TweakTown NewsRefine News by Category:
Following news from Gartner that 75 percent of mobile security breaches will be caused by app misconfiguration, applications and third-party ad networks are accessing large amounts of information that open the door to security threats:
At least 78 percent of applications downloaded by business users connect to an ad network, social media API, or analytics API, according to mobile security company Mojave Networks.
"It is critically important that users and IT administrators understand what data is being collected from their devices, where it is being sent, and how it is being used," according to the blog post published by Mojave Networks. "Given that the majority of the sensitive data being collected occurs within these third party libraries such as ad networks, social media APIs, and analytics tools, it is therefore important to fully understand each of the libraries included in your mobilie apps."
The "Pentagon Papers" whistleblower Daniel Ellsberg doesn't believe former NSA contractor Edward Snowden would be treated fairly if he faced trial after coming back to the United States. Snowden is currently living in Russia and has avoided extradition to the United States, where he would certainly face legal issues from the federal government.
"He's a fugitive, not as Secretary Kerry says from justice - he's a fugitive from injustice," Ellsberg recently said. "He has no chance of a fair, just trial in this country. He'd be facing a jail cell from the time he stepped off the plane here. He would probably never get out, unless the Espionage Act is changed, as it should be."
Snowden said he would like to return home in the future, though that wouldn't be likely as he's still charged under the 1917 Espionage Act. Meanwhile, Secretary of State Kerry taunted the former NSA contractor, saying he's a "coward."
Enterprise security companies Palo Alto Networks and Fortinet have teamed up to create a cyber defense consortium tasked with threat intelligence data sharing in the technology industry. The consortium will also offer coordination of incident response and better prevention of cyberattacks using advanced malware.
It's something that should have been created in the past among security companies, though as advanced persistent threats (APTs) and advanced evasion techniques (AETs) continue to evolve. APT attacks, for example, are typically well-researched and conduct operations without interfering with typical day-to-day operations, which make these type of attacks difficult to identify.
" We are pleased to work with another respected innovator like Fortinet to join forces in the ongoing battle against the rapidly evolving threats stemming from advanced malware and APTs," said Mark McLaughlin, Palo Alto Networks President and CEO, in a press statement. " The consortium is a clear response to the demands from the industry for a coordinated response from their technology vendors."
Weeks after it became evident Heartbleed was one of the biggest security threats to the internet ever, one security researcher has released a proof of concept that could deploy the same vulnerability over Wi-Fi.
Luis Grangeia has called his concept 'Cupid', and it would operate in a similar way to Heartbleed. But rather than being hidden on the web, it would run over Wi-Fi and take data from routers or Android devices. Android Jelly Bean 4.1.1 devices are particularly vulnerable.
There's not quite cause for panic over this vulnerability just yet, as although there's a proof of concept the attack would have to be carried out over Wi-Fi range, which would limit potential targets, the Verge reports.
Regardless, Grangeia points out it's important for vendors, admins and users to keep their devices up to date and as protected as possible, as well as demonstrating just how big an impact Heartbleed has had, and will likely continue to have.
A growing number of parents let their kids use their smartphones, though that can lead to significant security risks, especially among 11-15 year olds, according to a recent survey from Avast. In the survey, 32 percent of parents say their child accessed adult content using the mobile device, with 11 to 15 year olds the most likely to use a mobile device for rather naughty reasons.
Overall, 19 percent of kids use their parents' devices to send messages in their parents' names, with the likelihood rising even higher for children 11 to 15 years old. Parents that allow their kids to use their smartphones should be proactive to track what websites kids are visiting, and lock apps that are able to make purchases.
Of parents that don't let their children use their smartphone, 38 percent already have their own device, 48 percent said their children are too young, and 22 percent said they don't trust their kids. Not surprisingly, the most mistrusted age group were children ranging in age from 11 to 15.
Near Field Communication (NFC) is common in Europe and Asia, but still has struggled to gain mainstream acceptance in the United States. Security remains a major concern, but continued growth in trusted service management (TSM) provides companies interested in wireless payments the opportunity to become more inventive. The TSM market is expected to jump from $280 million in 2014 up to $550 million in 2015, according to Frost & Sullivan, as more vendors utilize it for NFC-related transactions.
Almost 25 percent of U.S. consumers will carry a smartphone with NFC technology by 2016, according to Forrester Research, which will give banks, credit card companies, and payment startups a unique opportunity.
Moving forward, phone manufacturers are expected to embrace NFC built directly into new smartphones, as the technology becomes more common place in the United States. Apple has rejected NFC for quite some time now, though that could change with the iPhone 6, according to reports.
Hackers have successfully compromised around 110 million Americans in the past 12 months alone, nearly half of all adults in the country, as companies struggle to keep up with growing cyber threats. It's hard to identify exact numbers, with larger companies not providing precise data of affected users following a large-scale data breach.
The compromised information typically includes various forms of personal information, including names, addresses, phone numbers, Social Security numbers, debit and credit card information, or bank account numbers. Companies such as Target and eBay suffered massive data breaches, while other companies are compromised to a smaller degree.
Collecting a lot of information about an individual is more valuable [for attackers]," said Larry Ponemon, Ponemon Institute head, in a statement to SCMagazine. "They'll take the data, and wait patiently. Then, two or three years after the breach, [the impacted] become the victim of identity theft."
The open source and free TrueCrypt full-disk encryption project is likely over after developers jumped ship, abruptly ending what was a popular asset for PC users. There are rumors circulating that TrueCrypt was compromised, though that hasn't been confirmed and still seems rather unlikely at this point in time.
In what was a rather cheeky way to throw in the towel, the truecrypt.org website redirects users to sourceforge.net, and current TrueCrypt users are being transitioned to BitLocker. This message also was posted:
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" -
"This page exists only to help migrate existing data encrypted by TrueCrypt."
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
Rising cyber tensions between the United States and China is leading to a marketing and sales boom for Chinese software and hardware companies. Chinese government officials are concerned of possible cyberespionage attempts, so new security solutions are being purchased - a steady increase since former NSA contractor Edward Snowden said his former employer breached Huawei.
"The nation's information security could come under direct threat if the software we use was implemented with backdoor viruses and the like," said Mian Wei, Ministry of Industry and Information Technology (MIIT) minister, in a statement to the Chinese media. "Our job is to make sure such things do not happen."
The Chinese and U.S. governments have exchanged cyberespionage jabs at one another, with China saying U.S. lawmakers have fabricated evidence - and the U.S. threatening cyberattack retaliation. It's unknown what will come of all this continued banter from Beijing and Washington, though both sides seem to be preparing for cyberwar.
British shoe retailer Office has sent a memo to customers, urging them to change their passwords due to a recent data breach. The only accounts compromised were those created in August 2013 or earlier, with names, addresses, email addresses, account passwords, and personal phone numbers stolen. Office didn't disclose how many customers might have been affected in the data breach.
The company was first aware of a cyberattack on May 22, and discovered the data breach on May 26. "I can confirm that the Office website has been the subject of a security breach," said Brian McCluskey, Office CEO, in a statement. "We take such a threat very seriously and have been in communication with our customers to advise them of the matter."
"We can confirm that no credit card, debit card, PayPal or bank details were compromised in any way," Office said in a memo sent to customers.