TweakTown NewsRefine News by Category:
President Barack Obama announced an overhaul of the National Security Agency (NSA) phone surveillance program following classified data leaks by former IT analyst Edward Snowden.
"Let us chart a way forward that secures the life of our nation, while preserving the liberties that make our nation worth fighting for," Obama said during his Friday morning press conference. "The United States is not spying on ordinary people who don't threaten our national security ... unless there is a compelling national security purpose, we will not monitor the communications of heads of state and government of our close friends and allies."
Obama's administration has endured a tremendous amount of criticism following NSA data leaks, courtesy of Snowden's disclosure last year. Even with a promised overhaul, many Internet users - and foreign government leaders - expect continued distrust from regular Internet users. Furthermore, Obama's promise of not spying on "close friends and allies" only applies to "dozens" of foreign leaders and high-ranking government officials.
Luxury retailer Neiman Marcus reportedly first had its computer network accessed by hackers dating back to July 2013, with the security hole only recently plugged, according to recent stories. The security breach likely compromised customer names and credit card information used in-store only, and online shoppers reportedly remained safe.
The company didn't reportedly receive an alert about the cyber intrusion until mid-December - a shocking reality check for retailers, as five months elapsed from the first date-stamped data intrusion.
Retailers are facing increasingly sophisticated physical and online security threats - and consumers rightfully demand companies handle personal information carefully - though security experts warn this is only the beginning.
Microsoft has given Windows XP users a brief reprieve by announcing anti-malware support for the 12-year-old operating system will be extended into 2015. The XP end of life scheduled for April 8 will still take place as scheduled, but anti-malware protection will give stragglers an additional layer of much-needed security.
Anti-virus vendors already stepped up support for XP, saying they would continue to provide anti-virus and anti-malware defense - but Microsoft won't provide updates, and that could still leave users vulnerable.
"Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited," Microsoft said in a recent blog post. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape."
There are still millions of users using XP worldwide, and many businesses are still scrambling trying to migrate from the aging OS.
The threat of distributed denial of service (DDoS) attacks against enterprise users from mobile applications is increasing as more users go mobile, according to DDoS security company Prolexic. Cyber criminals are finding mobile devices can make for a powerful attack tool - and surprisingly easy to use.
"Mobile devices add another layer of complexity," said Stuart Scholly, Prolexic President, in a press statement. "Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time."
DDoS attacks can lead to website and server downtime, interruption in day-to-day business operations, and lead to lost revenue and wasted manpower. Prolexic discovered a 26 percent increase in DDoS attacks from Q4 2012 to Q4 2013, with a significant number of advanced DDoS attack weapons.
Online chat service Snapchat has apologized for increased spam hitting users, but denies there is a connection to a recent username data breach.
"We've heard some complaints over the weekend about an increase in Snap Spam on our service," the company said in a recent blog post. "We want to apologize for any unwanted Snaps and let you know our team is working on resolving the issue. As far as we know, this is unrelated to the Find Friends issue we experienced over the holidays."
Snapchat engineers are likely working to crack down on spam accounts - and prevent future data breaches - though some users have been rattled and abandoned the service. Snapchat said increasing spam is a sign of a "quickly growing service," and recommended users switch to "Only My Friends" in the account settings panel.
The Snapchat user database was recently compromised and affected 4.6 million users, with contact information published online.
Luxury retailer Neiman Marcus recently confirmed a data breach in which an unknown number of in-store shoppers potentially affected from data theft. Prior to Christmas 2013, Neiman Marcus received a report from its credit card processor informing the company of unauthorized payment activity.
Neiman Marcus also didn't disclose what type of personal information is at risk, and didn't' confirm if retailers such as Bergdorf Goodman, and other Neiman Marcus-owned brands that may have suffered a breach.
"The security of our customers' information is always a priority and we sincerely regret any inconvenience," Neiman Marcus officials said in a Twitter statement. "We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after purchasing at our stores."
The Neiman Marcus breach is the second major retailer hit by a significant data breach, after Target confirmed a breach left 70 million customers at risk. Shoppers are increasingly familiar with online shopping threats, but criminals also look to exploit retail stores in an organized effort to steal personal information.
Snapchat is one of the most popular image sharing services in the mobile ecosystem, and today more than 4.6 million users are learning that their contact information has been hacked by unknown persons. A website called SnapchatDB.info has popped up that list out usernames and phone numbers of each account that was compromised.
Originally thought of as a hoax, SnapchatDB.info has been confirmed as real and its creators say that they stole the information and created the website to raise awareness around the security issues surrounding Snapchat. SnapchatDB.info did censor the last two digits of each phone number to reduce spam, and unwanted messages to users, but with only 10 numbers per spot, it would only take a few minutes to figure out which is correct.
A group of hackers who are known as DERP, used DDoS attacks on a few large games and gaming sites, taking a few of them down. EA's home page was victim, Battle.net, League of Legends and Club Penguin were all affected.
It looks like a single gamer by the name of Phantoml0rd is the target of these multiple attacks, with DERP attacking all of the games he streams through Twitch, which include World of Warcraft and League of Legends.
A new DDoS Botnet has the ability to infect both Microsoft Windows along with Linux-based systems, according to the Poland Computer Emergency Response Team (CERT). Unlike many cyber-based attacks, this botnet is only interested in launching DDoS attacks to knock certain servers and websites offline.
The Linux-based botnet reportedly handles dropping servers, while the Windows-based botnet easily hijacked consumer PCs. "Most servers that are injected with these various scripts are then used for a variety of tasks, including DDoS, vulnerability scanning, and exploiting," according to security expert Andre Dimino, in a blog post. "The mining of virtual currency is now often seen running in the background during the attacker's 'downtime.'"
Seeing DDoS attacks to turn zombie PCs into an effective botnet isn't Earth-shattering news, but this cross-platform attack is relatively unique. As bitcoin mining and launching attacks to impact certain companies is easily done when using unsuspecting machines.
Researchers from Johns Hopkins University confirmed it's possible to turn on a laptop's web camera without turning on a light that informs users the camera is on. Just a few years ago, it didn't seem possible to hack a webcam like this, but it's something consumers need to be somewhat vigilant about.
The team focused on Apple MacBook and iMac models available before 2008, but said the exploit can be used on a variety of different models. Although Apple initially opened up communication with Johns Hopkins University to discuss the problem, there reportedly haven't been any further updates.
Using a Remote Administration Tool (RAT), for example, works around the computer's security and remotely controls the computer webcam.
For users worried about being remotely spied on, security researchers recommend simply placing a piece of tape over your web camera when it isn't in use. It may seem like a rather archaic method, but is successful in case the camera has been compromised.