TweakTown NewsRefine News by Category:
Lavabit founder Ladar Levison recently opened up about why he was forced to shutter his secure email service following the fallout of former NSA contractor Edward Snowden. The Lavabit email service had 410,000 users, Snowden included, and with Levison rejecting U.S. government access to encrypted email accounts, he was found in contempt of court.
When federal investigators wanted private encryption keys and user passwords of Lavabit users, Levison immediately rejected the idea. It only took a few weeks of legal proceedings that would ultimately lead to the company unraveling, and then eventually shuttering.
Here is what Levison said in an op-ed posted by The Guardian: " If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did - standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people's defense against an abuse of the state's power.
This morning, eBay announced that its internal and customer databases were compromised earlier this year. Sometime between February and March of 2014, hackers managed to compromise a number of employee accounts and were able to obtain log-in credentials that allowed them to access eBay's internal and customer databases. eBay says that the security breach remained undetected until just two weeks ago.
Customer information was stolen, and included log-in information, email addresses, encrypted passwords, physical addresses, phone numbers and date of birth information. Fortunately, the database that stores customer financial information was not compromised, and all of that information remains secure. eBay is however urging every account holder to change their passwords as soon as possible, and personally, I would suggest changing your PayPal password as well even though it was not part of the breach.
Despite widespread media attention, 75 percent of users remain unaware of Heartbleed and its potential threat to user security, according to a survey of 268,000 conducted by security company AVAST. Furthermore, 41 percent of respondents aware of Heartbleed didn't want to change passwords, saying they didn't believe they were affected.
At the very least, security experts recommend changing passwords now, with most major websites already fixing the vulnerability. Security companies continually urge users have multiple passwords, and recommend utilizing a password manager instead of trying to memorize - or write passwords down on paper - to stay secure.
Heartbleed garnered significant attention among casual users, with local newspapers and TV stations covering the vulnerability - but that still didn't ultimately change how users reacted. Earlier this month, it was estimated at least 300,000 servers were still vulnerable to Heartbleed, while the Department of Homeland Security even stepped up to offer security tips.
National Security Agency (NSA) whistleblower Edward Snowden now has his very own comic book, "Beyond: Edward Snowden," focusing on his life and decision to reveal massive surveillance programs by the U.S. and U.K. governments. The comic will be released on May 21, in both print and digital formats.
The narration begins when Snowden is 19 years old, a high-school dropout, before he turned into one of the most recognizable names in the world. Marvel Comics writer Valerie D'Orazio and Dan Lauer teamed up to create the comic book and wants to focus on "the man behind the headlines," in which he drew international media attention.
It has been a whirlwind ride for Snowden since he stepped forward as the NSA whistleblower, as he is now safely tucked away in Russia. Although many U.S. politicians believe Snowden is "under Russian influence," and German authorities wish to speak with him, the 30-year-old only turns up via Internet chats or video conferences.
The CryptoLocker ransomware continues to plague PC users in the United States and throughout the western world, with spear-phishing techniques now used to spread the payload. Specifically, companies with CraigsList postings that receive emails with attached files are being compromised, as CryptoLocker is infecting company executives, company owners, or human resources personnel.
CryptoLocker has proven to be extremely successful for cybercriminals, with forty percent of those affected reportedly paying the ransom. Unfortunately, simply removing the malware once it has been installed doesn't work - CryptoLocker is installed, but the encrypted files remain in control of the criminals.
Here is what Stu Sjouwerman, KnowBe4 CEO, said in a statement: "These methods pose a high risk for companies looking to hire as well as for individual Internet users. The cybergangs running these Crypto-variants will try any number of things to outdo each other and extort your hard earned money. Since the weakest point in any security model is the person who touches the keyboard, it is vital to educate users what to look for. Stepping them through effective Security Awareness Training will make them think twice before clicking on a link, or open a possibly infected attachment."
