Hacking, Security & Privacy News - Page 76

Allen Lockser, 21, faces 11 felony computer fraud charges after allegedly accessing student accounts, though didn't compromise any personal information. However, he reportedly submitted quizzes and deleted submitted homework assignments from the school network, first gaining access by trying random passwords until he was successful.

Lockser is accused of hacking into 20 student accounts on Canvas, the Pasco-Hernando State College online portal, which is used for submitting homework assignments and assessments. He was easy to track because he used the static IP address at his home, so sheriff's deputies were able to quickly identify him.

The school boosted security and students must now use passwords with a combination of letters, numbers and special characters. In addition to criminal charges, Lockser will also face a school disciplinary inquiry. After being arrested for his charges, Lockser was booked and later released on $1,100 bail.

The Pony Loader malware has been updated to v2.0 and has nasty new tricks to help compromise users and steal bitcoins. The updated version is able to compromise a large group of different cryptocurrency wallets, including Litecoin, Namecoin, Terracoin, Goldcoin, Junkcoin, and Anoncoin.

To counter this new malware threat, it's recommend users update to the newest bitcoin client, which gives users a way to encrypt private keys with passphrases.

"Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky," said Isaac Palmer, Damballa malware reserve engineer, in a blog post.

Businesses struggle to keep their data secure, but find it even harder to deal with data breaches once they already happen. Companies that try to bury their heads in the sand and keep breaches secret could be harming themselves more than anything else, and should be more transparent.

Some companies try hiding data breaches or only confirm the news after security incident details are released. That can lead to major problems from shareholders, customers, and law enforcement officials.

"It's brought it to a point now where businesses have to pay attention," said Al Pascual, Javelin Strategy & Research senior analyst, in an interview with journalists. "Before, it was more of a concern for folks in the back office. They may have had some minor concerns about regulators or government officials, but now they have to worry about being punished by their shareholders, being punished by consumers who are pretty likely not to come back or to reduce their patronage."

Medical company Medtronic said it was breached by cyberattacks in separate incidents last year, with some patient records compromised. A number of medical records in the diabetes business unit was taken, but the company didn't disclose how many patients were affected, or what information was at risk.

Medtronic is the biggest standalone medical device maker in the world, and is a significant problem that rivals should pay attention to.

"Medtronic, along with two other large medical device manufacturers, discovered an unauthorized intrusion to our systems that was believed to originate from hackers in Asia," Medtronic confirmed in a filing to the Securities and Exchange Commission (SEC).

The Record Industry Association of America (RIAA) has been busy submitting reporting pirate links for removal on Google, recently topping its 50 millionth URL. The RIAA and music studios report millions of links each month - most of them directed to Google - with the filestube.com search engine receiving two million requests alone.

Google acts quickly to remove infringing links from the massive search engine's index, but the RIAA has voiced numerous complaints about the process. It's a difficult battle to deal with for the RIAA, because foreign websites ignore takedown notices, or slightly alter the URL and go back online immediately.

Just a few months ago, the RIAA take down requests number sat at 10 million, with the trade group always scanning for online music piracy locations.

The Motion Picture Association of America (MPAA), the leading movie copyright group in the United States, wants to invest $20,000 in research towards an "unbiased" report focused on online piracy. Following past published reports that claimed piracy harms sales, there was a public backlash that the trade group reportedly wasn't expecting.

"We want to enlist the help of academics from around the world to provide new insight on a range of issues facing the content industry in the digital age," said Chris Dodd, former U.S. Senator and MPAA CEO, in a statement. "We need more and better research regarding the evolving role of copyright in society. The academic community can provide unbiased observations, data analysis, historical context and important revelations about how these changes are impacting the film industry and other IP-reliant sectors."

It's refreshing to hear the MPAA wants to better analyze the current state of online piracy - a shift in strategy, when just a few years ago the MPAA was hesitant to embrace online solutions. However, past efforts to crack down on piracy only led to confusing legal legislation and ineffective, costly strategies.

The United States accounted for 23 percent of online banking malware attacks during the first quarter of 2014, according to security company Trend Micro's "TrendLabs 1Q 2014 Security Roundup" report. It's not a surprise to find the U.S. is the most popular target, with a growing number of malware-related bank attacks.

Joining the United States were the following countries: Japan (10 percent), India (9 percent), Brazil (7 percent), Turkey (4 percent), France, Malaysia, Mexico, Vietnam, and Australia all with three percent. Online bankers are warned to make sure they run anti-virus and anti-malware security, along with directly accessing their bank accounts - and to avoid clicking on suspicious emails.

Security experts struggle to keep up with the large volume of overly sophisticated attacks targeting their networks - and customers are increasingly finding themselves in the cross-hairs.

Sir Iain Lobban, the chief of British spy agency GCHQ, has publicly attacked the Guardian over its role in publishing information leaked by ex-NSA agent Edward Snowden.

He asserted that GCHQ and its sister agencies in British intelligence are protecting the UK "despite the best efforts of some of the media." According to the Telegraph, Lobban said at the IA14 cyber security conference: "GCHQ has some world-class intellectual property but you'll understand that even in these revelatory times we really do need major parts of that to remain secret. But we are working to share where we can, including contributing it to the open source community to encourage further development."

He went on to claim GCHQ's reputation - despite the role the media has played in exposing its part in the worldwide, online surveillance dragnet - is "helping UK industry." "Allies around the world want to talk to us about cyber security and they want to do business with companies that we can vouch for," he said.

Ireland's high court has passed a request on to the European Court of Justice to examine Facebook's compliance with data protection rules after its alleged role in providing data to the USA's National Security Agency.

Ireland's High Court has conceded it is not able to force an investigation from the country's data commissioner, which acts as watchdog to companies all across Europe. High Court Justice Gerard Hogan did say this application for review is likely to fail, as the European commission already ruled the USA has provided an "adequate level of data protection." However, the application does bring about questions on whether the EU data protection directive is in line with the EU's Charter of Fundamental Rights.

"The critical issue which arises is whether the proper interpretation of the 1995 directive and the 2000 Commission decision should be re-evaluated in the light of the subsequent entry into force of article 8 of the EU charter," Hogan said, in a statement which appeared to suggest laws were in dire need of an update for the technology age.

Auction house eBay has banned the sale of smartphones from Chinese manufacturer Star, as the company's N9500 cheap Google Android-powered device ships with the Usupay.D Trojan malware pre-installed. The device tracks phone user activity and cybercriminals can remotely control and manipulate the phone, if necessary.

The only app shown running on the device is the Google Play Store icon, and the malware is completely hidden. After reports showed the phone was compromised, eBay decided to pull all sales of the Star N9500, which has become popular due to its low cost and close design to the Samsung Galaxy S4 smartphone.

"The options with this spy program are nearly unlimited," said Christian Geschkat, G DATA Product Manager of Mobile Solutions, in a press statement. "Online criminals have full access to the smartphone. G DATA customers reported a detection by our security solutions and thus alerted us to this criminal tactic."