TweakTown
Tech content trusted by users in North America and around the world
5,981 Reviews & Articles | 38,647 News Posts

TweakTown News

Refine News by Category:

Hacking & Security Posts - Page 9

First half of 2014 saw a tremendous amount of DDoS attacks

The use of distributed denial-of-service (DDoS) attacks by cybercriminals remains an effective and affordable strategy to compromise large targets. DDoS attacks topping 20Gbps during the first two quarters of 2014 doubled when compared to all four quarters of 2013 - and there have been more than 100 DDoS-related attacks with speeds of 100Gbps or higher so far.

 

TweakTown image news/3/9/39145_01_first_half_of_2014_saw_a_tremendous_amount_of_ddos_attacks.jpg

 

Large-scale DDoS attacks are most worrisome for security experts, as thousands of compromised machines can flood targets with tremendous amounts of traffic. As more households have faster Internet service, the threat is becoming more complicated and difficult to properly prevent.

 

"The frequency of very large attacks continues to be an issue, and organizations should take an integrated, multi-layered approach to protection," said Darren Anstee, Arbor Networks Director of Solutions Architects, in a statement. "Even organizations with significant amounts of Internet connectivity can now see that capacity exhausted relatively easily by the attacks that are going on out there."

Continue reading 'First half of 2014 saw a tremendous amount of DDoS attacks' (full post)

Smart technology provides cybercriminals unique attack opportunities

The wider adoption of 'smart' technology has presented cybercriminals with a unique opportunity to compromise emerging solutions that heavily rely on Internet connectivity. Both consumer and industrial smart technologies are becoming more common place, but security protocols are struggling to keep up at the moment.

 

TweakTown image news/3/9/39144_01_smart_technology_provides_cybercriminals_unique_attack_opportunities.jpg

 

The head of Recurity Labs, an IT security company based in Germany, noted it would have been possible for him to shut off the power, water and gas supply of the southern German town of Ettlingen. Using the utility network's IT grid, Felix Lindner and his team were able to gain control of its access grid, indicating how insecure critical infrastructure is at the moment.

 

"The smart metering system has been developed to provide security controls that mitigate the risks of security compromise," a British Department of Energy and Climate Change spokesperson told Reuters. "Smart metering system security uses international standards and common industry good practices, e.g. encryption of sensitive data, protection from viruses and malware, access control, tamper alerts on meters, two-party authorization of important messages to the meters and system monitoring."

Lookout: U.S. smartphone users being targeted by mobile ransomware

A new form of malware dubbed 'ScarePakage' is targeting U.S. smartphone owners and can render devices inoperable, according to security firm Lookout. The mobile ransomware tricks users by claiming it's from the FBI, saying phone owners are being investigated for alleged crimes. Once a device is compromised, the ransomware demands "several hundred dollars" or the device will remain under control of ScarePakage.

 

TweakTown image news/3/9/39133_01_lookout_u_s_smartphone_users_being_targeted_by_mobile_ransomware.jpg

 

The ScarePakage ransomware doesn't need root administrator access, and has been designed to be overly intrusive. It runs a Java TimerTask every 10 milliseconds to prevent any other applications or processes to shut down, and stops hijacked devices from going into sleep mode.

 

"Mobile ransomware in and of itself is a fairly new tactic from malware authors and this is one of the first we've seen targeting the U.S. specifically," said Jeremy Linden, Lookout Senior Security Product Manager, in a statement to TweakTown. "That said, we are less concerned about ScarePakage distributes itself and more concerned about how difficult to remove it is. Once the application has device administrator permissions, it is very hard to regain control of the device."

Continue reading 'Lookout: U.S. smartphone users being targeted by mobile ransomware' (full post)

Stolen laptop opens up 20,000 students in South Carolina to data theft

Around 20,000 current and former students at the Orangeburg-Calhoun Technical College in South Carolina are at risk of data theft following a stolen laptop taken from a staff office. Data taken includes names, birthdates and Social Security numbers of both students and faculty going back at almost seven years.

 

TweakTown image news/3/9/39120_01_stolen_laptop_opens_up_20_000_students_in_south_carolina_to_data_theft.jpg

 

The technical college will now use encryption software on all laptops and PCs, while those affected by the data breach are being contacted. The laptop was stolen on July 7 and an investigation is currently underway to try to identify those responsible.

 

"College officials were disappointed to learn that someone entered a staff member's office on campus and removed a computer," said Kim Huff, OC Tech VP of Business Affairs, in a statement. "We are evaluating our security controls to prevent further incidents."

Continue reading 'Stolen laptop opens up 20,000 students in South Carolina to data theft' (full post)

Chinese man in Canada arrested for hacking Lockheed Martin, Boeing

A Chinese citizen living in Canada has been arrested and is accused of hacking into Boeing, Lockheed Martin, and other U.S. companies with government defense contracts. Su Bin, also known as Stephen Subin and Stephen Su, is accused of unlawfully accessing computers in the United States, according to the FBI, in an attempt to steal data on military projects.

