Hacking, Security & Privacy - Page 49

RSA 2014 - PC and server maker Hewlett-Packard and security solutions company Trend Micro have teamed up to introduce new software to defend against targeted attacks. The new effort combines Trend Micro's Deep Discovery with HP's TippingPoint, with the new solution aimed at effectively detecting, reporting, and blocking data breaches.

HP relies on software and vendor products to help keep its PCs, servers, and other products protected - and creating custom partnerships will allow for a great opportunity to keep products more secure.

"Cyber criminals are going well beyond traditional malware and conventional attack vectors, and enterprise need protection that keeps pace and adapts faster than the adversaries," said Rob Greer, HP TippingPoint Enterprise Security Products, in a statement. "Collaborating with pioneering security companies like Trend Micro supports our mission to deliver the most comprehensive solutions on the market to block and remediate advanced threats."

To help companies trying to embrace the "bring your own device" craze, Dell has launched its SonicWall mobile security platform for managed and unmanaged tablets and smartphones.

Dell included SonicWall Mobile Connect 3.0 and SonicWall secure remote access (SRA) 7.5 with its latest software update, giving administrators new abilities to ensure their networks are as secure as possible.

"In today's mobile workplace, it is vitally important to enable remote and mobile employees to maintain their productivity without compromising network security," said Patrick Sweeney, Dell Security Products Director of Product Management, in a press statement. "The co-mingling of business and personal applications and data on mobile devise presents an even greater challenge to IT when it comes to providing users with mobile access to everything they need to do their jobs, but still protecting corporate data - in-flight, at rest on the device, and on the network - from the multitude of threats posed by mobile devices."

Hewlett-Packard wants to push the boundaries of cyber threat collaboration, hoping to bring organizations together in an effort to share threat intelligence.

In 2013 alone, companies across the world spent an estimated $46 billion to counter cyberthreats - but the number of attacks actually increased 20 percent - and HP hopes to reduce the number of attacks.

"Collaboration is fueling unprecedented innovation in the criminal marketplace, enabling the ecosystem of adversaries to stay ahead of our defenses," said Art Gilliland, HP Enterprise Security Products SVP, in a press statement. "Crow-sourced threat intelligence from our vast community of customers, partners and researchers is essential in this battle against cyercrime; we need to stop chasing silver bullet technologies and start sharing actionable intelligence through our solutions, expertise and best practices if we are going to compete and win."

Around 80 percent of the top 25 small office/home office (SOHO) wireless routers available on Amazon are susceptible to security vulnerabilities that put users at risk, according to research recently compiled by security and compliance company Tripwire.

The Tripwire Vulnerability and Exposure Research Team (VERT) also found that 34 percent of the top 50 best-selling routers have publicly documented exploits out in the wild.

"Unfortunately, users don't change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious web sites, browser plugins, and smartphone applications," said Craig Young, Tripwire security researcher, in a press statement.

Following former NSA contractor Edward Snowden's disclosure of widespread spying by the U.S. government, there has been a massive push to develop privacy-centric software and hardware. During the 2014 RSA Conference, which begins on Monday in San Francisco, data security and privacy solutions will be demonstrated at a frantic time in the industry.

In addition to the "Blackphone" being publicly unveiled, Google Android apps to better protect smartphones and tablets from sophisticated malware will also be shown off. Software security company AVG plans to release a "privacy fix" to identify what information companies can easily find about individual users.

If government snooping wasn't enough, the Android OS is being targeted with malicious apps, while PC users are under fire from advanced malware.

Companies searching for new methods to keep networks safe and defend against cyberattacks are increasingly turning to strong authentication and one-time passwords, according to market research firm Frost & Sullivan.

Strong authentication is the technique used by banking and financial institutions, while one-time passwords are single-use passwords that better protect against phishing and other security breaches.

Smaller boutique security vendors have popped up to help fill the void in a booming security market. Since more companies and consumers are scrambling for security solutions this will lead to a market of acquisitions as larger companies gobble up smaller, niche security firms.

Mobile app infections in the Google Play app store have increased almost 400 percent from 2011 to 2013, according to online security group RiskIQ. Just three years ago, there were around 11,000 malicious apps available in the store, but that drastically increased to at least 42,000 by 2013, with Google trying to continue to fight back.

Around 12.7 percent of apps in the store are said to be compromised, with less than a quarter of the apps removed. The following categories were targeted the most: personalization, entertainment, education/books, media/audio video, and sports apps, according to RiskIQ.

"The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data," said Elias Manousos, RiskIQ CEO, in a press statement. "Malicious apps are an effective way to infect users since they often exploit the trust victims have in well known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants."

Google recently acquired an Israel based startup called 'SlickLogin', which indicates that the company is making plans to replace passwords and even two-factor authentication methods with an inaudible sound unique to your phone and Google login.

SlickLogin has a patented technology where your passwords and two-factor authentication setups can be replaced with a unique and inaudible sound. Once enabled, the website's login page would typically listen to this inaudible sound via your phone and then granting access to your account. This could solve a lot of problems and overcome the possibility of your email account being hacked by someone. All you have to do is hold your smartphone near your PC with the website's login page, and the access will be granted.

The startup's team seem to be excited to work with Google, as they said that the company has been working on some great ideas to make internet safer for everyone.

American attorneys were caught up with the NSA's global surveillance program, as an unnamed U.S. law firm representing an overseas client currently in a bitter legal battle with the U.S. government. Specifically, the Australian and U.S. governments agreed to share information on a law firm that was retained by the Indonesian government - and information protected under attorney-client privilege was likely included.

