TweakTown NewsRefine News by Category:
The U.S. House Judiciary Committee has voted 32-0 in approval of a modified version of the USA Freedom Act, requiring the National Security Agency (NSA) to receive approval from the Foreign Intelligence Surveillance Court before seizing phone records. The bill will now have to be approved by the House floor, and would help clamp down on ulk phone collection programs.
Despite political efforts to ensure the NSA - or any other U.S. government agency - is able to illegally collect data on citizens, privacy experts warn more legislation in the future will be needed.
The EFF had this to say: "The new version of the USA FREEDOM ACT is a strong first step to undoing the damage of the government's tortured interpretation of the PATRIOT ACT. The Judiciary Committee should be commended for moving the conversation on reforming the NSA's activities forward. We urge Congress to support this bill and to support additional privacy protections to address outstanding issues, whether through amendments or other legislative vehicles."
Spammers are enjoying a new technique in which they imitate messages from legitimate mobile applications, and the United States is the most targeted country for spam, according to a new report from Kaspersky Lab. However, total spam email traffic decreased 6.42 percent to 66.34 percent, though spammers are becoming more creative with their strategies.
China, the United States, and South Korea remain the largest spam sources - and the priority for cybercriminals remains stealing confidential data.
"Recently we have seen a growth in the number of attacks targeting mobile users," said Darya Gudkova, Kaspersky Lab Head of Content Analysis & Research Department, in a press statement. "Gadgets have become popular even among those who had little interaction with computers and are less familiar with computer security. This opens up new vectors of attacks for spammers and phishers. To protect themselves, users should remember not to open emails from unknown senders and especially not to click any links in these emails, which inevitably pose a risk to user security. Clicking unsafe links threatens user security regardless of which device is used - they pose a danger to desktop computers and mobile gadgets alike."
After learning he's the target of a $32 million lawsuit from the Ultimate Fighting Championship (UFC), accused pirate Steven Messina says he suffers from mental illness and can't afford the significant civil lawsuit. The parent company of the UFC, Zuffa, is now seeking $150,000 for every act of infringement, $110,000 for using UFC content without permission, and $60,000 for intercepting UFC content, plus legal fees.
The UFC says Messina made money from the pirated streams, though he refutes the accusation: "Most of the time I barely had enough to cover an event's cost after donations and would use my own money saved from medication and doctors. In total, I've probably made no more in a year than $450-$550 in donations. But that just helped me pay for a few months of medical expenses, as well as maybe four or five fight cards. I always ended up paying out of my own pocket though, as I've had money from my previous job saved in my checking account."
Zuffa will continue to fight against organized piracy that streams its events, especially pay-per-view fight cards, and is currently interested in targeting websites that host the events. Regardless of what happens from this outcome, there are numerous ways to illegally stream content.
Cybercriminals are using social engineering techniques to exploit trust and compromise users, now finding mobile apps a great method to infect smartphones and tablets. Many mobile users, especially those unfamiliar with security measures, are willing to click suspicious links and install third-party applications.
"To protect themselves, users should remember not to open emails from unknown senders, and especially not to click any links in these emails, which inevitably pose a risk to security," said Darya Gudkova, Kaspersky Lab head content analysis, in a statement to CIO. "Clicking unsafe links threatens user security regardless of which device is used - they pose a danger to desktop computers and mobile gadgets alike."
Malware creators are becoming more creative in their efforts, and find phishing to be a successful technique to compromise users.
The Cryptolocker ransomware, which previously only targeted Microsoft Windows machines, has shifted towards the open source Google Android operating system.
"If you land on it with Android then you'll be redirected to a website that will push the download of the APK to the mobile without interaction," a security researcher said. ""Note: no installation. User has to do an action. So it's social engineering... the locker is kind of effective. You can go on your home screen but nothing else seems to work. Launching Browser, calling apps, or 'list of active task' will bring the locker back."
A survey published earlier in the year found that 40 percent of companies infected with Cryptolocker chose to pay the ransom - everyone else is left to rely on system backups to restore files. In addition, cybercriminals are finding other forms of ransomware to be successful attack methods to compromise systems, and receive payment to limit additional harm.
The overall number of Microsoft Windows vulnerabilities has increased 12.6 percent year-over-year, according to the Microsoft Security Intelligence Report (SIR), covering July to December 2013. During Q3 2013, 5.8 of every 1,000 Windows computers reportedly suffered from malware infection - and jumped to a whopping 17 computers per 1,000 during Q4.
However, severe Windows vulnerabilities reportedly declined 70 percent between 2010 and 2013 - as Microsoft continues to increase security - but the sophistication of current threats are giving computer security companies fits. Cybercriminals are using social engineering to get users to click on malicious links, or install malware bundled with legitimate software, the report also indicates.
Malware authors are finding a great market, in which they can launch mass attacks for a low price and little risk of being prosecuted. To make matters worse, next-generation malware is able to easily circumvent anti-virus software that traditionally kept PCs more secure.
Google remains an outspoken critic of mass surveillance operations by the National Security Agency (NSA), but it appears both sides were exchanging a large amount of emails. NSA Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt exchanged emails - including personal meetings and invitations to briefings and meetings.
At least one meeting, between U.S. government departments and Silicon Valley tech leaders, was focused on Enduring Security Framework - with a focus on mobile security.
Despite the emails, Google gave the Huffington Post this statement: "We work really hard to protect our users from cyberattacks and we talk to outside experts, including occasionally in the US government, to ensure we stay ahead of the game."
The average cost of a data breach to U.S. companies averaged $3.5 million and is a 15 percent increase year-over-year, according to a new study conducted by the Ponemon Institute and sponsored by IBM. Each lost record reportedly cost $201 each, an increase from $188 per record in 2013, as cybercriminals find success targeting select industries.
Not only are companies finding data breaches to be more costly, but retailers need to worry about customers possibly leaving if a security issue occurs. Everything from university and medical records to debit and credit card information have value among criminals, trying to steal information which can later be exploited, sold, or traded in underground forums.
From the Ponemon press release: "As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company's business continuity management team in dealing with the breach."
The Department of Defense is reportedly looking into bitcoins and whether or not the cryptocurrency is a potential terrorist threat, with the DoD Combatting Terrorism Technical Support Office division spearheading the investigation. Due to how bitcoins were designed to be owned and traded, the government is concerned that virtual currency provides a great method for terrorists to receive donations - and distribute funds.
Russia previously banned bitcoins, and Singapore created new regulation to try and prevent criminals from using bitcoins to help launder money. The idea that bitcoins could be used for money laundering seems to have the US government concerned that terrorists could use anonymity to fund operations.
Considering the concern of government snooping, critics already are sounding off to say that the DoD is launching an irrelevant investigation.
A new report states that Australian energy grids and public infrastructure face increased threat of cyberattacks, according to the Commonwealth Scientific and Industrial Research Organization (CSIRO). It's a difficult time for government agencies and private sector companies to try and combat increasingly sophisticated cyberattacks.
The CSIRO report calls for increased transparency, and additional open disclosure if a breach happens, along with trying to focus on simplifying digital systems.
"Despite recently being ranked second in the Asia-Pacific region when it comes to cybersecurity capabilities, we need to recognize that our increasing reliance on digital services leaves us potentially vulnerable at unprecedented scales," said James Deverell, CSIRO Futures Director, in a press statement. "The sheer complexity and interconnectedness of different elements of our digital economy means we can expect rapid exponential growth in the number, speed, and severity of breaches - far beyond what any single organization can tackle on its own."