 

TweakTown image news/3/9/39119_01_chinese_man_in_canada_arrested_for_hacking_lockheed_martin_boeing.jpg

 

Su allegedly worked with two other hackers to steal data between 2009 and 2013, with some stolen information offered for sale to Chinese companies. Specifically, they had an interest in F-22, F35, and C-17 U.S. military aircraft - along with weapons programs currently being developed.

 

"We remain deeply concerned about cyber-enabled theft or sensitive information, and we have repeatedly made it clear that the United States will continue using all the tools our government possesses to strengthen cyber security and confront cybercrime," said Marc Raimondi, U.S. Department of Justice spokesman, in a statement.

Continue reading 'Chinese man in Canada arrested for hacking Lockheed Martin, Boeing' (full post)

Google introduces 'Project Zero,' tasked with hunting down bugs

Google publicly announced its Project Zero, a new effort aimed at tracking software bugs, with a public vulnerability database also in the works. The company also recruited George Hotz, responsible for hacking the Sony PlayStation 3 and Apple iPhone, among other claims to fame, as an intern to help with the bug hunt.

 

TweakTown image news/3/9/39117_01_google_introduces_project_zero_tasked_with_hunting_down_bugs.jpg

 

The Project Zero team will focus solely on tracking down bugs - not just for Google software - to help try to keep the Internet more secure. In addition, Google wants to better understand the techniques, targets and motivations of cybercriminals, as state-sponsored hacking becomes extremely prevalent.

 

"Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," said Chris Evans, responsible for leading Project Zero.

CNET attacked by Russian hackers, more than 1 million users affected

CBS Interactive-owned tech news site CNET was recently hacked by W0rm, a Russian-based hacker group, which led to usernames, encrypted passwords and emails of more than one million site visitors. Meanwhile, CNET said it has identified the security vulnerability and has worked to fix it already.

 

TweakTown image news/3/9/39089_01_cnet_attacked_by_russian_hackers_more_than_1_million_users_affected.jpg

 

The hackers used a Symfony PHP framework security hole to carry out the database theft - and it was reportedly done to improve Internet security. W0rm previously took credit for hacking BBC, Adobe Systems and Bank of America over the past couple of years.

 

"It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it's actually a good thing," said Robert Hansen, White Hate Security Web security expert, in a statement. "W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred."

Hacker involved in $14 million theft pleads guilty to bank fraud

Qendrim Dobruna, 27, has pleaded guilty to bank fraud in a case stemming back to 2011, and could face up to 30 years in prison. Operating under the names "cL0sEd" and "cL0z," he played a part in an operation that lasted 48 hours and led to $14 million stolen - with criminals withdrawing the funds via ATMs in 20 different countries.

 

TweakTown image news/3/9/39069_01_hacker_involved_in_14_million_theft_pleads_guilty_to_bank_fraud.jpg

 

Dobruna initially decided to plead not guilty, but thought better of it before changing his plea to guilty - and will serve at least nine years. Dobruna and his accomplices chose to defraud "JPMorgan Chase, and to obtain moneys, funds, credits and other property owned by, and under the custody and control of said financial institution, by means of materially false and fraudulent pretenses, representations and promises," according to the federal government's indictment.

 

It took a growing number of cybercrime-related cases before the federal government jumped into action - but criminals conducting fraud and theft on a large scale are increasingly being targeted by police and federal agencies.

The 'Kronos' banking malware being sold on underground forums

The "Kronos" Trojan is designed specifically to steal log-in credentials and important financial information from unsuspecting users. This particular malware is being offered for use by cybercriminals, as advertising is popping up on underground forums. The ad was found on a Russian cybercriminal hacker forum, it has been recently confirmed.

 

TweakTown image news/3/9/39068_01_the_kronos_banking_malware_being_sold_on_underground_forums.jpg

 

Kronos is able to exploit Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, stealing credentials on bank websites by form-grabbing and an HTML content injection.

 

"The cybercriminal underground is a market," said Dmitry Tarakanov, Kaspersky Lab senior security researcher, in a statement to PC World. "Source code leakages and botnet shutdowns have been happening constantly but we see virus writers from time to time come up with new (or based on old but modified) banking malware. It proves that the market wants such tools."

Continue reading 'The 'Kronos' banking malware being sold on underground forums' (full post)

Apple denies its iPhone poses a threat to Chinese national security

Shortly after reports surfaced accusing Apple iPhones of posing a threat to Chinese national security, the U.S. company rebutted charges lobbied by state media. The iPhone location-tracking function is unable to identify the phone owner's activities, and instead is utilized to help speed up applications based on phone owner location.

 

TweakTown image news/3/9/39051_01_apple_denies_its_iphones_pose_a_threat_to_chinese_national_security.jpg

 

"Apple has never worked with any government agency from any country to create a backdoor in any of our products or services," an Apple statement claims. "We have also never allowed access to our servers. Apple does not track users' locations - Apple has never done so and has no plans to ever do so."

 

China has notoriously made it difficult for western companies to do business in the surging market - pressuring companies into changing features, adhering to sometimes questionable guidelines, and doing little to prevent intellectual property theft. However, companies are determined to cater to Chinese users, with a large number of first-time smartphone owners.

Latest Tech News Posts

View More News Posts
Check out TweakTown Polls on LockerDome on LockerDome

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases