TweakTown NewsRefine News by Category:
News of malware attacks targeting point-of-sale (POS) systems became common place in 2014, and the problems are spreading away from retailer checkouts. The d4re|dev1 (daredevil) malware is able to compromise Harmony WinPOS, Figure Gemini POS, OSIPOS Retail Management System, and QuickBooks Point of Sale - able to launch keylogging features and can be used as an advanced backdoor.
Next-generation security measures are needed to help keep POS malware in check, and that doesn't seem to be happening soon enough.
"IntelCrawler believes that such kind of devices will become the new target for cybercriminals," the company said in a blog post. "These kiosks and ticket machines don't usually house large daily lots of money like ATMs, but many have insecure methods of remote administration allowing for infections payloads and the exfiltration of payment data in an ongoing and undetected scheme."
The Southern District of Texas offered a misdemeanor plea deal to hacker Fidel Salinas, 28, just a few months after the hacker was charged with 44 felony counts of computer fraud and cyberstalking. Each count had a maximum 10-year prison sentence, totaling a potential 440 years in prison.
Instead, the suspected Anonymous-linked hacker plead guilty to one misdemeanor count of computer fraud and abuse - and must also pay $10,000. He faces up to one year in prison when sentenced on February 2, 2015, and his attorney will argue the monetary restitution is enough.
Salinas reportedly tried to access the Hidalgo County administrative website, using a script that racked up more than 14,000 access attempts. The brute force attack led county IT administrators to be locked out of the system themselves.
A well-known Ukrainian hacker, Andrey Hodirevski, is reportedly linked to the massive Target breach that hit the retailer in late 2013. Hodirevski is a prominent cybercriminal and carder, and while no public information has proven his link to the breach, cybersecurity experts wouldn't necessarily be surprised if he played a role in the operation.
"He has a high reputation and credibility among other carders and hackers," said Dmitry Volkov, head of the Group-IB computer security firm. "He is not just another carder."
There is significant concern of cyberattacks targeting retailers, exposing millions of customers, as companies seem to be unable to stop these types of attacks from happening.
Anonymous has continued its #OPKKK campaign against members of the Ku Klux Klan in Missouri, after the group brazenly challenged the hacker collective online. The @KuKluxKlanUSA Twitter account was compromised last week, and the hacking fun was only beginning for Anonymous.
I won't link directly to the dox page, but it doesn't take much imagination into how one would easily find the information posted online, courtesy of Anonymous. Frank Ancona, the "KKK Imperial Wizard," had his address, phone number, Social Security number, credit card information, and other personal information - with the dox also targeting his wife - posted online.
Anonymous also might target government websites and infrastructure in Missouri to respond for the Grand Jury failing to indict Officer Darren Wilson: "We find it disturbing that you, the grand jury, have chosen this patch as everyone will not choose to stand calm and let you choose to let him walk free. As you've seen all the riots and businesses, police cars, etc., being burned down while Anonymous shall target any Missouri government or bank sites now, so you better increase your security because we're here and we're not going to stand by and watch you let this man walk free."
Former NSA contractor Edward Snowden was disgusted by NSA and GCHQ mass surveillance activities, and disclosed the questionable actions of both agencies. However, multiple lawmakers and politicians have spoken out against his actions, saying he has put military personnel and intelligence agents at risk.
British lawmakers hope to push the Communications Data Bill, which would force ISPs and mobile service carriers to keep Internet browsing activity, social media, email correspondence, voice calls, Internet gaming activity, texting, and other records on file for a minimum of 12 months. Phone and email contact data is already retained due to the Data Retention Regulations 2014 bill.
"Consequently there are people dying who actually would now be alive," said Lord West, a former UK security minister and Navy admiral. "It is now critical that we move forward the Communications Data Bill that was paused so unreasonably because there is a very real danger that unless we do this, I think it is not exaggerating to say that people will die in this country who would have been safe if that had been in place."
Sigurdur Thordarson, a computer hacker and former Wikileaks associate, has pleaded guilty for embezzling at least $240,000 from the group. Operating under the name of "Siggi the Hacker," the Icelandic man claims he also became an FBI informant in 2011, though rejected accusations he stole any funds from the group.
"After going over the charges thoroughly and speaking with my client, he has decided to plead guilty to all charges," said Vilhjalmur Vilhjalmsson, the hacker's attorney, noted. It was a surprising announcement, but Thordarson changed his mind - and his reasoning remains unknown - but he will face sentencing in Iceland sometime in the future.
"He was a volunteer who abused his position through fraud to obtain money from T-shirts and coffee mugs just after we were imposed with the banking blockade," said Kristinn Hrafnsson, Wikileaks representative. "We lodged a complaint in Denmark pertaining to a meeting that took place between him and FBI agents in 2011. We want that to be probed on the basis that it was an illegal operation according to Danish law."
The British government requested data on one journalist as part of Operation Elveden, focused on alleged bribes made to public officials for information, and "accidentally" received data on 1,000 News UK staff. Vodafone said there was some type of human error that led to the extra data being supplied, while police officials said they returned the information.
Police wanted information focused on one journalists that worked for News UK from 2005 to 2007, and used the Regulation of Investigatory Powers Act (RIPA) to receive the data - and the information was returned back to Vodafone after about four months.
"Unfortunately, there was a human error during the processing of this information - which was drawn manually from a legacy system - as a consequence of which the Met Police were supplied with a corrupted dataset containing a significantly higher volume of metadata than had been the focus of the warrant received by Vodafone. The metadata in question relates to call logs and other information, such as pricing data, not the content or location of any communications."
One-third of consumers are careless when making online transactions, opening them up to potential security problems, according to the Kaspersky Lab Consumer Security Risks Survey. Only 58 percent of Google Android smartphone users utilize a security solution on their mobile device, and 30 percent of consumers are storing financial data on their phones and tablets.
Kaspersky offers the following advice: Don't use public Wi-Fi while shopping online, and ensure there is a mobile security solution installed if using a smartphone or tablet. Always turn off Bluetooth and switch to cellular when using a mobile device.
"When people ignore safety measures they can fall victim to cybercriminals," said Ross Hogan, Kaspersky Lab Global Head of the Fraud Protection Division. "However, the banks often end up having to pay for that negligence. With so many careless users, banks and e-payment systems operators must ensure themselves against financial and reputational risks by using specialized security solutions that can prevent cybercrime."
Home Depot is now facing at least 44 lawsuits related to its massive data breach that it suffered earlier in 2014, along with several state and federal agencies investigating the incident. The data breach hit 56 million customers, with debit and credit card information at risk.
The company expects "significant legal and other professional services expenses" from the breach, while also facing lawsuit problems in the United States and Canada. The lawsuits were filed almost immediately after the breach was publicly disclosed, and it is possible others will be filed in the near future.
The breach was likely orchestrated by state-sponsored Russian hackers, with all of its retail stores impacted.
Consumers and retailers both took a beating in 2014, with a number of significant data breaches hitting millions of victims. A recent survey found that consumers are uneasy when shopping online, along with some customers avoiding retailers because of data breach concerns. Sixty-two percent of consumers are worried about online shopping, while 23 percent said they are making less online purchases, according to information from the International Data Group and NCC Group.
Even more frightening, more shoppers expect to be victimized, with 64 percent believing they will be compromised in a data breach at least once in the next year.
"The data suggests that this could continue," said Stephen Boyer, BitSight CTO. "It's going to take some time for retailers to right this ship. If everybody had cleaned up we would see very different results. I hope that we don't see another Target-like breach this year, but when we look at the sector we see that they are actually worse off."