TweakTown NewsRefine News by Category:
Lenovo, the No. 1 PC manufacturer based on units sold, is being accused of a "massive security risk" that allows hackers to utilize a man-in-the-middle attack to download malware onto victims' systems. Security researchers at IOActive say the vulnerability allows hackers to download malware or hijack the systems themselves.
The flaw takes aim at ThinkPad, ThinkStation and ThinkCenter products, and B, E, K, and V-series models. Lenovo was first alerted to the issue in February, and was given time to release a patch - which was made available last month - before IOActive shared the news publicly.
"An attacker can create a fake [certificate authority] and use it to create a code-signing certificate, which can then be used to sign executables," according to the advisory. "Since the System Update failed to properly validate the certificate authority, the System Update will accept the executables signed by the fake certificate and execute them as a privileged user."
Yahoo Labs has introduced Bodyprint, a new biometrics technology that could one day allow users to unlock a smartphone using a scan of their ear instead of a fingerprint or password.
In addition to scanning a user's ear, Bodyprint was able to identify fingers, palms, knuckles and fists, so devices could be locked and unlocked. Even though touchscreen input resolution is fairly low, using the surface area of the screen allows body parts to be accurately matched 99.98 percent of the time.
The use of biometric fingerprint scanners designed to authenticate users can be found in higher-end smartphones, but the technology is still relatively expensive - due to a high-end sensor and required resolution to make them function well.
Hunter Moore, the "king of revenge porn," hired Charlie Evens when he was 23-years-old to hack into women's social media and email accounts. Evens sold images and videos for Moore's website, IsAnybodyUp.com, making between $500 and $1,000+ a week for his services.
It wasn't anything personal against the women that made their way to IsAnyoneUp, as Evens was fresh out of rehab and needed money to fund partying: "It was enough. I mean, not that anything is enough, but it's just scary how quickly I would drop my morals for so little. How much those women were worth, it was like $500 a week, $1,000 a week. It was just pay. I mean it was really just my habit. Like I needed to drink... I know nobody wants to hear that, but it was a really shitty time for me," Evens told CNN.
Evens also discussed how hacking victims was "a little maneuvering and manipulating... lying and using people" to breach their email or social media. His crimes led him to be indicted by the FBI for conspiracy, unauthorized access to a protected computer, and aggravated identity theft. The former hacker says he still battles with how he can apologize to the countless people whose private information was posted online without their permission.
During a siege against the White House's unclassified computer system, Russian hackers read through some of President Obama's emails, according to US officials.
Even though Obama's BlackBerry and iPad weren't breached in the incident reportedly linked back to Russia, the hackers were able to read emails sent and received by the president. Exact information related to what the emails contained is unknown, and no classified data was accessed or collected.
Sensitive information actually was stored on the unclassified system that cybercriminals gained access to, and details regarding the breach are more alarming than previously reported. It's not uncommon for unclassified networks to contain political email exchanges between government officials and foreign diplomats, legislation discussion, policy debate, and schedules.
Even though mobile malware targeting the Google Android operating system is increasing, actual infection rates are still relatively low, according to cybersecurity experts. Unfortunately, it looks like almost 1 out of every 5 Android apps were "malware in disguise," according to the newest Symantec Internet Security Threat Report.
Over one-third of all Android apps are "madware," or "grayware," designed to increase the number of ads that a mobile user sees. In addition, Symantec noted the first infection by mobile ransomware, which encrypts data on a victim's phone until a ransom is paid.
Android, the No. 1 mobile OS based on market share, has an open infrastructure that makes it even more flexible to use by each phone manufacturer - but also gives cybercriminals the ability to create better malicious apps.
There might be numerous instances of mobile malware in the wild, but the matter is overhyped and not as frightening as perceived, according to advanced threat detection firm Damballa. It turns out you're more likely to be struck by lightning than suffer a mobile malware infection.
In network traffic monitored in 2014, 9,688 of 151 million mobile devices tried to access black list domains from mobile devices. Mobile operators are focusing more on security for smartphones and tablets, which is making it more difficult for malicious apps to compromise devices.
"This research shows that mobile malware in the United States is very much like Ebola - harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection," said Charles Lever, senior scientific researcher at Damballa.
Cybercriminals launching ransomware attacks typically demand immediate payment with very little paper trail - and that often means relying on bitcoin transactions. However, the anonymity of bitcoins is now being overlooked due to the volatility of the cryptocurrency, with hackers converting the funds quickly.
The cyber group responsible for infecting users across the world with Cryptolocker likely made over $3 million before it was targeted by investigators. Besides pre-paid cash cards, bitcoins - which were once valued at more than $1,100 each, but now worth less than $250 - make it less appealing for money laundering behavior.
"I've seen this discussion in underground forums among Russian criminals," said Etay Maor, senior fraud prevention strategist of IBM Security, in a statement to The Register. "They use Bitcoin for the money laundering part and take payment with it, but they'll move it out almost immediately. Most of them won't keep bitcoins - they don't like the valuations Bitcoin has - so they just use it as a layer of obfuscation, and move it to a different form of money."
Venture capitalists are pouring money into cybersecurity companies, with high-profile data breaches still capturing headlines. Security companies supported by VCs in the United States generated a massive $1.77 billion in 2014, a figure higher than the previous record of $1.62 billion generated in 2000, according to statistics.
There is increased flexibility in the cybersecurity sector, with companies providing protection to consumers, corporations, hardware infrastructure, software, and specialized niche services.
As the Internet of Things (IoT) generates headlines for its beneficial flexibility for consumers, there is an underlying concern related to connected security. "It's a huge threat," said Alex Doll, founder of the TenEleven Ventures capital firm focusing on information security, in a statement to the Wall Street Journal. "It's great that everything is connected, but all that data is one click away" from being hacked.
Continued cyberattacks against US residents rack up an impressive number of victims, with twice as many Americans reporting a breach following year-over-year statistics analysis. Unfortunately, one in five consumers say they suffered a credit score hit due to identity theft - and financial experts recommend shoppers request a credit report to check on any problems.
However, eight in 10 Americans note they have become more proactive in protecting their own personal information, as more than half of surveyed consumers aren't entirely sure if companies can keep personal data safe.
"The increase in data breaches affecting personal information has given consumers significant cause to be cautious about their activities, both online and off," said Ernie Almonte, chairman for the American Institute of CPA's National CPA Financial Literacy Commission, in a statement published by MoneyWatch.
The United States government understands it is a prime target for cybercriminals across the world, especially organized crime and state-sponsored hackers trying to conduct cyberespionage. John Carlin, Assistant Attorney General for National Security, spoke during RSA about the mentality of teaching foreign actors "that it is not okay to steal from American companies."
Even though the NSA has sophisticated cyberespionage capabilities, the government didn't pay enough attention to keeping critical infrastructure secure. The government is trying to catch up and will make changes, but is ready to put political and economic pressure on select governments for their cyber actions.
However, there are more aggressive tactics possible, including the indictment of five senior leaders of the People's Liberation Army (PLA) in China last year - and economic sanctions placed on North Korea for its reported involvement in hacking Sony.