TweakTown
Tech content trusted by users in North America and around the world
6,199 Reviews & Articles | 40,011 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 74

Oh the irony, RSA Conference mobile app users exposed

Either just bad luck or a cruel practical joke, it turns out the RSA Conference 2014 mobile app designed to help attendees get through the show mistakenly had a security hole potentially exposing user data.

 

TweakTown image news/3/5/35876_01_oh_the_irony_rsa_conference_mobile_app_exposed_users.jpg

 

IOActive found that there were two major vulnerabilities in the app, including a flaw that reveals name, surname, job title, employer, and nationality of the mobile app users. The second flaw opened up the door to man-in-the-middle attackers able to inject code into the app's login, so login credentials could be exposed.

 

"The RSA Conference 2014 application downloads a SQLite DB file that is used to populate the visual portions of the app (such as schedules and speaker information) but, for some bizarre reason, it also contains information of every registered user of the application - including their name, surname, title, employer, and nationality," said Gunter Ollmann, IOActive CTO, in a blog post.

Continue reading 'Oh the irony, RSA Conference mobile app users exposed' (full post)

Target, other retailers trying to come to terms with data breaches

Popular retailer Target is still dealing with continued fallout from a data breach in late 2013 that left more than 70 million customers affected. The malware targeting Target's point-of-sale solutions should have raised immediate alarm bells for other retailers trying to prevent similar attacks.

 

TweakTown image news/3/5/35865_01_target_other_retailers_trying_to_come_to_terms_with_data_breaches.jpg

 

Target is now being sued by a handful of smaller banks that accuse the store of not doing a good job of protecting customer data.

 

"So far, seven financial institutions have filed class action suits against Target alleging the retailer didn't adequately protect customer data," according to the Wall Street Journal's Joel Schectman. Other banks could join the class action suit, accusing one of the largest U.S. brick and mortar retailers of not boosting its security defenses when warned of possible malware threats.

Continue reading 'Target, other retailers trying to come to terms with data breaches' (full post)

Secunia: 1,208 vulnerabilities in the 50 most popular programs

Third-party applications are responsible for 76 percent of vulnerabilities now plaguing the 50 most popular programs, according to IT security firm Secunia. The company's research looked at the top 50 programs used on private PCs - including solutions approved and maintained by IT experts - with vulnerabilities largely stemming from non-Microsoft applications.

 

TweakTown image news/3/5/35862_01_secunia_1_208_vulnerabilities_in_the_50_most_popular_programs.jpg

 

Of the 1,208 total vulnerabilities found in 2013, 76 percent were sourced to third-party applications - even though they account for just 34 percent of the top 50 programs.

 

Despite continually improving security, many users still blame Microsoft for a wide variety of security loopholes - but Secunia's research indicates it's these downloaded and installed third-party apps that continue to cause problems.

Continue reading 'Secunia: 1,208 vulnerabilities in the 50 most popular programs' (full post)

Alleged British hacker wants to stay in UK, avoid US extradition

Alleged British hacker Lauri Love is accused of hacking into US Federal Reserve computers, and his lawyers will "vehemently oppose" all attempts to extradite him. If convicted in the United States, Love faces up to 12 years in federal prison, according to FBI officials anxious to have him land on U.S. soil.

 

TweakTown image news/3/5/35863_01_british_hacker_wants_to_stay_in_uk_avoid_us_extradition.jpg

 

The UK national Crime Agency also is looking into Love's alleged hacking behavior, though the UK court system wants to see the "sophisticated hacker" stay in the UK.

 

"If there is an extradition request from the United States it will be vehemently opposed," said Karn Todner, Love's legal advisor, in a statement to the BBC. "We believe that if Mr. Love is to face charges that they should be, and will be, in the UK."

Continue reading 'Alleged British hacker wants to stay in UK, avoid US extradition' (full post)

Variety of malware stealing bitcoins using exploited apps

RSA 2014 - The bitcoin currency is extremely popular, and has become a great target for cybercriminals trying to steal a quick payday. Targeting Apple's OS X applications, the CoinThief Trojan is designed to steal bitcoins when hidden in pirated versions of mobile apps.

 

TweakTown image news/3/5/35861_01_variety_of_malware_targeting_bitcoin_theft_using_exploited_apps.jpg

 

The CoinThief malware was discovered earlier in the month, and works by installing a browser plugin that remotely steals login information used on bitcoin wallet and exchange sites.

