Hacking, Security & Privacy News - Page 89

Google recently acquired an Israel based startup called 'SlickLogin', which indicates that the company is making plans to replace passwords and even two-factor authentication methods with an inaudible sound unique to your phone and Google login.

SlickLogin has a patented technology where your passwords and two-factor authentication setups can be replaced with a unique and inaudible sound. Once enabled, the website's login page would typically listen to this inaudible sound via your phone and then granting access to your account. This could solve a lot of problems and overcome the possibility of your email account being hacked by someone. All you have to do is hold your smartphone near your PC with the website's login page, and the access will be granted.

The startup's team seem to be excited to work with Google, as they said that the company has been working on some great ideas to make internet safer for everyone.

American attorneys were caught up with the NSA's global surveillance program, as an unnamed U.S. law firm representing an overseas client currently in a bitter legal battle with the U.S. government. Specifically, the Australian and U.S. governments agreed to share information on a law firm that was retained by the Indonesian government - and information protected under attorney-client privilege was likely included.

Attorney-client privilege isn't protected from NSA eavesdropping, though the American Bar Association demands attorneys to "make reasonable efforts" so confidential information isn't shared with others.

There has been growing concern that governments conducting spying and surveillance could breach attorney-client privilege with little recourse.

Former NSA analyst Will Ackerly and his brother, John Ackerly, are the co-founders of Virtru, a startup security company helping users encrypt e-mails and digital communications. Unlike other encryption solutions, Virtru allows users to encrypt information - and send it - and has an extremely easy user interface to ensure neither user needs to be overly tech savvy.

The Virtru plugin easily and quickly encrypts e-mails and other contents using AES 256 encryption standard, and senders must have the plugin installed. However, recipients only need to authenticate their identity with an e-mail address, and Virtru holds the decryption key.

"What we've tried to do - and what's different from what a lot of encrypted communication tools out there have done - is really spend time to integrate the encryption technology directly into Gmail, Yahoo, Outlook.com," John Ackerly, Virtru CTO, in a statement to the media.

In the continued battle against cyber warfare, the FBI recently opened the door to security experts willing to share information about malware. Specifically, the Investigative Analysis Unit (IAU) wants to create "global awareness of the malware threat" in anticipation of what lies ahead in the future. The request for quote (RFQ) is a unique effort to purchase malware so the FBI intelligence services are able to try and reverse-engineer the security threats.

The FBI is currently seeking security firms to submit malware samples for federal computer teams to learn more about how the malicious software is made and distributed. Executive files, digital media files, exploited code, and Office documents will be collected, though security experts are welcome to try and stump the FBI with select malware.

Sophisticated malware continues to plague desktop and mobile users, with malware targeting Microsoft Windows, Linux, and Apple OS X/iOS.

For many years now, Malwarebytes has been a staple in many Windows users anti-virus / anti-malware toolbox. It gained this position not only because it works so well, but because it was a powerful solution that was completely free. Today the company announced that Malwarebytes 2.0 will be moving away from its free to download model be moving away from a lifetime licence model, and will instead move to an annual subscription licensing model.

The company says that Malwarebytes 2.0 will cost users $24.95 per year with a licensing covering three separate PCs, a fee that is much cheaper than many of the big-name anti-virus programs on the market. "As more and more people have come to rely on us for malware protection and cleanup, our costs in bandwidth, hosting fees, infrastructure, salaries of our researchers, QA department, and more have grown immensely," explained Kleczynski, CEO of Malwarebytes. "Though our company is about more than just making money, we are a company and we do have to make money to pay our staff to continue doing what they love, which is fighting malware. The subscription model will help us to be sustainable for the future while staying true to our roots that we will always make malware cleanup free for everyone"

Malwarebytes says that its customers who have already purchased lifetime licenses will not need to pay the annual subscription fee, and the company will continue to offer lifetime licenses for a short period to ease the transition for those users who have wanted to take the lifetime plunge, but have yet to do so. What do you think about Malwarebytes moving to a paid version only model to a annual subscription over lifetime license model, and will you be jumping in to grab one of the few lifetime licenses left?

A point-of-sale malware designed to steal debit and credit card information has been found on systems in 11 different countries, according to security company RSA. Dubbed ChewBacca, the malware was first discovered in late October, and has been found on in-store POS, directly blamed for stealing at least 49,000 account numbers to date.

The Tor-based malware threat communicates with the Command and Control (C&C) server using the anonymous Internet network - protecting the IP addresses of controllers. ChewBacca has proven successful in encrypting traffic and slipping through network-level detection, despite being a relatively simple piece of malware.

In-store POS threats, typically malware to steal customer information, typically go unnoticed, but consumers are becoming more aware of current threats. Criminals want to do whatever is necessary to steal data that they can either use, trade, or sell to other criminals - at the expense of retailers and consumers.

U.S. officials are still trying to come to terms with former NSA analyst Edward Snowden's spying disclosures, with James Clapper, the Director of the National Intelligence, demanding his journalist "accomplices" return leaked documents.

Clapper didn't place blame on specific "accomplices," but reporters at The Guardian, for example, would likely be an obvious choice.

Clapper's spokespeople later clarified and said the U.S. official "was referring to anyone who is assisting Edward Snowden to further threaten our national security through the unauthorized disclosure of stolen documents related to lawful foreign intelligence collection programs."

The founder of the SpyEye malware, Aleksandr Andreevich Panin, recently pleaded guilty to federal conspiracy and bank fraud charges. The Russian citizen was extradited to the United States early last year, and will be sentenced on April 29, where he will almost certainly receive a prison sentence.

SpyEye was reportedly created in 2009 and remotely infected PCs so cyber criminals could access personal information, including bank accounts, usernames and passwords. Panin sold licenses to the software from $1,000 up to $8,500, with more than 150 global clients using the malware to steal information.

"As several recent and widely reported data breaches have shown, cyber attacks pose a critical threat to our nation's economic security," said Sally Yates, U.S. Attorney of the Northern District of Georgia, in a statement. "Today's plea is a great leap forward in our campaign against those attacks."

Arts and crafts store Michaels is the latest to suffer a data breach, with the Secret Service now lending a hand in the follow-up investigation, the store confirmed over the weekend. Suspected cyber criminals have stolen credit and debit card numbers, immediately sharing news of the breach once it was confirmed.

At least four financial institutions have identified fraudulent activity for card holders after recently shopping at Michaels.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," said Chuck Rubin, Michaels CEO, in a statement. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges."

Former National Security Agency (NSA) IT contractor Edward Snowden could be able to stay in Russia for more than one year, as the Russian government said they don't plan to send him packing.

Snowden, currently in Russia on a temporary one-year asylum, has offers from Brazil and several Central American countries interested in taking him in - but Alexy Pushkov, the Russian Foreign Affairs Committee legislator, noted that Snowden could stay longer. The 30-year-old American is now free to stay in Russia, working for private Russian companies, until he is ready to return back to the U.S.

During a recent online chat, Snowden said he would like to one day return to the United States, but that cannot happen unless he's granted protection under the federal Whistleblower Protection Act - which doesn't apply to former government contractors. Meanwhile, Snowden continues to claim he didn't carry out actions for Russia or any other foreign government, though some U.S. lawmakers still aren't so sure about that.