card information and counterfeit identifications and fake credit cards, including narcotics and money laundering charges - with 39 total accomplices charged. So far, seven have pleaded guilty, two will be going to trial soon, and the remaining members currently on the run from police.
This case marks the first time that racketeering laws were used against a cybercriminal, as the federal government tries to crack down against data theft.
Minnesota has become the first state to make kill switches mandatory, following Governor Mark Dayton's decision to sign the bill into law last week. The new law will go into effect on July 1, 2015, and all smartphones sold in Minnesota must have some type of antitheft - or kill-switch technology - pre-installed on phones sold to consumers.
The California Senate recently passed a smartphone kill switch bill, which must be approved by Governor Jerry Brown, as the smartphone industry is still unsure of kill switches.
Police authorities throughout the United States have called for some type of smartphone theft legislation - around 1 in 3 robberies in the United States led to smartphone loss, the Federal Communications Commission noted. However, officials from the CTIA-The Wireless Association said mandatory laws aren't necessary due to voluntary kill switch initiatives that wireless carriers and smartphone manufacturers have agreed to.
Mobile security is a major effort from handset manufacturers, wireless carriers, and security companies, though many smartphone and tablet users remain blissfully unaware. A lot of users don't have any type of additional security software on their devices, or conduct activities which open themselves up to additional threats, researchers previously noted.
To help share methods on how users can keep themselves better protected, TweakTown asked Roberto Martinez, a Kaspersky Lab researcher with the Global Research and Analysis Team: "There are several ways that the users can be protected. It's recommended to not perform procedures of 'rooting' or 'jailbreaking' in devices because this eliminates protection features of the operative systems. It's also recommended to regularly update any OS and applications."
In addition to avoiding jailbreaks, there are other tips and techniques for users to avoid being compromised: "Users should be very careful with the applications that are installed in devices, especially those that are offered for free and don't come from reliable sources. Additionally, users should be careful when connecting to public Wi-Fi networks, and if applicable, use VPN tools instead. And of course, always use anti-malware and encryption protection tools."
The Federal Trade Commission should be tasked with enforcing security protocols to protect Internet users from security threats posed by online advertising, according to a recent report from the Permanent Subcommittee on Investigations of the Senate's Committee on Homeland Security and Government Affairs.
"Consumers can incur malware attacks [through online ads] without having taken any action other than visiting a mainstream website," the report notes. "Similar attacks have struck across many online advertising platforms."
It seems significantly more likely for users to be infected with malware or security threats when visiting piracy websites, for example, though third-party advertisers have been hacked in the past. Malware creators are getting more creative in their efforts to compromise users, as they find many security loopholes and very little risk.
The Retail Industry Leaders Association (RILA) has teamed up with leading retail brands to create the Retail Cyber Intelligence Sharing Center (R-CISC), with the focus of sharing cyber intelligence and security strategies. It seems like a rather fascinating effort that has been streamlined due to the continued security threats that retailers face - and have struggled with - while trying to keep employee and customer data secure.
"Retailers place extremely high priority on finding solutions to combat cyberattacks and proect customers," noted Sandy Kennedy, RILA President, in a press statement. "In the face of persistent cybercriminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cybercrimes."
In addition to Target's massive data breach, other retailers have been under fire from cybercriminals, including the likes of LaCie, Michaels, Neiman Marcus, Smucker's, and others over the past few years. The R-CISC should help give major retailers an opportunity to discuss potential security threats, and discuss what has - or hasn't worked - in cyber defense strategies.
Police in Tucson, Arizona recently arrested six people involved in an international identity theft and credit card fraud ring, with an unknown number of victims. The criminal group reportedly purchased stolen credit card information from Eastern Europeans, and then were printing their own cards to use in local retailers.
"The scope of the problem is so huge that this is probably a drop in the bucket to what's out there, but it's a significant ring," noted Sgt. Radinsky, from the Tucson Police Department, in a statement to local media.
Credit and debit card fraud continue to be big business for criminals, and is the top security concern facing Americans, according to a study released by Unisys. Meanwhile, retailers are suffering a large variety of data theft issues due to malware and other security threats, which continue to cause problems for consumers.
The Department and Defense (DoD) and Tricare have dodged a legal bullet, when a U.S. federal judge threw out most of the lawsuit related to the theft of personal data. Just two complaints from the case remain, after a Science Applications International Corp. employee had storage drives stolen from his or her vehicle, in September 2011. The drives were en route to a storage facility and the theft took place before they could be properly stored.
Here is what U.S. District Court judge James Boasberg noted: "Since the majority of plaintiffs has been dismissed - potentially altering the scope of the remaining litigants' claims moving forward - the court will pause to confer with the parties before determining which, if any, of the complaint's twenty counts has been properly alleged."
The breach affected 4.9 million people, and plaintiffs reportedly wanted $4.9 billion in damages due to the theft of names, addresses, phone numbers, Social Security numbers, prescription information, and medical test reports.
The Samsung KNOX security platform, designed to provide an additional layer of security for Google Android smartphones, has been approved for use by the British government. The UK Communications and Electronics Security Group (CESG) has tested KNOX for a few months, ensuring public sector communications would remain secured.
Samsung KNOX has been approved in the UK for the following devices: Galaxy Note 3, Galaxy S3, Galaxy S4 and the Galaxy S5 smartphones.
"Our technology is widely used in both the UK public and private sector, and with this approval we are committed to working more closely with government departments and agencies that need to maintain high levels of security and data confidentiality on their mobile devices," said Graham Long, Samsung UK and Ireland VP, in a press statement.