TweakTown NewsRefine News by Category:
A number of groups are calling on users and developers to create new methods to prevent spying from the National Security Agency (NSA), with advocates calling on better unity from users. The groups hope to see new tools rolled out by June 5 as part of the "reset the 'Net" effort, hoping to see wider use of HTTPS, for example.
Here is what the group said in a released video: "But government spies have a weakness. They can hack anybody, but they can't hack everybody. Folks like the NSA depend on collecting insecure data from tapped fiber. They depend on our mistakes - mistakes we can fix."
Japanese officials plan to meet with the European Union to discuss cybersecurity efforts, especially from mounting attacks from China, Russia, North Korea, Iran, and organized cybercriminal groups. Japan has become a leader in international cybersecurity cooperation, already holding meetings with the United States and England, as more governments become aware of growing cybersecurity threats.
Many western countries are now "facing more severe, widespread and globalized risks surrounding cyberspace... protection of a safe, open and secure cyberspace is needed," according to both sides.
Despite political tensions, Japan and South Korea have a shared goal: to defend against cyberattacks from China and North Korea. Earlier in the year, both countries mentioned cybersecurity talks would need to be held, but it wasn't the appropriate time - but increased cooperation between Japan and the EU could help bring South Korea into the fold.
Security company Symantec is changing its product strategy as antivirus "is dead," and companies can no longer rely on just antivirus product suites, according to Brian Dye, Symantec senior vice president for information security. Symantec is changing gears and plans to create a new response team able to assist companies on disaster recovery once a security breach has taken place.
PC security threats are evolving and security companies are now boosting technology to stifle cybercriminals once they breach a system. End-users are the first line of PC security defense, though tend to mistakenly click links, install malware, and circumvent security protocols in place.
It's an important lesson for companies, as the number of cyberattacks targeting end-users and corporations continues to rise, recent studies have found.
Huawei founder Ren Zhengfei said revelations of National Security Agency (NSA) spying on his company wasn't a big surprise, and is confident that customers will continue to show the Chinese tech giant support moving forward.
"This monitoring behavior of the United States is within expectations," Zhengfei told reporters. "It has just been proved. The business we are doing with our customers is built on a mutual understanding between our customers and ourselves over the last two to three decades. Therefore, those things going on will not, I believe, have any impact on doing business with us."
Considering the U.S. government's suspicions that Huawei is under heavy Chinese government influence, companies such as Nokia Siemens, Alcatel-Lucent, and Ericsson have found success. However, Huawei has over 140,000 employees, and more than 20 research and development firms worldwide - making it a valuable asset for many telecommunication companies.
Customers want companies to do a better job of keeping their personal information secure, with a recent survey finding 33 percent of customers would shop elsewhere following a major data breach. Companies want to maximize sales and profit, but aren't doing enough to try and keep customers secure, including credit and debit card information, phone numbers, email addresses, and other personal data.
"Once thought to be a theoretical consequence, new evidence clearly shows consumers become less apt to open their wallets and patronize a company after a data breach," according to the study from Identity Finder. "In addition to potential lost business and goodwill, a breached company may find itself saddled with the cost of litigation and subsidizing identity protection services for affected customers."
Following a major data breach suffered by Target last year, in which company executives reportedly knew about a possible security issue, the popular retailer found customer approval suffered "meaningful decreases."
Microsoft is again warning Internet users of a sophisticated scam, with the company most notably discussing tech support scams. In this particular type of scam, a caller will be informed of an infected laptop or PC, which can be cleaned up if the user pays a "hefty fee" for service.
A scammer that ran this type of Microsoft tech support scam operation in the UK and received a four-month suspended sentence - a lenient sentence that he likely wouldn't have received in the United States - with many scammers going unchecked by law enforcement.
"What's really alarming is that this type of scam shows no signs of slowing down," Microsoft said in a blog post. "Increasingly, we hear via our frontline support team, and even from friends and family, that these scammers are getting bolder, targeting not only individuals but also businesses. It is appalling that they're taking advantage of your trust in Microsoft in an attempt to steal your money. It's immoral, it's disrespectful and it's certainly illegal."
Despite an earlier promise not to release any security patches to the aging Windows XP operating system, Microsoft will fix an Internet Explorer bug that has hit IE 6 through 11.
Organizations unable to migrate from XP, such as the British government and the IRS, are paying for custom support from Microsoft - but regular end users will have to fend for themselves until they decide to upgrade.
Security company Pure Hacking noted that companies and users relying on XP are open to more security risks - and while Microsoft offered up a fix this time around - don't expect it in the future.
The cybercrime ecosystem is continually evolving from simply public vandalism, with hackers largely interested in compromising users for monetary gain. There also is a growing underground market designed for criminals to sell, share, and trade attack methods, stolen information, and knowledge.
"When big guys get arrested they are usually found to be living lives of luxury," said Stefan Tanase, Kaspersky Lab Global Research and Analytics senior security researcher, in a statement to ITWeb. "It's a lucrative endeavor for many. There are two ways to make money, either by stealing money directly from the user such as credit card details or banking logins, or using the user's resources - computer, connection or similar - to provide services to other cybercriminals."
California Attorney General Kamala Harris noted that cybercrime is a real threat that the government and private sector companies must be better prepared to address.
The Ultimate Fighting Championship (UFC), currently the No. 1 mixed martial arts (MMA) promotion in the world, has sued an alleged Internet pirate, seeking $32 million in damages. Steven Messina, 27, is accused of uploading 141 UFC pay-per-view (PPV) events to The Pirate Bay and other online websites - and even included a PayPal donation link for his troubles.
Messina was able to operate below the radar until he started claiming to be the "Provider of Best MMA & Boxing rips online!," which is when the UFC began to take notice.
UFC President Dana White has talked sternly against Internet piracy, and seems ready to share the same Draconian approach that music and movie copyright holders held years ago. However, people trying to monetize on pirated PPV events should expect to be busted eventually, especially if their operation continues to grow at a rapid pace.
Cybercriminals wanting to launch phishing attacks are finding a valuable asset when using the 30-day free trial of Microsoft Azure, according to Internet intelligence company Netcraft. Specifically, free hosting, subdomains and SSL certificates immediately give phishers great tools, and they are using the basic features of Azure to launch attacks.
To register for the trial, Microsoft now wants customers to provide credit card information and a phone number that can be used to verify each user. The software company is pushing end-users and business clients into the cloud, so ensuring its Azure platform is safe from abuse by cybercriminals should remain a major effort.
Meanwhile, cybercriminals are becoming extremely savvy in their attempts to send spam, phish users, spread malware, and do anything to compromise Internet users.