Hacking, Security & Privacy News - Page 80

The Federal Trade Commission should be tasked with enforcing security protocols to protect Internet users from security threats posed by online advertising, according to a recent report from the Permanent Subcommittee on Investigations of the Senate's Committee on Homeland Security and Government Affairs.

"Consumers can incur malware attacks [through online ads] without having taken any action other than visiting a mainstream website," the report notes. "Similar attacks have struck across many online advertising platforms."

It seems significantly more likely for users to be infected with malware or security threats when visiting piracy websites, for example, though third-party advertisers have been hacked in the past. Malware creators are getting more creative in their efforts to compromise users, as they find many security loopholes and very little risk.

Google account owners are being targeted by a new round of phishing attack, with cybercriminals targeting uniform resource identifiers (URIs) that helps display data in Google Chrome. The attack is mainly targeted at Chrome users, but has also reportedly succeeded against Mozilla Firefox users as well, according to security researchers.

The initial introduction email mimics something sent from Google, with email subjects of "New Lockout Notice" or "Mail Notice" in the subject line. The email itself is written poorly, with bad grammar and odd capitalizations, though that hasn't stopped users from being tricked due to the email.

"With access to users' Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents," said Catalin Cosoi, Bitdefender chief security strategist, in a statement to Infosecurity. "The scam starts with an email allegedly sent by Google, with 'Mail Notice' or 'New Lockout Notice' as a subject."

The U.S. House Judiciary Committee has voted 32-0 in approval of a modified version of the USA Freedom Act, requiring the National Security Agency (NSA) to receive approval from the Foreign Intelligence Surveillance Court before seizing phone records. The bill will now have to be approved by the House floor, and would help clamp down on ulk phone collection programs.

Despite political efforts to ensure the NSA - or any other U.S. government agency - is able to illegally collect data on citizens, privacy experts warn more legislation in the future will be needed.

The EFF had this to say: "The new version of the USA FREEDOM ACT is a strong first step to undoing the damage of the government's tortured interpretation of the PATRIOT ACT. The Judiciary Committee should be commended for moving the conversation on reforming the NSA's activities forward. We urge Congress to support this bill and to support additional privacy protections to address outstanding issues, whether through amendments or other legislative vehicles."

After learning he's the target of a $32 million lawsuit from the Ultimate Fighting Championship (UFC), accused pirate Steven Messina says he suffers from mental illness and can't afford the significant civil lawsuit. The parent company of the UFC, Zuffa, is now seeking $150,000 for every act of infringement, $110,000 for using UFC content without permission, and $60,000 for intercepting UFC content, plus legal fees.

The UFC says Messina made money from the pirated streams, though he refutes the accusation: "Most of the time I barely had enough to cover an event's cost after donations and would use my own money saved from medication and doctors. In total, I've probably made no more in a year than $450-$550 in donations. But that just helped me pay for a few months of medical expenses, as well as maybe four or five fight cards. I always ended up paying out of my own pocket though, as I've had money from my previous job saved in my checking account."

Zuffa will continue to fight against organized piracy that streams its events, especially pay-per-view fight cards, and is currently interested in targeting websites that host the events. Regardless of what happens from this outcome, there are numerous ways to illegally stream content.

The overall number of Microsoft Windows vulnerabilities has increased 12.6 percent year-over-year, according to the Microsoft Security Intelligence Report (SIR), covering July to December 2013. During Q3 2013, 5.8 of every 1,000 Windows computers reportedly suffered from malware infection - and jumped to a whopping 17 computers per 1,000 during Q4.

However, severe Windows vulnerabilities reportedly declined 70 percent between 2010 and 2013 - as Microsoft continues to increase security - but the sophistication of current threats are giving computer security companies fits. Cybercriminals are using social engineering to get users to click on malicious links, or install malware bundled with legitimate software, the report also indicates.

Malware authors are finding a great market, in which they can launch mass attacks for a low price and little risk of being prosecuted. To make matters worse, next-generation malware is able to easily circumvent anti-virus software that traditionally kept PCs more secure.

Google remains an outspoken critic of mass surveillance operations by the National Security Agency (NSA), but it appears both sides were exchanging a large amount of emails. NSA Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt exchanged emails - including personal meetings and invitations to briefings and meetings.

At least one meeting, between U.S. government departments and Silicon Valley tech leaders, was focused on Enduring Security Framework - with a focus on mobile security.

Despite the emails, Google gave the Huffington Post this statement: "We work really hard to protect our users from cyberattacks and we talk to outside experts, including occasionally in the US government, to ensure we stay ahead of the game."

The average cost of a data breach to U.S. companies averaged $3.5 million and is a 15 percent increase year-over-year, according to a new study conducted by the Ponemon Institute and sponsored by IBM. Each lost record reportedly cost $201 each, an increase from $188 per record in 2013, as cybercriminals find success targeting select industries.

Not only are companies finding data breaches to be more costly, but retailers need to worry about customers possibly leaving if a security issue occurs. Everything from university and medical records to debit and credit card information have value among criminals, trying to steal information which can later be exploited, sold, or traded in underground forums.

From the Ponemon press release: "As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company's business continuity management team in dealing with the breach."

Microsoft is again warning Internet users of a sophisticated scam, with the company most notably discussing tech support scams. In this particular type of scam, a caller will be informed of an infected laptop or PC, which can be cleaned up if the user pays a "hefty fee" for service.

A scammer that ran this type of Microsoft tech support scam operation in the UK and received a four-month suspended sentence - a lenient sentence that he likely wouldn't have received in the United States - with many scammers going unchecked by law enforcement.

"What's really alarming is that this type of scam shows no signs of slowing down," Microsoft said in a blog post. "Increasingly, we hear via our frontline support team, and even from friends and family, that these scammers are getting bolder, targeting not only individuals but also businesses. It is appalling that they're taking advantage of your trust in Microsoft in an attempt to steal your money. It's immoral, it's disrespectful and it's certainly illegal."

The Ultimate Fighting Championship (UFC), currently the No. 1 mixed martial arts (MMA) promotion in the world, has sued an alleged Internet pirate, seeking $32 million in damages. Steven Messina, 27, is accused of uploading 141 UFC pay-per-view (PPV) events to The Pirate Bay and other online websites - and even included a PayPal donation link for his troubles.

Messina was able to operate below the radar until he started claiming to be the "Provider of Best MMA & Boxing rips online!," which is when the UFC began to take notice.

UFC President Dana White has talked sternly against Internet piracy, and seems ready to share the same Draconian approach that music and movie copyright holders held years ago. However, people trying to monetize on pirated PPV events should expect to be busted eventually, especially if their operation continues to grow at a rapid pace.

Research indicates a whopping 90 percent of the top 30 most visited Internet piracy websites in the United Kingdom contained some form of malware or "Potentially Unwanted Programs" (PUPs) to compromise user systems.

The piracy sites often rely on social engineering techniques to trick users into clicking fraudulent links: "These fake play buttons, and that sort of thing, are very much driven by the desire of people to download content," said according to the group. "We view it as a kind of social engineering attack on the users who are tricked into downloading stuff."

In an ongoing effort to combat piracy, copyright holders might have more success trying to inform users of the security threats they open themselves up to when downloading content - it would be a unique twist on sometimes rudimentary scare tactics.