Hacking, Security & Privacy News - Page 72

Social media service Diaspora, an open source, decentralized service consisting of individual nodes, utilizes thousands of private servers. Unfortunately, there isn't a way for the Diaspora project team to edit or remove content from a network node, and that's likely why IS chose it.

After being booted from Twitter and other social networking sites, the Islamic State is looking for new alternatives. In an attempt to spread images, videos and published propaganda to shock the west and appeal to new recruits, IS wants to have a collection of social media accounts to use.

"As many of the members of the core team are pod administrators ourselves, we know it can be hard to detect such users," the Diaspora blog reads. "We rely on our community members to use the report function to alert their podmin to any post or comment they believe to be a cause for concern. However, because this is such a crucial issue, we have also accumulated a list of accounts related to IS fighters, which are spread over a large number of pods, and we are in the process of talking to the podmins of those pods."

U.S. universities face a bigger threat of security data breaches than the retail and healthcare sectors, according to a recent study published by BitSight. As the school year begins again, hackers are preparing to target universities once again, the report said.

Using data based on major athletic conferences, including the Pacific-12, Big 10, Big 12, Southeastern Conference, Atlantic Coast Conference and Ivy League from July 2013 to June 2014, all divisions saw a drop in cybersecurity performance.

"From Social Security and credit card numbers to health records and intellectual property produced by research departments, colleges and universities house a vast amount of sensitive data," said Stephen Boyer, BitSight co-founder and CTO, in a statement to FierceCIO. "While not surprising given the unique challenges universities face securing open campus networks, it's concerning to see that they are rating so far below other industries that we've seen plagued by recent security problems."

Pro-Syrian hackers are using WhatsApp, Facebook, YouTube and Viber to share malware that is aimed at activists fighting for a regime change in Syria. In addition to Syrian Internet users, people were also targeted in the United States, France, Saudi Arabia, United Arab Emirates, Turkey, Palestine, Israel, Morocco and Lebanon, security researchers noted.

The malware is using remote access tools (RATs) and being shared to groups that support Syrian President Bashar al-Assad. The RAT technology are able to compromise PCs and systems in which they are installed, with attackers stealing credentials, remotely turning on microphones and video cameras, and controlling the infected PCs.

"Total Network Monitor (which is a legitimate application) is inside another sample found, being used with embedded malware for spying purposes," according to Kaspersky Lab researchers. "Offering security applications to protect against surveillance is one of the many techniques used by malware writing groups to get users desperate for privacy to execute these dubious programs."

Former NSA contractor Edward Snowden would "volunteer" for prison but only under the right circumstances, he said in a recent interview with Wired Magazine. Considering he faces charges that include conveying classified information to an unauthorized party, theft of government property and disclosing communications intelligence information, he would likely face significant prison time if convicted.

"I told the government I'd volunteer for prison, as long as it served the right purpose," Snowden told Wired earlier this month. "I care more about the country than what happens to me. But we can't allow the law to become a political weapon or agree to scare people away from standing up for their rights, no matter how good the deal is. I'm not going to be part of that."

Earlier in the month, Russian officials announced Snowden's asylum was extended for an additional three years - allowing him to remain in a safe location as he tries to figure out what to do long-term. Most U.S. politicians have been less than kind when describing Snowden's actions, and it seems unlikely he would receive a fair trial if he returns back to the United States. However, they are still keen to see him return home, because they certainly seem to have a lot of questions they would like him to answer.

Repeated cyberattacks against French news website Rue89 has drawn criticism from the Committee to Protect Journalists (CPJ), with staff and their families being harassed after publishing a story related to a "militant Zionist" cybercriminal. The person in question, Gregory Chelli, lives in Israel, and reportedly attacked people he thought were against Israel.

The official Rue89 website suffered multiple distributed denial-of-service (DDoS) attacks, according to Pierre Haski, website editorial director. An official complaint has been filed with the French public prosecutor's office, and Chelli already faced a suspended sentence in France, but it's unsure what will happen this time around.

"We call on French and Israeli authorities to launch a thorough investigation into these attacks on Rue89 and to ensure its staff members' safety," said Nina Ognianova, CPJ Europe and Central Asia Program Coordinator, in a statement. "Such intimidation tactics against journalists and their families must not be tolerated, lest they lead the media to self-censor."

Hackers can compromise a smartphone user and eavesdrop by using the device's internal gyroscope, according to a study from Stanford University and the Rafael Advanced Defense Systems technology company. Instead of directly listening to a phone conversation, this is remote eavesdrop exploit so users can be snooped on when in the immediate area of a device.

"Whenever you grant anyone access to sensors on a device, you're going to have unintended consequences," said Dan Boneh, Stanford security professor, in a statement to Wired. "In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations."

The gyroscope in smartphones use a small plate that vibrates around 200 hertz, which is fast enough to recognize human voices. Using customized speech recognition software allowed the researchers to accurately determine 65 percent of "numeric digits" of a specific speaker. Eavesdropping levels aren't quite the same as using a compromised smartphone's microphone, but shows the potential threat level of current data security efforts.

Cybercriminals successfully breached Albertson's and SuperValu, which are two of the largest and most popular grocery store chains in the United States. The massive data breach also impacts their umbrella companies, including Acme, Jewel-Osco, Shaw's, Star Market, Cub Foods, Farm Fresh, Shop 'N Save, Hornbacher's, and Shoppers Food & Pharmacy.

The SuperValu breach might have affected customers between June 22 and July 17 in Illinois, Maryland, Minnesota, Virginia and Missouri. It's unknown how many Albertson's customers might be affected from the data breach.

"The safety of our customers' personal information is a top priority for us," said Sam Duncan, SuperValu President and CEO, in a statement. "The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data. I regret any inconvenience that this may cause our customers but want to assure them that it is safe to shop in our stores."

Following a data breach suffered by Rady Children's Hospital in June 2013, a mother has filed a lawsuit against the company related to a security breach that led her daughter's medical records to be exposed.

The Rady data breach occurred when an employee emailed a spreadsheet containing patient admittance records from July 1, 2012 to June 30, 2013 to four job applicants. The records included patient names, birth dates, primary medical diagnoses, medical record numbers, insurance carrier information, and admittance and discharge dates.

"This is not one or two records dropped in the parking lot," said David A. Miller, an attorney representing the mother, in a statement to the media. "The people they gave this information to didn't even work there. They were job applicants."

Amobile Spy recently launched the iKeyMonitor Android Spy App, a custom app designed to help parents track what their children do using their smartphones.

The app has the ability to log passwords and keystrokes, monitor WhatsApp message recording, Web history tracking, capture screenshots, log email reporting and 2-side SMS/call logging. The keylogger monitors everything from Facebook, Twitter, Gmail, Skype, Yahoo Messenger and other popular social media or communication apps.

"iKeyMonitor Android Keylogger offers simple, secure, and secret ways to record the activities on Android devices with incredible monitoring features," said Kyle Davis, Amobile Development Department Manager, in a press statement. "We're also giving users smart features to review the logged data remotely."

A new Chinese malware infected more than 75,000 jailbroken Apple iPhones, with the malware hijacking 22 million advertisements. AdThief, also known as Spad, is the iOS malware and was able to covertly operate around four months - and only works on jailbroken devices. Although originally found by researcher Claud Xiao in March, Fortinet senior mobile researcher Axelle Apvrille took a closer look at AdThief.

Operating on 15 different mobile adkits, the malware changed a developer or affiliate ID so the attacker would collect the revenue. Eight of the adkits are Chinese, and jailbreaking devices is a rather common technique among Chinese consumers. Security experts continually warn users that jailbroken smartphones and tablets pose significant threats to users.

The Chinese hacker, known as Rover12421 did contribute to the code, but denied saying he or she is behind the entire project.