TweakTown NewsRefine News by Category:
Around 80 percent of the top 25 small office/home office (SOHO) wireless routers available on Amazon are susceptible to security vulnerabilities that put users at risk, according to research recently compiled by security and compliance company Tripwire.
The Tripwire Vulnerability and Exposure Research Team (VERT) also found that 34 percent of the top 50 best-selling routers have publicly documented exploits out in the wild.
"Unfortunately, users don't change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious web sites, browser plugins, and smartphone applications," said Craig Young, Tripwire security researcher, in a press statement.
During the RSA Conference 2014, Novetta Solutions and Teradata teamed up to develop the Novetta Cyber Analytics solution to help keep corporate networks more secure.
The new analytics platform will make it easier for security experts to accelerate interruption of attacks while also quickly identifying the who, what, where, when, and why regarding cyberattacks.
"Our customers want a cyber security analytics capability that minimizes the time between network intrusion, discovery and recovery," said John Buke, Teradata VP of industry marketing, in a press statement. "The new Novetta Cyber Analytics solution with Teradata's high-performance analytic data platform provides greater context and deeper perspective into data in motion on the network."
Cyber criminals are increasingly focused on exploiting vulnerabilities and installing malicious software for profit, with underground trading places providing tools to make cyberattacks easier. To make matters worse, there is an increasing number of criminals willing to modify malicious code - or rent their services - to groups willing to make payments.
Most organized hacking seems to be traced back to eastern Europe and China, but recently major exploits tend to indicate criminal groups in Spain and other parts of western Europe. However, some previous malicious code revealed code writers were intentionally trying to leave bread crumbs that would make authorities waste time searching elsewhere.
Hackers and cybercrime used to be a rather solitary effort, the ability to work as a team and share thoughts and ideas leads to more sophisticated attacks reaching the wild even faster.
Following former NSA contractor Edward Snowden's disclosure of widespread spying by the U.S. government, there has been a massive push to develop privacy-centric software and hardware. During the 2014 RSA Conference, which begins on Monday in San Francisco, data security and privacy solutions will be demonstrated at a frantic time in the industry.
In addition to the "Blackphone" being publicly unveiled, Google Android apps to better protect smartphones and tablets from sophisticated malware will also be shown off. Software security company AVG plans to release a "privacy fix" to identify what information companies can easily find about individual users.
The RSA Conference 2014 begins on Monday in San Francisco and has quite a bit of controversy and confusion heading into the event. In addition to increased security interest following former NSA contractor Edward Snowden's disclosures last year, the RSA brand is under fire for reportedly accepting payment to create a backdoor for NSA snooping.
RSA is expected to focus on mobile and cloud security, customer privacy, and better strategizing future security efforts. Large tech security conferences also tend to be a good location for corporations to look at technology created by smaller companies, with a flood of acquisitions expected in 2014.
Companies searching for new methods to keep networks safe and defend against cyberattacks are increasingly turning to strong authentication and one-time passwords, according to market research firm Frost & Sullivan.
Strong authentication is the technique used by banking and financial institutions, while one-time passwords are single-use passwords that better protect against phishing and other security breaches.
Smaller boutique security vendors have popped up to help fill the void in a booming security market. Since more companies and consumers are scrambling for security solutions this will lead to a market of acquisitions as larger companies gobble up smaller, niche security firms.
Cybercriminals are successfully using malware to steal customer debit and credit card information, company customer lists, and sensitive data seemingly at will. Underground forums have become a popular destination for criminals buying and selling stolen personal information, with analytics used to detail credit limits and which banks have more lenient security procedures in place.
In one underground forum, for example, a list of 10,000 e-mails - broken down by age, gender, and geographic location - for just $79 for purchase, and there are plenty of similar offers available. Key logger software can be purchased for $35-$50, and customizations can be added for a slightly increased fee.
After the recent Target data breach, which affected more than 70 million in-store customers, more Internet users are becoming aware of cyber threats. Banks have already paid more than $200 million in costs related to the breach, and that number is only expected to increase over the next few months.
In an attempt to attack North Korean nuclear facilities, the South Korean government wants to develop cyberwar weapons to target critical infrastructure. Similar to the Stuxnet software aimed towards Iran, South Korean wants to use software to disrupt its neighbors to the north, even with military analysts hesitant to condone significant attacks.
Earlier in the month, U.S. and South Korean officials held continued meetings regarding cybersecurity efforts to protect both nations from prying eyes in China, North Korea, and other locations. There is continued concern regarding North Korea's nuclear ambitions, and excluding an actual military strike, cyberattacks are believed to be the next option as diplomatic efforts have struggled.
The South Korean government also plans to increase funding for home-grown startups, with software and cyber development expected to be a major effort. The United States and western allies would be able to share information with South Korea, offering a unique perspective into functional cyber weapons.
However, there will be mounting concern that a physical cyberattack could harm infrastructure that wasn't initially targeted.
Mobile app infections in the Google Play app store have increased almost 400 percent from 2011 to 2013, according to online security group RiskIQ. Just three years ago, there were around 11,000 malicious apps available in the store, but that drastically increased to at least 42,000 by 2013, with Google trying to continue to fight back.
Around 12.7 percent of apps in the store are said to be compromised, with less than a quarter of the apps removed. The following categories were targeted the most: personalization, entertainment, education/books, media/audio video, and sports apps, according to RiskIQ.
"The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data," said Elias Manousos, RiskIQ CEO, in a press statement. "Malicious apps are an effective way to infect users since they often exploit the trust victims have in well known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants."
The Android OS has seen continued adoption on multiple smartphones and tablets - but security issues have given security companies the opportunity to release next-generation security platforms.
The recent security breach at Target stores across the US has certainly hit consumers hard, but the real pain is being felt at the banks and financial institutions who hold the accounts of those consumers. A new report is suggesting that the damage done to Banks is upwards of $200 million and counting with no end in sight.
The security breach saw more than 40 million credit card numbers stolen, and only about half of those cards have been replaced by bankers, leaving the other half still venerable to fraudulent use. This means that that $200 million estimate could grow to more than a half billion dollars before this is all over. In total more than 110 million customers in the US were affected by the breach and saw not only their credit card numbers stolen, but other personal information such as names, mailing addresses, email addresses and more. Target has began offering affected customers a year of free credit monitoring to help ease the pain some.