Hacking, Security & Privacy News - Page 77

A US school has shut down a reading programme because it's scared a book on the reading list will encourage hacker culture.

When Little Brother, by Boing Boing blog editor Cory Doctorow, made the One School/One Book list, Florida's Booker T Washington Public High School decided it would rather cancel the programme instead of let in an allegedly subversive book.

Now Doctorow has responded in a blog post, Ars Technica reports, where he suggests the school's move is political.

Tweetdeck has been compromised by an XSS vulnerability, causing some users to retweet a mysterious line of code.

At first, Tweetdeck said the vulnerability had been fixed but users later reported continuing attacks, such as the code retweets, leading to it being taken offline. It has since returned.

"We've temporarily taken TweetDeck services down to assess today's earlier security issue," the company said. "We'll update when services are back up."

Popular restaurant P.F. Chang's reportedly suffered a data breach and customer debit and credit card information is at risk, the restaurant chain recently confirmed. The information was stolen between March and May, however, it's uncertain how many of the restaurant's locations have been affected in the breach.

Law enforcement and financial institutions have contacted P.F. Chang's and a full investigation is currently underway.

"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," said Anne Deanovic, P.F. Chang's spokesperson, said in a statement. "We will provide an update as soon as we have additional information."

The hacker collective Anonymous is preparing to attack World Cup 2014 sponsors, in response to the Brazilian government spending outlandish amounts of money to prepare for the soccer tournament. It is unknown which specific companies will be hit, but World Sponsor companies include Adidas, Coca-Cola, Emirates Aireline, and Budweiser.

"We have already conducted late-night tests to see which of the sites are more vulnerable," a hacker known as "Che Commodore" told Reuters. "We have a plan of attack. This time we are targeting the sponsors of the World Cup."

The hacker group has already hit the Brazilian Foreign Ministry, compromising at least three hundred documents before the email system was shut down. A phishing attack was used to compromised the ministry, but cyberattacks on World Cup sponsors will likely rely on distributed denial-of-service (DDoS) attacks.

After a few road signs were hacked, the government is warning cities and highway operators using signs manufactured by Daktronics of possible cyberattacks. The United States Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a statement saying operators should prepare "defensive measures" against these types of attacks. The ICS-CERT team said hackers have published a guide on how to compromise Daktronics systems to alter the normal message.

"CIS believes it is likely that a small percent of Watch Dog players will experiment with compromising computers and electronic systems outside of game play," according to a recent report from the Center for Internet Strategy (CIS).

Years ago, vandals would write messages such as, "Warning, Zombies Ahead!" on road signs - and only small number of incidents have been reported. However, authorities were immediately concerned, because changing road signs can be a serious public safety issue, and the signs often help drivers deal with possible traffic and road issues.

Current Microsoft Windows XP users making tweaks to the registry to receive support for XP until April 9, 2019 was quickly discovered by Microsoft. A registry hack is available for both the 32-bit and 64-bit copies of XP, though Microsoft and security experts still recommend migrating to Windows 7 or 8/8.1.

The registry hack tricks traditional desktop versions of Windows XP into thinking it's really a copy of Windows Embedded POSReady 2009, a version of Windows designed for point-of-sale machines. However, Microsoft warns the security update won't make XP fully secure, and it's still advisable to upgrade to a newer OS.

"We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers," a Microsoft statement said. " The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP."

Security firm KnowBe4 is so confident that its Kevin Mitnick Security Awareness series is so beneficial, the company will pay a ransom if a client is compromised due to employee error. The new generations of ransomware typically can slip by traditional anti-virus software, and end-users are responsible for accidentally installing software on work PCs. The security awareness training is ongoing and the KnowBe4 offer to pay ransoms via bitcoin is valid until June 30.

"Many employees take work home and access the network on personal laptops or devices shared with family members," said Stu Sjouwerman, KnowBe4 CEO, in a statement. " KnowBe4 recognizes the need to help users stay secure in a variety of environments and we offer our clients a separate Home Internet Security Course for their whole family as an extra bonus. We are so confident our training works, we'll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer and your employees stepped through our training."

It's a bold decision by KnowBe4, as 234,000 people have been hit with some type of ransomware, such as CryptoLocker, CryptoDefense or CryptoBit, according to the FBI. These data breaches led to $20 million in ransom fees during a four-month span in 2013 alone, according to the report.

Cybercriminals trying to compromise users continued to find new and innovative ways to target unsuspecting users in April, launching malicious attachments and conducting well-coordinated phishing attacks, according to security company Kaspersky Lab.

Email and search engines were the most popular targets, accounting for 31.9 percent of attacks, with social media in second with 23.8 percent, and financial and payment organizations slotted in third with 13 percent. The most notable target in April was Chinese telecommunications company Tencent, with criminals seizing user logins and passwords.

"Last month, we saw a new wave of so-called pump and dump spam," said Tatyana Shcherbakova, Kaspersky Lab Senior Spam Analyst, in a press statement. " The scammers behind these mailings advertised offers to buy stock in a certain company at super low prices, which were allegedly meant to increase considerably in the near future. As a result, the demand for the stock in the company rose, the prices became artificially inflated - and the scammers would then sell off their stock in said company. The stock prices would then begin to fall, and the bamboozled investors were left with depreciated shares and lost their investments."

A recently discovered Trojan targeting Google Android turns out to be a nasty piece of ransomware, encrypting files on a compromised user's device. The Android/Simplelocker ransomware demands a small payment of about $22 in that must be paid to the Eastern European cybercriminals behind the malicious software.

The Trojan scans for the following file formats on a phone's SD card: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4, which will be encrypted and made inaccessible.

"File-encrypting malware has proved to be a lucrative criminal enterprise so it is unsurprising that Android has become a new target," said Dr. Steven Murdoch, University of Cambridge security researcher, in a statement. "Smartphone users should be very cautious of installing software from sources other than the operating system-provided application store, and should pressure their phone supplier to promptly provide security updates to defend against known vulnerabilities."

A privacy campaigner for "Stop The Cyborgs" has come up with a novel way to prevent being recorded by a Google Glass wearing Glasshole - a simple program that knows when Glass is being used and prevents it from connecting to a network.

The program will no doubt be to the chagrin of the Valley's Glass-wearing enthusiasts, as it prevents it from connecting to the cloud completely. But Stop The Cyborg's Julian Oliver claims it's a hassle-free approach to gaining some privacy in public places.

"To say 'I don't want to be filmed' at a restaurant or playing with your kids is perfectly OK," he said, speaking with Wired. "But how do you do that when you don't even know if a device is recording? This steps up the game. It's taking a jammer-like approach."