TweakTown NewsRefine News by Category:
Tax season 2014 is well underway, and while some of you likely have filed your taxes, most Americans are still digging through receipts, plugging away on spreadsheets, and hoping they file accurately to get some cash. Cybercrime levels spike during this period, as hackers and scammers prey on taxpayers frantic to try and file their taxes in peace.
Identity theft and phishing are the top threats facing people this tax season, according to the Protect Yourself from Tax Season Identity Theft Scams document from the Center for Internet Security (CIS). Taxpayers need to be especially aware of e-mails and phone calls from people claiming to be from the IRS - and security experts need to be careful when opening e-mails, receiving phone calls, or receiving unsolicited correspondence.
If paper documents are no longer needed, they should be disposed of properly:
"One of the easiest ways to prevent the crime is by immediately shredding no-longer needed confidential documents," said Nancy Heaton, Fellowes Director of Global Marketing. "Fellowes offers a variety of shredders to suit every home office need that are perfect for tax season."
Businesses and users are increasingly relying on mobile technologies for a wide variety of tasks, and that has created a market with untapped potential for cybercriminals.
As mobile banking, e-commerce, and similar sensitive activities rise further, it's important to adopt next-generation securities and understand the changing threat landscape, according to a recent study released by ThreatMetrix.
"Mobile device usage for e-commerce and banking will continue to rise and in order to prevent the associated risks, businesses must have the capabilities to effectively analyze mobile activity to detect returning authentic customers and device anomalies that indicate malicious behavior," said Mustafa Rassiwala, ThreatMetrix Director of Product Management, in a statement. "This includes differentiating between normal and jailbroken devices, as users with jailbroken devices are more likely to engage in criminal activity."
Popular retailer Target had multiple warnings that a credit and debit card breach was underway, but still didn't do enough to try and stop the problem.
A recent series of interviews with more than 10 former Target employees, and a handful of people familiar with the attack indicate the company was aware of a data breach underway - and the alert system worked - signaling malware was installed before being publicly disclosed.
"I don't think it is about not paying attention to the technologies as much as fine tuning for actionable, relevant information from the technology," said Joe Schumacher, Neohapsis security consultant, in a statement to SCMagazine. "Many security systems (e.g. Web application firewall, log monitoring, intrusion Detection/Prevention Systems, etc.) correlate large amounts of data into a single repository. Unfortunately, a lot of companies and professional services stop here."
Six months before the successful data breach, Target installed a $1.7 million security platform, the report indicates.
To show his displeasure over continued revelations of organized spying from the National Security Agency (NSA), Facebook CEO Mark Zuckerberg recently called President Obama to discuss the matter.
This was the first time that Zuckerberg expressed his concerns directly with Obama, while Facebook, Google and other companies improve encryption and security efforts.
"The US government should be the champion for the Internet, not a threat," Zuckerberg wrote in a Facebook blog post. "They need to be much more transparent about what they're doing, or otherwise people will believe the worst. I've called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform."
Of all the spying programs revealed by former IT contractor Edward Snowden, the National Security Agency (NSA) was quick to deny exploiting users by impersonating Facebook.
Shortly after reports surfaced accusing the NSA of mimicking a Facebook server to help infect user PCs, users were upset - and the NSA wanted to offer a public statement.
"Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate," the NSA said via its Public Affairs Office. "NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities."
Online retailer NoMoreRack.com was hit by a second reported data breach in the past seven months, and has been notified by Discover regarding customer card data has been compromised, according to a report on the KrebsOnSecurity website.
Following the first reported attack, NoMoreRack teamed with information security compliance company Trustwave, and the forensic audit turned up "no clear cut evidence" of a successful data breach.
"So, as of last week, we engaged with Trustwave again to undergo another audit," said Vishal Agarwal, NoMoreRack Director of Business Development, in a statement. "We have been hearing the complaints from banks, but apart from that, and we've done our analysis and due diligence, and there is nothing seriously we can find that may have resulted in customer cards being compromised."
In an effort to keep user privacy more secure, search giant Google plans to encrypt searches in China, an effort that will rollout worldwide, to try and limit government snooping.
The Chinese government is well known for its censorship and spying activities, with tech-savvy users already relying on proxies and anonymous Internet browsers to slip past the "Great Firewall of China."
"No matter what the cause is, this will help Chinese netizens to access information they've never seen before," noted Percy Alpha, GreatFire.org co-founder, a group designed to monitor Chinese censorship. "It will be a huge headache for Chinese government authorities. We hope other companies will follow Google to make encryption by default."
Following reported spying activity from the National Security Agency (NSA), Google and other search companies have been blamed for their role in organized spying efforts. However, Google, Microsoft, Yahoo, and others have boosted search encryption efforts to help boost privacy in an age where government surveillance is a frightening reality.
Colleges and universities are popular targets for cybercriminals trying to compromise a large amount of users, stealing as much personal information as possible. However, university officials, after learning of a breach, often are unsure what to do - and struggle to alert students and faculty members in a streamlined manner.
Most recently, hackers compromised North Dakota University and Johns Hopkins University, with hackers stealing personal information.
In the Johns Hopkins University breach, hackers stole information on 850 current and former students, though no Social Security Numbers or highly sensitive information was taken. The breach reportedly took place sometime towards the end of 2013, but university officials didn't publicly report the incident until early March.
The North Dakota University System breach compromised students from different colleges and universities in North Dakota, hitting a few hundred staff members around 300,000 students - no financial data was stolen, but personal information, including Social Security Numbers, was compromised in the breach. There was a delay in reporting the incident so a forensic analysis could be conducted, according to security specialists.
Security experts are keen to try and help traditional anti-virus software evolve into a layer of added defense for breach detection systems (BDS), though the industry is having trouble finding its way there.
If hackers are unable to gain access to PCs, they are finding success targeting voice over Internet protocol (VoIP) phones in the office - which sometimes leads to direct access to computer networks.
Red Balloon, founded by researchers from Columbia University, are interested in developing security for embedded devices, helps companies keep devices more secure.
"Now that we know that these phones can be hacked and used as eyes and ears by the attackers, it's time we started demanding real security on the phones," noted Ang Cui, Red Balloon chief scientist, in a statement to the media. "These phones, like mother other embedded devices I've looked at, are about as protected as my laptop back in 2006, without anti-virus."
National credit reporting company Experian endured a data breach dating from 2007 to 2013, with a man posing as a private investigator reportedly purchasing consumer data. Vietnamese citizen Hieu Minh Ngo pleaded guilty last week, after reportedly selling the stolen information to a group of 1,300 customers.
The information Ngo offered up included full names, addresses, previous mailing addresses, phone numbers, e-mail information, birth dates, and Social Security Numbers. It's unknown how many people were affected, though security experts believe up to 30 million American records could have been shared.
Ngo faces up to 45 years in jail, and will be sentenced on June 16.