TweakTown NewsRefine News by Category:
The CurrentC mobile payment program, which has been selected by retailers as a viable rival to Apple Pay, confirmed the service has been breached. Best Buy, Rite Aid, CVS, Best Buy, and around 50 retailers back CurrentC under the Merchant Customer Exchange (MCX). Many compromised email addresses were dummy accounts and the CurrentC app wasn't breached, according to an MCX spokeswoman.
"In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties," MCX said in an email to CurrentC testers. "We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC."
CurrentC could be in more than 110,000 locations across the United States in 2015, and this is a significant setback - traditional point of sale (POS) systems have proven to be susceptible to cyberattacks - and any type of mobile payment system must ensure their systems aren't compromised.
A likely Russian state-sponsored hacker group is being blamed for launching cyberattacks against NATO, Georgia, the Caucasus, Eastern Europe and Western European defense contractors, according to a report from FireEye. The APT28 group launches phishing attacks with links to websites that look like authentic news, with compromised information the type of data the Russian government would be interested in acquiring.
"The Sofacy group is using multiple malware families, including some that are not mentioned in the FireEye paper," said Aleks Gostev, Kaspersky Lab chief security expert of Global Research and Analysis. "They have been very active lately and have registered many domains in order to launch phishing attacks."
The FireEye report also notes APT28 sought "sensitive tactical and strategic intelligence" from governments in the region. Russia has been blamed for a number of coordinated cyberattacks against targets across Europe and in the United States, including a recent attack on the White House - and breaching point of sale (POS) machines of Home Depot.
Personal information of 18.5 million California residents, almost half of the state's total population, suffered from a data breach due to hacking, theft or other personal data exposure in 2013. Up to one-third of the total suffered from some form of fraud, California Attorney General Kamala Harris said - with the 167 significant breaches and 18.5 million number six times higher than 2.5 million accounts stolen in 131 reported breaches one year earlier.
Not surprisingly, the Target breach contributed to the significant increase, but as cybersecurity experts warned, a number of companies are suffering from large scale data breaches.
"Data breaches... threaten the privacy, the security and the economic well-being of consumers and businesses," Harris said. Cybercriminals don't prefer residents in California over other states, but the California Data Breach Report forces businesses and government agencies to publicly disclose breaches of more than 500 people.
The White House, also known as the Executive Office of the President (EOP), is familiar with enduring cyberattacks on a frequent basis. However, a recent attack was found to be organized and significantly powerful, with the White House's networks enduring a few days of consistent downtime.
"In the course of assessing recent threats we identified activity of concern on the unclassified EOP network," an anonymous source recently told the media. "Any such activity is something that we take very seriously. In this case we took immediate measures to evaluate and mitigate the activity."
In addition to state-sponsored hacker groups in China and Russia, other nations have shown interest in advanced cyber espionage tactics. The computers and systems were not damaged, but suffered extended downtime that has been largely resolved by federal cybersecurity experts, according to reports.
Americans are "occasionally" or "frequently" worried about having their credit card data stolen by hackers and having their PC or smartphone hacked more than any other crimes, according to a recent Gallup poll. A whopping 69 percent of poll respondents are worried about store data breaches leading to personal information being stolen, while 62 percent are worried about PC or smartphone security - significantly ahead of the 45 percent of people worried about their home being burglarized while away.
Consumers with salaries $75,000 or above are most concerned about potential debit and credit theft, as they spend more and are more likely to have multiple credit cards.
The high-profile data breaches of Target, Home Depot, and other major retailers helped finally wake up more Americans about the potential of data breaches. However, consumers and business users are still vulnerable to phishing and malware attacks, which haven't received the same amount of media attention.
A whopping 94 percent of companies have suffered one data breach in the past 12 months, with 12 percent claiming they suffered at least a single targeted attack launched by cybercriminals, according to security software maker Kaspersky Lab. Nine percent of organizations in 2012 and 2013 reportedly suffered targeted attacks, as cybercriminals make sure their tactics evolve.
"The survey results clearly indicate that many businesses now recognize that the threat of a targeted attack is very real and could be very harmful for their organization," said Chris Doggett, Kaspersky Lab North America managing director. "With major breaches being reported regularly now, it is critical for businesses of all sizes to make protection of their IT infrastructure their top priority, especially given the damages that arise from each successful targeted attack."
Cybercriminals have also been found to target smaller companies so they can steal business email contacts - having direct access to contact names, email addresses and phone numbers of other possible future targets.
Hospitals trying to keep patient medical records secure are embracing biometrics, including palm scans, instead of traditional passwords. Using palm scanning is a more secure method than other biometric systems such as fingerprints, and palm scanners rely on the unique vein blood flow pattern in each person's body.
Each patient's palm scan serves as a "unique digital signature," and when a patient puts their hand on a biometrics palm scanner, patient records are immediately recalled. PatientSecure, for example, has more than 6 million users spread across 250 health care providers across the United States, with the palm scan seen as less intrusive than retinal scans.
News of cyberattacks has largely focused on point of sale (POS) networks at retailers, but medical and healthcare data is much more valuable on the black market.
Apple CEO Tim Cook recently had "very open" talks regarding security and privacy with Chinese Vice Premier Ma Kai, as both sides deal with controversy. The Chinese government stands accused of spying on its users - and launching foreign cyberattacks - while users of the Apple iCloud service in China are under attack.
Apple is interested in launching its Apple Pay mobile pay service in China, but must address potential security problems with the government. Furthermore, the company will have to convince users that its service is safe and secure from cybercriminals and government snooping.
Much like other US companies, China remains a major market for product and service expansion, which Cook confirmed. "China is a really key market for us. Everything we do, we are going to work it here. Apple Pay is on the top of the list."
Robert Dubuc was sentenced to 21 months in prison after pleading guilty for breaking into banks and government agencies while trying to steal $15 million. He pleaded guilty to wire fraud conspiracy, identity theft and conspiracy to commit access device fraud earlier in the year, as one of his co-defendants, Oleg Pidtergerya, will be sentenced later this year.
The ringleaders of the cybercriminal group have been indicted but haven't been arrested, likely in the Ukraine or elsewhere in Eastern Europe. They targeted the US Department of Defense, PayPal, JPMorgan Chase and Citigroup, among other companies - with stolen money transferred to their bank accounts.
The US federal government wants to take a more proactive approach against cybercrime - as the attacks continue to amount - but actually locking up prolific hackers remains extremely difficult.
Consumers are going to take to the Internet and retail stores in a big way this holiday shopping season, but with numerous significant data breaches, there is concern over shopper security. For shoppers preparing to head out and visit local retailers, if you're not paying cash, then the next best thing is using a credit card if worried about security. "You're just better off by and large paying with a credit card because you have more rights and you're not out the money," said Susan Grant, Consumer Federation of America Director of Consumer Protection.
Credit card companies can cancel charges - with very little impact to consumers - while compromised debit card information often leads to major headaches. Beyond having data stolen, criminals are able to drain accounts, while also cloning the card and making ATM withdrawals. It's not uncommon for bank customers to have a hold placed on their account while an investigation is conducted, and shoppers are out their own money.
Financial intuitions are given up to 10 days before they need to refund fraud related to debit cards, and that sometimes leads to missed rent, utility bills, and other significant headaches. Retailers are under siege, and it seems cybercriminals are preparing to launch additional point of sale (POS) malware attacks, cybersecurity experts warn.