 

There are currently more than 100 forms of bitcoin-stealing malware in the wild, available for purchase starting around $25, according to security experts. Underground forums provide an ideal location for cybercriminals to show their wares - and if you are able to gain access and become a trusted member of the community - it's possible to purchase customized malware for next to nothing.

Continue reading 'Variety of malware stealing bitcoins using exploited apps' (full post)

British spies snooped on webcam images of Yahoo users

British spy agency GCHQ reportedly stole webcam images from millions of Internet users, including sexually graphic images, according to leaks from former NSA contractor Edward Snowden.

 

TweakTown image news/3/5/35829_01_british_spies_may_have_snooped_on_webcam_images_of_yahoo_users.jpg

 

Anywhere from three percent up to 11 percent of the images comprised "undesirable nudity," according to the study.

 

"Unfortunately, it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person," according to a GCHQ document. "Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."

Continue reading 'British spies snooped on webcam images of Yahoo users' (full post)

Energy companies, critical infrastructure still exposed to threats

Utility companies are reportedly being denied insurance coverage for cyberattacks because security defenses are seen as too weak, according to a recent report.

 

TweakTown image news/3/5/35827_01_energy_companies_critical_infrastructure_still_exposed_to_threats.jpg

 

Cyber protection is inadequate and until it is improved industrywide, utility providers are going to be forced to pay high premiums - and security still hasn't improved - only dragging out the process further.

 

"I think what's behind it is the increase in threats and the fact that a lot of these systems were never previously connected to the outside world," Laila Khudari, insurance underwriter at the Kiln Group, in a statement to the BBC.

Continue reading 'Energy companies, critical infrastructure still exposed to threats' (full post)

US Attorney General Eric Holder wants data breach notification laws

U.S. Attorney General Eric Holder believes Congress should make it mandatory for data-breach notification laws to better protect shoppers compromised by data breaches.

 

TweakTown image news/3/5/35770_01_us_attorney_general_eric_holder_wants_data_breach_notification_laws.jpg

 

"As we've seen - especially in recent years- these crimes are becoming all too common," said U.S. Attorney General Eric Holder in a recent video. "And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cybercriminals to justice, it's time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches."

 

Following the high-profile Target and Neiman Marcus data breaches, in which millions of customers were affected, trying to figure out how to best inform customers has proven difficult.

Continue reading 'US Attorney General Eric Holder wants data breach notification laws' (full post)

Spikes Security helps block malware before it reaches your network

RSA 2014 - Spike Security will now help users prevent browser-based malware attacks, using its AirGap Enterprise software solution outside of the firewall before malware reaches the network.

 

TweakTown image news/3/5/35769_01_spikes_security_helps_block_malware_before_it_reaches_your_network.jpg

 

The company will use physical isolation, connection isolation, session isolation, and malware isolation to help give users multiple layers of security.

 

"Enterprise organizations are facing a big problem: the productivity tool that could arguably be considered their most important application - the web browser - is also the primary threat vector for cyber attacks," said Branden Spikes, Spikes Security CEO, in a press statement.

Continue reading 'Spikes Security helps block malware before it reaches your network' (full post)

MasterCard wants to use your phones location for security

Let's face it, whenever you're shopping and using your credit card, you'll have your smartphone on you, too. Well, now MasterCard is working with network company Syniverse in order to reduce fraud when using your credit cards overseas.

 

TweakTown image news/3/5/35763_02_mastercard_wants_to_use_your_phones_location_for_security.jpg

 

The companies are working on tying your credit card to your smartphone, so that the card is only capable of working when your smartphone is near. Hany Fam, president of global strategic alliances at MasterCard explains: "There have been many attempts to help prevent credit card fraud, but this is the first solution that works globally and without the need for new devices or infrastructure".

 

If you end up using this new system, you won't feel it in everyday use. Your smartphone will just need to be turned on and kept with you. Syniverse acts on the phone operator's side of things, interconnecting between different networks reaching more than 5 billion mobile devices globally. The company is capable of locating users' phones on their signal alone, without mobile data being enabled, or used.

Continue reading 'MasterCard wants to use your phones location for security' (full post)

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases