TweakTown NewsRefine News by Category:
More companies face cyberattacks and potential data theft, with many C-level executives unsure how to combat these types of growing threats. CEOs should be extremely proactive to try and prevent cyberattacks, which will help protect employee and customer data from theft.
CEOs should try to join an information-sharing organization, with additional cybersecurity-focused groups starting, and run security audits. It's also important - yet typically overlooked - to monitor what access third-party vendors have, especially when it comes to sensitive information.
As popular retailer Target learned, a massive data breach can have a major ripple effect for future business efforts. Former Target CEO Gregg Steinhafel resigned just five months after the data breach, while the company also shuffled its IT team around.
The U.S. government is working on a national "biosurveillance" system that will provide an uncanny amount of personal medical records of U.S. patients, masked under national security, according to patient privacy advocacy group Citizens Council for Health Freedom. According to the group, biosurveillance efforts ramped up in 2009, when the Obama Administration created the Recovery Act, forcing doctors and hospitals to use computerized patient and medical records.
Here is what Twila Braise, Citizens Council for Health Freedom co-founder, told CBSNews: "It's very broad. It doesn't seem to have any limits, except they say something about, you know, properly protecting the data. But from our perspective, if the government gets access to this kind of data, [and] is allowed to do research with the data...then our privacy has already been compromised. The government has already said that our data is their data for their purposes of national health security."
There is growing concern the U.S. government wants to be able to utilize real-time access to electronic medical records, which can be used for snooping, or covert research and analysis.
As national governments try to better understand cybercrime, extreme publicity from high-profile attacks reported by mainstream media may have a bigger impact than the actual cybercrime itself, according to government officials.
"Therefore, despite the low probability of destructive terrorist cyberattack occurring, such an event may have a high profile impact even if unsuccessful," noted Glenn Lemons, Homeland Security senior intelligence officer, in a speech before the House committee on cybersecurity and terrorism. "Success in this may be determined by press coverage [as opposed to] destructive network activity."
Even with more press coverage, it's clear that many governments and corporations are simply unsure how to address the changing hacker mindset. Years ago, hackers focused on defacing websites and vandalism - but many have evolved to focus on political or monetary gains.
Following news this morning that eBay has been hacked and users should change their passwords, it's another stark reminder that users should be more proactive to help themselves in case a company or online service is left vulnerable. Users are the first line of PC security defense, and even if a breach happens, it's still important to know what steps to take to ensure better security.
Here is what Mike Fey, Intel Security CTO, said in a statement: "The loss of an unknown number of passwords has the potential to compromise more websites than just eBay's mainly because consumers tend to use the same password on multiple sites. We recommend a set of precautions consumers can take to protect themselves if they become aware of any incident like this."
Furthermore, Intel Security offered a few tips of advice to help keep users more secure, including changing passwords at least one every three months, monitoring credit and debit card accounts for unusual activity, and frequently tracking credit reports.
Following news earlier this month that accused a U.S. Navy sysadmin of leading a hacker group, the suspect, Nicholas Knight, 27, pleaded guilty to hacking charges. The alleged ringleader of the "Team Digi7al" hacker group, Knight and his supporters hacked everything from universities and companies to the U.S. Navy and other military assets.
During a media interview, Knight seemed to shrug off the seriousness of his alleged hacking actions: ""Essentially, I am in trouble for posting all of the stuff on Twitter. Although a lot of people are saying I was the leader of some crime organization that was out to get people, which wasn't true. [We were] just a group of people that were dumb and did dumb things."
Knight now faces up to five years in prison and a fine up to $250,000 for his actions, with another hacker group member facing the same punishment.
Lavabit founder Ladar Levison recently opened up about why he was forced to shutter his secure email service following the fallout of former NSA contractor Edward Snowden. The Lavabit email service had 410,000 users, Snowden included, and with Levison rejecting U.S. government access to encrypted email accounts, he was found in contempt of court.
When federal investigators wanted private encryption keys and user passwords of Lavabit users, Levison immediately rejected the idea. It only took a few weeks of legal proceedings that would ultimately lead to the company unraveling, and then eventually shuttering.
Here is what Levison said in an op-ed posted by The Guardian: " If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did - standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people's defense against an abuse of the state's power.
This morning, eBay announced that its internal and customer databases were compromised earlier this year. Sometime between February and March of 2014, hackers managed to compromise a number of employee accounts and were able to obtain log-in credentials that allowed them to access eBay's internal and customer databases. eBay says that the security breach remained undetected until just two weeks ago.
Customer information was stolen, and included log-in information, email addresses, encrypted passwords, physical addresses, phone numbers and date of birth information. Fortunately, the database that stores customer financial information was not compromised, and all of that information remains secure. eBay is however urging every account holder to change their passwords as soon as possible, and personally, I would suggest changing your PayPal password as well even though it was not part of the breach.
Despite widespread media attention, 75 percent of users remain unaware of Heartbleed and its potential threat to user security, according to a survey of 268,000 conducted by security company AVAST. Furthermore, 41 percent of respondents aware of Heartbleed didn't want to change passwords, saying they didn't believe they were affected.
At the very least, security experts recommend changing passwords now, with most major websites already fixing the vulnerability. Security companies continually urge users have multiple passwords, and recommend utilizing a password manager instead of trying to memorize - or write passwords down on paper - to stay secure.
Heartbleed garnered significant attention among casual users, with local newspapers and TV stations covering the vulnerability - but that still didn't ultimately change how users reacted. Earlier this month, it was estimated at least 300,000 servers were still vulnerable to Heartbleed, while the Department of Homeland Security even stepped up to offer security tips.
National Security Agency (NSA) whistleblower Edward Snowden now has his very own comic book, "Beyond: Edward Snowden," focusing on his life and decision to reveal massive surveillance programs by the U.S. and U.K. governments. The comic will be released on May 21, in both print and digital formats.
The narration begins when Snowden is 19 years old, a high-school dropout, before he turned into one of the most recognizable names in the world. Marvel Comics writer Valerie D'Orazio and Dan Lauer teamed up to create the comic book and wants to focus on "the man behind the headlines," in which he drew international media attention.
It has been a whirlwind ride for Snowden since he stepped forward as the NSA whistleblower, as he is now safely tucked away in Russia. Although many U.S. politicians believe Snowden is "under Russian influence," and German authorities wish to speak with him, the 30-year-old only turns up via Internet chats or video conferences.
The CryptoLocker ransomware continues to plague PC users in the United States and throughout the western world, with spear-phishing techniques now used to spread the payload. Specifically, companies with CraigsList postings that receive emails with attached files are being compromised, as CryptoLocker is infecting company executives, company owners, or human resources personnel.
CryptoLocker has proven to be extremely successful for cybercriminals, with forty percent of those affected reportedly paying the ransom. Unfortunately, simply removing the malware once it has been installed doesn't work - CryptoLocker is installed, but the encrypted files remain in control of the criminals.
Here is what Stu Sjouwerman, KnowBe4 CEO, said in a statement: "These methods pose a high risk for companies looking to hire as well as for individual Internet users. The cybergangs running these Crypto-variants will try any number of things to outdo each other and extort your hard earned money. Since the weakest point in any security model is the person who touches the keyboard, it is vital to educate users what to look for. Stepping them through effective Security Awareness Training will make them think twice before clicking on a link, or open a possibly infected attachment."