TweakTown NewsRefine News by Category:
About 18 percent of U.S. Internet users have suffered some type of data breach in which personal data has been stolen, and the problems are only mounting further, according to a recent survey by the Pew Research Center. Just six months ago, the figure stood at just 11 percent of users in the United States, with user accounts and sensitive data under continued attack.
In addition to the Social Security Number, credit card and bank account information that was compromised, 21 percent of online adults also had an email or social media account also compromised.
Many websites trying to boost security due to the Heartbleed vulnerability are finding it difficult and cumbersome, recent reports indicate. If left unpatched, Internet users could find their usernames, passwords, and other sensitive information vulnerable to theft, with two-third of the world's websites vulnerable.
It's important for companies and website owners to fix the vulnerability, as the NSA reportedly used Heartbleed to snoop on users - and there are warnings that cybercriminals will use the vulnerability as long as they can.
There are many hidden costs in trying to boost security to fix Heartbleed, which may not be appreciated until it's too late.
Accused hacker Andrew "weev" Auernheimer was released from prison following an appeals court overturning his hacking conviction, calling for the U.S. Justice Department to dismiss identity fraud and conspiracy to violate the Computer Fraud and Abuse Act indictment.
The Third US Circuit Court of Appeals found that weev should not have been charged in New Jersey, instead facing charges in Arkansas. After discovering a vulnerability in the AT&T website, weev and a co-defendant allegedly disclosed personal information of almost 140,000 iPad owners.
Although New Jersey prosecutors haven't ruled out a retrial in the case, weev's attorneys said it would be considered double jeopardy.
Around 145 million Americans currently own smartphones, according to comScore, though there is a lucrative black market for stolen phones.
A recent survey found 83 percent of consumers believe a kill switch would help reduce theft, while 93 percent of those surveyed don't want an added charge for a kill switch feature.
"My research suggests that at least half of smartphone owners would in fact reduce their insurance coverage if the Kill Switch reduced the prevalence of cell phone theft," said Dr. William Duckworth, Creighton University Heider College of Business, in a report. "Overall, it seems clear that Americans want the Kill Switch and that an industry-wide implementation of the technology could significantly improve public safety and save consumers billions of dollars a year."
The US government is increasingly concerned that cybercriminals will use Heartbleed to steal personal information, with the Department of Homeland Security asking corporate victims to step forward and report breaches.
The OpenSSL issue involved impacts two-thirds of all websites, with many companies frantically improving security to negate the threat.
"While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems," said Larry Zelvin, Department of Homeland Security National Cybersecurity and Communications Integration Center director, in a blog post.
The UK government signed a multi-million-dollar contract to continue receiving Microsoft Windows XP support, and will receive critical software security updates for one-year. As part of the deal, Microsoft will receive $9.2 million to provide support for Windows XP, Office 2003 and Exchange 2003 until next April.
"We have made an agreement with the Crown Commercial Service to provide eligible UK public sector organizations with the ability to download security upgrades to Windows XP, Office 2003 and Exchange 2003 for one year until April 8, 2015,"Microsoft said in a statement to ComputerWeekly. "Agreements such as these do not remove the need to move off Windows XP as soon as possible."
Public sector organizations have a plan to begin migrating from XP, and all necessary changes should be made before the one-year support contract is up.
A recent report published by Bloomberg says the NSA was familiar with Heartbleed and used the flaw to collect intelligence, choosing to stay silent not to compromise a valuable spying asset.
Around two-thirds of websites on the Internet have been affected by Heartbleed, and websites are scrambling to improve security.
Meanwhile, the federal government is denying using Heartbleed: "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," said Caitlin Hayden, National Security Council Spokeswoman, in a statement. "The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report."
The US Internal Revenue Service (IRS) didn't migrate from Microsoft Windows XP before the April 8 end of support deadline, and will pay millions to Microsoft for extended support.
Microsoft pulled the plug on its popular 13-year-old operating system, urging users to migrate to Windows 7 or 8/8.1. However, millions of PCs are still running XP and haven't been migrated, including many business PCs.
"Now we find out that you've been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014," said Rep. Ander Crenshaw (R-Fla), chairman of the House Financial Services and General Government subcommittee, in a statement. "I know you probably wish you'd already done that."
The Iranian government is increasing its cyberattack capabilities and wants to target government rivals, according to security company Mandiant. The country still doesn't have modernized cyber weapons at the moment, but is willing to invest time and energy into expanding its digital weapons.
Iran was reportedly behind malware attacks that infected Saudi Aramco and RasGas, in retaliation following the suspected infection of an Iranian nuclear facility by the United States and Israel.
"Although Iran has long been considered a second-tier actor behind China and Russia, recent speculation has focused on Iran's interest in perpetrating offensive network attacks against critical infrastructure targets," the Mandiant report says.
The majority of phishing emails are sent during the work week, amounting to 93 percent of activity, with the most popular day Wednesday, according to cybersecurity company Mandiant. The use of clever social engineering techniques, in which cybercriminals create unique attack methods to compromise unsuspecting users, continues to be a leading strategy that helps find success.
Mandiant studied clients in more than 30 different business industries, with 15 percent of attacks hitting the financial market, with 13 percent aimed towards media and entertainment, according to the company.
Companies trying to protect employees must teach them the basic threats that phishers use, especially in financial intuitions, which receive one-third of all phishing attempts.