TweakTown NewsRefine News by Category:
A representative from the Korea Credit Bureau (KCB) has reportedly been arrested following accusations he stole personal customer information from three different credit card companies, media reports from South Korea indicate.
The stolen information includes full customer names, Social Security numbers, credit card numbers and expiration dates, and phone numbers, according to the South Korean Financial Supervisory Service (FSS). The information was continually stolen from May 2012 until December 2013, with the suspect saving information on a flash drive.
Companies and government agencies providing access to large amounts of personal information must now combat the information from being mistakenly released - or intentionally stolen and later shared - as customers demand better privacy protection.
The United States government believes National Security Agency (NSA) whistle blower Edward Snowden possibly received support from the Russian government.
"I don't think Mr. Snowden woke up one day and had the wherewithal to do this all by himself," said Rep. Michael McCaul (R-Teaxas), in a recent TV interview. "To say definitively I can't answer that, but I personally believe he was cultivated by a foreign power to do what he did. Again, I can't give a definitive statement on that, but I think given all the evidence I know Mige Rogers has access to, that I've seen, that I don't think he was acting alone."
Snowden has evolved into an enigma since his public data breach last year, as the former CIA technical assistant received a GED and dropped out of a Maryland community college. Described as a "geek," it seems shocking that he would eventually find his way to the U.S. government contractor Booz Allen Hamilton - and would remain there until he quickly left for Hong Kong in 2013.
Sen. Dianne Feinstein from California, head of the Senate Intelligence Committee, also noted that Snowden "may well have" received support from an outside source. Whether or not Snowden received foreign support to steal information and publicly share it, government lawmakers and the NSA have struggled with heavy criticism from American citizens.
The recent high-profile data theft that left more than 70 million Target shoppers affected could be part of a more organized cyber plot against major retailers, according to a recent U.S. government document. The credit card readers used in the Target data breach reportedly became available last spring, partially written in Russia, and it couldn't be detected by anti-virus software.
A 17-year-old from St. Petersburg, Russia, is reportedly responsible for creating the BlackPOS malware which was later sold to the Russian organized crime group.
The U.S. Department of Homeland Security (DHS) is working with cyber intelligence company iSight Partners, though other retailers that were affected weren't disclosed by either group. Meanwhile, Target, Nieman Marcus, and other retailers have already suffered due to the cyber crime, with other retailers on the lookout of similar attacks.
Cyber security threats continue to plague users and businesses trying to defend against increasingly sophisticated and well-executed attacks, according to the Cisco 2014 Annual Security Report. Cyber security is a major business as Cisco and other companies develop cyber security efforts to protect end-users and businesses.
Overall cyber attacks increased 14 percent in 2013, with select industries facing a staggering number of attacks designed to steal information and disrupt day-to-day operations. The pharmaceutical, agriculture, mining, chemicals and electronics industries all saw an increase in malware aimed at compromising systems - a whopping growth of 600 percent - while energy, oil and gas industries saw a 400 percent increase in malware and cyber attacks.
"Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies - that that starts with empowering defenders with real-world knowledge about expanding attack surfaces," said John Stewart, Cisco Chief Security Officer, noted in a press release. "To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods - before, during and after an attack."
President Barack Obama announced an overhaul of the National Security Agency (NSA) phone surveillance program following classified data leaks by former IT analyst Edward Snowden.
"Let us chart a way forward that secures the life of our nation, while preserving the liberties that make our nation worth fighting for," Obama said during his Friday morning press conference. "The United States is not spying on ordinary people who don't threaten our national security ... unless there is a compelling national security purpose, we will not monitor the communications of heads of state and government of our close friends and allies."
Obama's administration has endured a tremendous amount of criticism following NSA data leaks, courtesy of Snowden's disclosure last year. Even with a promised overhaul, many Internet users - and foreign government leaders - expect continued distrust from regular Internet users. Furthermore, Obama's promise of not spying on "close friends and allies" only applies to "dozens" of foreign leaders and high-ranking government officials.
Luxury retailer Neiman Marcus reportedly first had its computer network accessed by hackers dating back to July 2013, with the security hole only recently plugged, according to recent stories. The security breach likely compromised customer names and credit card information used in-store only, and online shoppers reportedly remained safe.
The company didn't reportedly receive an alert about the cyber intrusion until mid-December - a shocking reality check for retailers, as five months elapsed from the first date-stamped data intrusion.
Retailers are facing increasingly sophisticated physical and online security threats - and consumers rightfully demand companies handle personal information carefully - though security experts warn this is only the beginning.
Microsoft has given Windows XP users a brief reprieve by announcing anti-malware support for the 12-year-old operating system will be extended into 2015. The XP end of life scheduled for April 8 will still take place as scheduled, but anti-malware protection will give stragglers an additional layer of much-needed security.
Anti-virus vendors already stepped up support for XP, saying they would continue to provide anti-virus and anti-malware defense - but Microsoft won't provide updates, and that could still leave users vulnerable.
"Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited," Microsoft said in a recent blog post. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape."
There are still millions of users using XP worldwide, and many businesses are still scrambling trying to migrate from the aging OS.
The threat of distributed denial of service (DDoS) attacks against enterprise users from mobile applications is increasing as more users go mobile, according to DDoS security company Prolexic. Cyber criminals are finding mobile devices can make for a powerful attack tool - and surprisingly easy to use.
"Mobile devices add another layer of complexity," said Stuart Scholly, Prolexic President, in a press statement. "Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time."
DDoS attacks can lead to website and server downtime, interruption in day-to-day business operations, and lead to lost revenue and wasted manpower. Prolexic discovered a 26 percent increase in DDoS attacks from Q4 2012 to Q4 2013, with a significant number of advanced DDoS attack weapons.
Online chat service Snapchat has apologized for increased spam hitting users, but denies there is a connection to a recent username data breach.
"We've heard some complaints over the weekend about an increase in Snap Spam on our service," the company said in a recent blog post. "We want to apologize for any unwanted Snaps and let you know our team is working on resolving the issue. As far as we know, this is unrelated to the Find Friends issue we experienced over the holidays."
Snapchat engineers are likely working to crack down on spam accounts - and prevent future data breaches - though some users have been rattled and abandoned the service. Snapchat said increasing spam is a sign of a "quickly growing service," and recommended users switch to "Only My Friends" in the account settings panel.
The Snapchat user database was recently compromised and affected 4.6 million users, with contact information published online.
Luxury retailer Neiman Marcus recently confirmed a data breach in which an unknown number of in-store shoppers potentially affected from data theft. Prior to Christmas 2013, Neiman Marcus received a report from its credit card processor informing the company of unauthorized payment activity.
Neiman Marcus also didn't disclose what type of personal information is at risk, and didn't' confirm if retailers such as Bergdorf Goodman, and other Neiman Marcus-owned brands that may have suffered a breach.
"The security of our customers' information is always a priority and we sincerely regret any inconvenience," Neiman Marcus officials said in a Twitter statement. "We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after purchasing at our stores."
The Neiman Marcus breach is the second major retailer hit by a significant data breach, after Target confirmed a breach left 70 million customers at risk. Shoppers are increasingly familiar with online shopping threats, but criminals also look to exploit retail stores in an organized effort to steal personal information.