TweakTown NewsRefine News by Category:
Security experts continually warn users to choose strong passwords, but it appears hackers don't bother to use complicated passwords, either. Of the 2,000 passwords recently analyzed by security firm Avast, used by hackers to illegally access information, many of the passwords were saved in plain text. Many hackers used the terms "hack," "pass," "root," or "hax."
"When a hacker finds vulnerability in a website, [they]use a special file called a 'shell' to gain control over the website," said Antonin Hyza, AVAST virus lab analyst, in a statement to SCMagazine. "Avast detects shell as malware to help administrators identify infected websites. Those shells are usually protected by passwords so no other hacker could use it."
Just 10 percent of the passwords analyzed by Hyza are considered to be strong, with him recommending a password that is at least 10 characters long. Cybersecurity experts recommend how to select stronger passwords, with free online websites also testing how strong a password is.
When Target suffered a major data breach towards the end of 2013, security experts warned that other large companies would likely endure a similar style incident. Sure enough, eBay suffered a data breach that required all of its members to reset their passwords to try to remain secure. A previously released study found that 33 percent of customers would shop somewhere else if a retailer suffered a major data breach.
"When you lost a customer's trust it seems like it's pretty hard to win it back," said Jason Helmmann, host of the Business Take. However, Business Take panelist Daniel Kline had this to say: "There doesn't seem to be a loss of trust. It's almost like an accepted cost of doing business."
As consumers better understand the risks that these data breaches pose, it's possible they will be less forgiving following major incidents. eBay faces multiple investigations over the data breach, with states, and national governments wanting to hear how and why the data theft occurred.
Security firm KnowBe4 is so confident that its Kevin Mitnick Security Awareness series is so beneficial, the company will pay a ransom if a client is compromised due to employee error. The new generations of ransomware typically can slip by traditional anti-virus software, and end-users are responsible for accidentally installing software on work PCs. The security awareness training is ongoing and the KnowBe4 offer to pay ransoms via bitcoin is valid until June 30.
"Many employees take work home and access the network on personal laptops or devices shared with family members," said Stu Sjouwerman, KnowBe4 CEO, in a statement. " KnowBe4 recognizes the need to help users stay secure in a variety of environments and we offer our clients a separate Home Internet Security Course for their whole family as an extra bonus. We are so confident our training works, we'll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer and your employees stepped through our training."
It's a bold decision by KnowBe4, as 234,000 people have been hit with some type of ransomware, such as CryptoLocker, CryptoDefense or CryptoBit, according to the FBI. These data breaches led to $20 million in ransom fees during a four-month span in 2013 alone, according to the report.
Cybercriminals trying to compromise users continued to find new and innovative ways to target unsuspecting users in April, launching malicious attachments and conducting well-coordinated phishing attacks, according to security company Kaspersky Lab.
Email and search engines were the most popular targets, accounting for 31.9 percent of attacks, with social media in second with 23.8 percent, and financial and payment organizations slotted in third with 13 percent. The most notable target in April was Chinese telecommunications company Tencent, with criminals seizing user logins and passwords.
"Last month, we saw a new wave of so-called pump and dump spam," said Tatyana Shcherbakova, Kaspersky Lab Senior Spam Analyst, in a press statement. " The scammers behind these mailings advertised offers to buy stock in a certain company at super low prices, which were allegedly meant to increase considerably in the near future. As a result, the demand for the stock in the company rose, the prices became artificially inflated - and the scammers would then sell off their stock in said company. The stock prices would then begin to fall, and the bamboozled investors were left with depreciated shares and lost their investments."
Marcel Lazar Lehel, operating under the hacker pseudonym "Guccifer," was convicted by a Romanian court and sentenced to serve four years in prison. Lehel has a day job serving as a cab driver, but his miscellaneous activities are what led him to be arrested in January - and already has a three-year suspended sentence that could force him to spend even more time in prison.
In late May, the hacker admitted to illegally accessing email accounts, targeting Romanian government officials, celebrities, and other well-known personalities. In addition, "Guccifer" targeted former U.S. President George W. Bush, along with several of Bush's family members, in his global hacking operation.
"The aggrieved parties Corina Cretu and George Cristian Maior did not turn into civil claimants ... the defendant is obliged to pay $3,400 in legal fees to the state," according to the Romanian government.
The British government should severely punish cybercriminals responsible for "serious" cyber-based attacks, according to the Queen. Following a recent speech, it seems a recently proposed crime bill will ask for possible life sentences if hacking leads to "loss of life, serious illness or injury or serious damage to national security, or a significant risk thereof."
The Computer Misuse Act of 1990 would also be modified, so criminals conducting industrial espionage operations would receive additional jail time. Instead of a 10-year sentence for attacks that lead to "a significant risk of severe economic or environmental damage or social disruption," the modification would call for a 14-year sentence.
"It's good to see government trying to be proactive to put specific law enforcement tools in place before they're needed, but they should be careful to not accidentally criminalize good faith efforts," said Beau Woods, I Am The Cavalry security expert.
New evidence has been presented to a court in defense of Pirate Bay founder Gottfrid Svartholm, who last year was extradited to Denmark and remains in custody.
Svartholm was accused of illegally accessing the mainframe of CSC. But now new evidence has emerged that, according to TorrentFreak, backs up the theory a third party was using Svartholm's PC.
A February investigation of Svartholm's computer apparently reveals hundreds of suspicious files. His lawyer, Luise Høj, told TorrentFreak that threats on the PC could be traced all the way back to 2011, some of which could potentially have permitted backdoor access into the computer.
A German startup that's promising to deliver a secure private server free from government snooping has reached its $1 million crowdfunding target in just under an hour and a half.
Protonet hit over 100,000 euros on the crowdfunding service Seedmatch in minutes, before sailing past the $1 million mark 89 minutes after going live, IBTimes reports. Protonet's product aims to combine the best of server capabilities, according to the company, with the security and control of local hardware.
"We offer location independent data access, a though through social collaboration platform and all this with no necessary maintenance and installation," the company says on its website.
A recently discovered Trojan targeting Google Android turns out to be a nasty piece of ransomware, encrypting files on a compromised user's device. The Android/Simplelocker ransomware demands a small payment of about $22 in that must be paid to the Eastern European cybercriminals behind the malicious software.
The Trojan scans for the following file formats on a phone's SD card: jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4, which will be encrypted and made inaccessible.
"File-encrypting malware has proved to be a lucrative criminal enterprise so it is unsurprising that Android has become a new target," said Dr. Steven Murdoch, University of Cambridge security researcher, in a statement. "Smartphone users should be very cautious of installing software from sources other than the operating system-provided application store, and should pressure their phone supplier to promptly provide security updates to defend against known vulnerabilities."
A privacy campaigner for "Stop The Cyborgs" has come up with a novel way to prevent being recorded by a Google Glass wearing Glasshole - a simple program that knows when Glass is being used and prevents it from connecting to a network.
The program will no doubt be to the chagrin of the Valley's Glass-wearing enthusiasts, as it prevents it from connecting to the cloud completely. But Stop The Cyborg's Julian Oliver claims it's a hassle-free approach to gaining some privacy in public places.
"To say 'I don't want to be filmed' at a restaurant or playing with your kids is perfectly OK," he said, speaking with Wired. "But how do you do that when you don't even know if a device is recording? This steps up the game. It's taking a jammer-like approach."