In an effort to help keep mobile users more secure, McAfee today announced the newest version of the McAfee Mobile Secure program that gives Google Android users a way to check apps that use data collection techniques. There is a growing need to try and keep mobile devices secure, especially with users granting access to a wide variety of personal information when installing apps.
Around 80 percent of mobile apps used today collect user location information, 82 percent know device ID information, and 57 percent track when devices are used, according to the McAfee Consumer Mobile Security Report. After a scan is complete, users are informed regarding how much information each app accesses and shares, and ranks the apps by privacy sensitivity.
"The personal data some apps collect can be beneficial to enhancing your mobile experience, however many apps are collecting more information than they need, putting your privacy and personal security at risk," noted Gary Davis, McAfee VP of consumer marketing, in a press statement. "McAfee Mobile Security is empowering users by letting them know exactly what information their apps are accessing, and helps them safeguard their identity and personal information."
No. 1 social media site Facebook and leading security vendor Trend Micro have teamed up to make Trend Micro HouseCall available to all Facebook users, giving them the chance to scan and remove malware from hijacked accounts. If an infected user is identified, Facebook will contact them and provide an option to download a free version of HouseCall.
Trend Micro is a well-known security company, while Facebook is keen to try and limit security threats that face its large user base. The service will hopefully give users the chance to operate in a more secure environment and reduce the likelihood of malware infection.
Here is what Kevin Simzer, Trend Micro CMO said: "HouseCall will give Facebook users an additional safeguard against the malicious attacks that interacting online can bring. We are pleased to partner with one of the world's leading social media networks to provide a free solution that will help protect the online security and privacy of billions of users."
Symantec has released another product designed to keep small and midsized businesses (SMBs) secure from cyberthreats, with Norton Small Business marketed for companies with less than 20 employees. The software has 100 percent virus removal assurance and a friendly user interface to make it even easier to utilize in case IT staff aren't available to lend a hand.
The Norton Small Business also has mobile security technology, providing device scanning, remote locate, locking and wiping capability to protect bring your own device (BYOD) supporters. Symantec also has the ability to scan Google Android applications to remove any malicious software, with the majority of mobile malware aimed at Android devices.
"According to the Symantec Internet Security Threat Report, small businesses were targeted in 30 percent of all cyberattacks in 2013," noted Brian Burch, Norton VP of Global Consumer and Small Business Marketing. "While the risks are real, small business owners with fewer than 20 employees often wear multiple hats and don't have the time or resources to manage IT needs. Running a small business is hard work, but Symantec wants to make securing it the easy part."
Another day, another phishing scam targeting online banking users. This time around, cybercriminals are targeting Bank of America Merrill Lynch customers, tricking users to install malware designed to steal personal information. The scam email includes a PDF attachment which has a malware link that initiates a download of a "SecureMessage.zip" file - packaged with the Spyware/Win32.Zbot Trojan.
Similar to other phishing attacks, the "secure message" includes a zip file, and users open the attachment inside of a Web browser. Users end up clicking a Dropbox download link where the malware is installed - another stark reminder for Internet users to be careful when clicking links from unknown users.
One-third of phishing attacks are aimed at financial institutions, and because of the large amount of attacks, banks have to follow new guidelines to better defend against distributed denial-of-service (DDoS) attacks.
Cybercriminals responsible for creating and using the "BlackShades" malware have been arrested, with police authorities in 16 different countries arresting at least 80 people reportedly involved. The custom malware was sold to thousands of clients, and led to more than 500,000 PCs being infected, giving criminals the ability to remotely access PCs.
The criminal operation has been in operation since 2010 and was responsible for the distribution of "malicious software to thousands of cybercriminals throughout the world." Attackers were able to compromise users and had the ability to "access and view documents, photographs and other files ... record all of the keystrokes entered ... steal the passwords to the victim's online accounts and even activate the victim's Web camera to spy on the victim."
International police authorities are trying to crack down on organized cybercriminals, but tend to get to those responsible after