TweakTown NewsRefine News by Category:
Fruit jam and jelly company Smucker's reportedly suffered an online store data breach, with customer names, mailing addresses, e-mail, phone numbers, credit and debit card numbers, expiration dates, and verification codes at risk.
Security experts believe a sophisticated Trojan is likely to blame for Smucker's issues, with information siphoned from online web server applications.
"We are extremely disappointed this incident occurred and sincerely apologize for any inconvenience this may cause," Smucker's officials said in an online state. "Please be assured, we continue to thoroughly investigate this matter with federal authorities, and have taken steps to rectify the cause of this incident with the Online Store website."
The same attack has been successful against Adobe, data brokers such as LexisNexis and Dun & Bradstreet, and PR Newswire, with other retailers likely to fall prey in the future.
Salon and beauty supply retailer Sally Beauty Supply is the latest U.S. company to suffer a data breach, confirming it noticed "unusual activity" on its network in late February.
Sally Beauty has 2,700 locations throughout the United States, and is now working with police and federal authorities to investigate the breach. The company promised to continue monitoring its network while improving security as Verizon Enterprise Solutions lends an outside hand.
Security specialists found a fresh batch of 282,000 stolen debit and credit cards on an underground hacker forum available for sale - and some reportedly were used at Sally Beauty locations.
Trying to keep PCs and devices safe from increasing numbers of cyberattacks hasn't been easy, with sophisticated malicious code targeting PCs.
Even with elevated malicious attacks in the wild, there are a few basic steps that can be done to boost defenses before something critical occurs.
The first step: "Make sure you have up-to-date Anti-Virus software - preferably not the freeware versions," said Bruce Campbell, IT outsourcing company Clare Computer Solutions, in a statement to TweakTown. "For home users, make sure you activate the Norton or McAfee that comes with the computer, and renew it every year."
Appropriate software is an important first step, but a bit of retraining and reeducation must also take place, for home users and business users.
Things just got a lot worse for former Bitcoin exchange, Mt. Gox. Today a Russian leakster announced that he has accessed then entire source code that ran Mt. Gox's operations. The code is only 1,700 lines long, so it is highly unlikely that the entire thing is there, but it does provide enough information to show how Mt. Gox handled Bitcoin transactions, and the methods used to transmit and receive Bitcoin hashes.
Along with the source code, the leakster / hacker claims to have a 20GB data dump of customer and employee information that includes passport scans, and every piece of contact information customers and employees entered into the system. With a breach this big, it leaves us to wonder how many other exchanges were using a part of this source code, and how many are now venerable to even more attacks now that the information is public? If you are interested, the source link below has links to the stolen code.
It's incidents like this that further undermine the security and trustworthiness of Bitcoins as a viable digital currency. This is the exact reason that US Congressmen are calling for Bitcoin trading to be banned in the us. With such a large economy growing around the virtually unregulated Bitcoin market, a simple crash like Mt. Gox experienced, or major Bitcoin heist like Flexcoin experienced over the weekend could send the entire market crashing down and millions of people would lose everything they have invested in Bitcoins.
There is a security transition from defending against various virus and Trojan formats to sophisticated malware, and anti-virus programs are "totally useless," according to Mohammad Mannan, Concordia Institute for Information Systems Engineering assistant professor.
In a recent survey from Visa, almost 92 percent of respondents said they have been targeted by attempted phishing attempts - and the complexity of these attacks continues to evolve.
Just a few years ago, if a user was infected with malware, it was a major disruptive problem that directly led to PCs running poorly. However, malware is largely being written by cybercriminals aiming to either hijack compromised devices, or steal personal information and make money, so malware runs in the background a lot more efficiently.
The growing threat of malware now plagues security companies, users, and businesses, as traditional anti-virus software is ineffective at detecting malware.
In addition, malware authors are getting more creative when they aim to steal information from users, with cleverly written phishing attacks, tricky malware code, and thirst to steal and sell personal data.
"Malware is increasingly tailored for specific countries," security company CYREN noted in its 2013 yearbook of security threats. "While German e-mail users receive fake train bookings from Deutsche Bahn or Lufthansa tickets, Americans will receive fake gift vouchers from U.S. companies, bills from their tax authorities, or even speeding fines from the police."
Web-based advertisements overtook pornography as the top source of malware found on mobile devices, with compromised ads rising quickly to the top of the charts, according to security company Blue Coat.
"Being in the security space, we're not often surprised by these stats - but that is a big jump in a short period," said Sasi Murthy, Blue Coat VP of product marketing security, in a statement to NBC News. "[Scammers] work like a business. They're focused on low investment and high return, so they will go where the activity is."
Although some mobile users click on links in e-mails and social media messages, compromising Web ads is a more direct approach. Around one in five mobile users pointed towards malware clicked on a compromised Web ad - a major increase from just 5.7 percent during November 2012, according to Blue Coat.
In an effort to compromise smartphones and tablets, Chinese hackers are using well-written malware and malicious code to target U.S. and western targets. The demand for mobile Web access has created a lucrative market for cybercriminals trying to exploit often vulnerable devices which can be hijacked and used for illegal activities.
It's possible to buy mobile malware kits on the black market for as little as $15, with organized cybercriminal forums located in the United States, China, Brazil, and Russia.
"The barriers to launching cybercriminal operations are less in number than ever," a Trend Micro security report recently stated. "Toolkits are becoming more available and cheaper; some are even offered free of charge."
Properly securing healthcare IT has proven to be a difficult task, though ever critical while malware plagues networks across the world.
Due to the potential for healthcare and insurance fraud, compromised medical records can be worth up to $50 per record - a major value increase from the $2 to $28+ per record without additional personal information.
Healthcare providers are integrating technologies throughout hospitals, which can create security vulnerabilities as devices like tablets, for example, are now being used. In addition, many healthcare providers now provide online services, including scheduling appointments, asking for prescription refills, and communicating with doctors - but also provides another security issue for healthcare IT experts.
Researchers have discovered a large number of comprised small office and home wireless routers. Hackers attacked more than 300,000 wireless router devices manufactured by D-Link, Micronet, Tenda, TP-Link and more. This discovery was made by researchers from a security firm 'Team Cymru' who has also disclosed a cross-site request forgery (CSRF) where attackers can access TP-Link routers using a blank password.
The idea is that hackers use multiple techniques to take over the wireless routers. Once the hackers get access, they change the domain name system (DNS) servers that's used to translate 'human-friendly' domain names into IP addresses for computers to track down web servers. The router re-directs to a fake website via the DNS where the unsuspecting victims insert login credentials. Once the credentials are inserted, the attackers use it to log into victims' accounts and uses socially engineering sms to induce the victim to unknowingly approve a transfer of funds to the attackers online banking account.