TweakTown NewsRefine News by Category:
The Retail Industry Leaders Association (RILA) has teamed up with leading retail brands to create the Retail Cyber Intelligence Sharing Center (R-CISC), with the focus of sharing cyber intelligence and security strategies. It seems like a rather fascinating effort that has been streamlined due to the continued security threats that retailers face - and have struggled with - while trying to keep employee and customer data secure.
"Retailers place extremely high priority on finding solutions to combat cyberattacks and proect customers," noted Sandy Kennedy, RILA President, in a press statement. "In the face of persistent cybercriminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cybercrimes."
In addition to Target's massive data breach, other retailers have been under fire from cybercriminals, including the likes of LaCie, Michaels, Neiman Marcus, Smucker's, and others over the past few years. The R-CISC should help give major retailers an opportunity to discuss potential security threats, and discuss what has - or hasn't worked - in cyber defense strategies.
Police in Tucson, Arizona recently arrested six people involved in an international identity theft and credit card fraud ring, with an unknown number of victims. The criminal group reportedly purchased stolen credit card information from Eastern Europeans, and then were printing their own cards to use in local retailers.
"The scope of the problem is so huge that this is probably a drop in the bucket to what's out there, but it's a significant ring," noted Sgt. Radinsky, from the Tucson Police Department, in a statement to local media.
Credit and debit card fraud continue to be big business for criminals, and is the top security concern facing Americans, according to a study released by Unisys. Meanwhile, retailers are suffering a large variety of data theft issues due to malware and other security threats, which continue to cause problems for consumers.
The Department and Defense (DoD) and Tricare have dodged a legal bullet, when a U.S. federal judge threw out most of the lawsuit related to the theft of personal data. Just two complaints from the case remain, after a Science Applications International Corp. employee had storage drives stolen from his or her vehicle, in September 2011. The drives were en route to a storage facility and the theft took place before they could be properly stored.
Here is what U.S. District Court judge James Boasberg noted: "Since the majority of plaintiffs has been dismissed - potentially altering the scope of the remaining litigants' claims moving forward - the court will pause to confer with the parties before determining which, if any, of the complaint's twenty counts has been properly alleged."
The breach affected 4.9 million people, and plaintiffs reportedly wanted $4.9 billion in damages due to the theft of names, addresses, phone numbers, Social Security numbers, prescription information, and medical test reports.
The Samsung KNOX security platform, designed to provide an additional layer of security for Google Android smartphones, has been approved for use by the British government. The UK Communications and Electronics Security Group (CESG) has tested KNOX for a few months, ensuring public sector communications would remain secured.
Samsung KNOX has been approved in the UK for the following devices: Galaxy Note 3, Galaxy S3, Galaxy S4 and the Galaxy S5 smartphones.
"Our technology is widely used in both the UK public and private sector, and with this approval we are committed to working more closely with government departments and agencies that need to maintain high levels of security and data confidentiality on their mobile devices," said Graham Long, Samsung UK and Ireland VP, in a press statement.
Cybercriminals are largely motivated by money and are honing their abilities to find new methods to crack through security measures and compromise users. Despite a wide variety of new security measures available, end-users are the last line of defense, and it seems that we are largely failing to help ourselves.
"If someone really wants to find a way to target you, they will probably find a way, said Jeff Wilson, Principal Security analyst with Infonetics, which continues to be proven true.
Earlier in the year, Microsoft said malware infections tripled in 2013, with security threats continually evolving and causing both researchers and users headaches. To make matters worse, the use of clever social engineering has tricked users to install malicious software, turn over sensitive information, and makes it even easier to be compromised.
Iranian hackers are targeting U.S. private sector defense companies and Iranian dissidents. The Iranian-based Operation Saffron Rose has evolved from simple website defacement to a sophisticated cyberespionage operation utilizing advanced persistent threats (APTs) attacking US defense companies.
Security researchers are increasingly concerned about the Iranian government's growing cyberwar ambitions, which will largely be used to target the United States. Social engineering techniques, which are continually being improved upon, also leads to an increased number of western Internet users infected with malware.
Here is what FireEye said in a statement: "There is an evolution underway within Iranian-based hacker groups that coincides with Iran's efforts at controlling political dissent and expanding its offensive cyber capabilities," said Nart Villeneuve, senior threat intelligence researcher at FireEye. "We have witnessed not only growing activity on the part of Iranian-based threat actors, but also a transition to cyber-espionage tactics. We no longer see these actors conducting attacks to simply spread their message, instead choosing to conduct detailed reconnaissance and control targets' machines for longer-term initiatives."
Google account owners are being targeted by a new round of phishing attack, with cybercriminals targeting uniform resource identifiers (URIs) that helps display data in Google Chrome. The attack is mainly targeted at Chrome users, but has also reportedly succeeded against Mozilla Firefox users as well, according to security researchers.
The initial introduction email mimics something sent from Google, with email subjects of "New Lockout Notice" or "Mail Notice" in the subject line. The email itself is written poorly, with bad grammar and odd capitalizations, though that hasn't stopped users from being tricked due to the email.
"With access to users' Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents," said Catalin Cosoi, Bitdefender chief security strategist, in a statement to Infosecurity. "The scam starts with an email allegedly sent by Google, with 'Mail Notice' or 'New Lockout Notice' as a subject."
Following months of investigation, Dutch and Belgian police authorities have arrested 12 members of an organized crime ring operating a voice-phishing operation.
In the scam, Belgian Internet users received an initial email that asked for personal information. During the second step, criminals in the Netherlands would call the victims via telephone to collect additional personal information. Millions of dollars were stolen from Belgian victims during the scam, authorities note.
"This case is another example of organized cybercriminals setting up teams to act like legitimate representatives of established businesses, who then lure innocent victims into disclosing personal information," said Troels Oerting, head of the European Cybercrime Center (EC3), noted in a press statement. "The criminals misuse this harvested information to steal the victims' identities or money."
Europol warns Internet users of these types of scams, which are becoming more sophisticated - involving direct phone calls to victims - and recommend customers call or visit a bank if any problems arise.
In an effort to infect as many smartphones and tablets as possible, cybercriminals are increasingly targeting Google Android-powered devices. It's not a big surprise as security researchers continually note that the majority of mobile malware is aimed towards Android, with F-Secure pegging the number about 99 percent.
Blue Coat Systems specializes in business security, and has a team specifically designed to hunt down malware and other threats, trying to find ways to neutralize security issues.
"It's more like watching a bank of video security cameras focused on a high-crime area," said Andrew Brandt, Blue Coat Systems Director of Threat Research, when speaking to CNET. "I had downloaded an unrelated app a few hours earlier. [Out of nowhere], I get a text message on the phone thanking me for subscribing [to a $4-a-month service]."
As both hardware and software developers attempt to boost Android security, it's important to know about the most prevalent threats in the wild.
The past year has seen a drastic increase in credit and debit card breaches, which is why fraud is the top security concern Americans face, according to the 2014 Unisys Security Index. The survey found that 59 percent of Americans are "extremely or very concerned" about people obtaining and using credit or debit card details from cybercriminals.
"In today's hyper-connected world, people are wary of losing their financial and personal data to cybercrime, and it is crucial that businesses review and enhance their security measures on a continuous basis," said Dave Frymier, Unisys CIO, in a press statement. "Organizations that ignore the risk of data breaches do so at their peril, as brand reputation and customer loyalty often depend on a company's ability to protect personal information."
Consumers are becoming increasingly angry as retailers are doing a fairly poor job trying to keep data secure from potential cybercriminals.