Attorney-client privilege isn't protected from NSA eavesdropping, though the American Bar Association demands attorneys to "make reasonable efforts" so confidential information isn't shared with others.

There has been growing concern that governments conducting spying and surveillance could breach attorney-client privilege with little recourse.

Former NSA analyst Will Ackerly and his brother, John Ackerly, are the co-founders of Virtru, a startup security company helping users encrypt e-mails and digital communications. Unlike other encryption solutions, Virtru allows users to encrypt information - and send it - and has an extremely easy user interface to ensure neither user needs to be overly tech savvy.

The Virtru plugin easily and quickly encrypts e-mails and other contents using AES 256 encryption standard, and senders must have the plugin installed. However, recipients only need to authenticate their identity with an e-mail address, and Virtru holds the decryption key.

"What we've tried to do - and what's different from what a lot of encrypted communication tools out there have done - is really spend time to integrate the encryption technology directly into Gmail, Yahoo, Outlook.com," John Ackerly, Virtru CTO, in a statement to the media.

In the continued battle against cyber warfare, the FBI recently opened the door to security experts willing to share information about malware. Specifically, the Investigative Analysis Unit (IAU) wants to create "global awareness of the malware threat" in anticipation of what lies ahead in the future. The request for quote (RFQ) is a unique effort to purchase malware so the FBI intelligence services are able to try and reverse-engineer the security threats.

The FBI is currently seeking security firms to submit malware samples for federal computer teams to learn more about how the malicious software is made and distributed. Executive files, digital media files, exploited code, and Office documents will be collected, though security experts are welcome to try and stump the FBI with select malware.

Sophisticated malware continues to plague desktop and mobile users, with malware targeting Microsoft Windows, Linux, and Apple OS X/iOS.

For many years now, Malwarebytes has been a staple in many Windows users anti-virus / anti-malware toolbox. It gained this position not only because it works so well, but because it was a powerful solution that was completely free. Today the company announced that Malwarebytes 2.0 will be moving away from its free to download model be moving away from a lifetime licence model, and will instead move to an annual subscription licensing model.

The company says that Malwarebytes 2.0 will cost users $24.95 per year with a licensing covering three separate PCs, a fee that is much cheaper than many of the big-name anti-virus programs on the market. "As more and more people have come to rely on us for malware protection and cleanup, our costs in bandwidth, hosting fees, infrastructure, salaries of our researchers, QA department, and more have grown immensely," explained Kleczynski, CEO of Malwarebytes. "Though our company is about more than just making money, we are a company and we do have to make money to pay our staff to continue doing what they love, which is fighting malware. The subscription model will help us to be sustainable for the future while staying true to our roots that we will always make malware cleanup free for everyone"

Malwarebytes says that its customers who have already purchased lifetime licenses will not need to pay the annual subscription fee, and the company will continue to offer lifetime licenses for a short period to ease the transition for those users who have wanted to take the lifetime plunge, but have yet to do so. What do you think about Malwarebytes moving to a paid version only model to a annual subscription over lifetime license model, and will you be jumping in to grab one of the few lifetime licenses left?

A point-of-sale malware designed to steal debit and credit card information has been found on systems in 11 different countries, according to security company RSA. Dubbed ChewBacca, the malware was first discovered in late October, and has been found on in-store POS, directly blamed for stealing at least 49,000 account numbers to date.

The Tor-based malware threat communicates with the Command and Control (C&C) server using the anonymous Internet network - protecting the IP addresses of controllers. ChewBacca has proven successful in encrypting traffic and slipping through network-level detection, despite being a relatively simple piece of malware.

In-store POS threats, typically malware to steal customer information, typically go unnoticed, but consumers are becoming more aware of current threats. Criminals want to do whatever is necessary to steal data that they can either use, trade, or sell to other criminals - at the expense of retailers and consumers.

U.S. officials are still trying to come to terms with former NSA analyst Edward Snowden's spying disclosures, with James Clapper, the Director of the National Intelligence, demanding his journalist "accomplices" return leaked documents.

Clapper didn't place blame on specific "accomplices," but reporters at The Guardian, for example, would likely be an obvious choice.

Clapper's spokespeople later clarified and said the U.S. official "was referring to anyone who is assisting Edward Snowden to further threaten our national security through the unauthorized disclosure of stolen documents related to lawful foreign intelligence collection programs."

The founder of the SpyEye malware, Aleksandr Andreevich Panin, recently pleaded guilty to federal conspiracy and bank fraud charges. The Russian citizen was extradited to the United States early last year, and will be sentenced on April 29, where he will almost certainly receive a prison sentence.

SpyEye was reportedly created in 2009 and remotely infected PCs so cyber criminals could access personal information, including bank accounts, usernames and passwords. Panin sold licenses to the software from $1,000 up to $8,500, with more than 150 global clients using the malware to steal information.

"As several recent and widely reported data breaches have shown, cyber attacks pose a critical threat to our nation's economic security," said Sally Yates, U.S. Attorney of the Northern District of Georgia, in a statement. "Today's plea is a great leap forward in our campaign against those attacks."

Arts and crafts store Michaels is the latest to suffer a data breach, with the Secret Service now lending a hand in the follow-up investigation, the store confirmed over the weekend. Suspected cyber criminals have stolen credit and debit card numbers, immediately sharing news of the breach once it was confirmed.

At least four financial institutions have identified fraudulent activity for card holders after recently shopping at Michaels.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," said Chuck Rubin, Michaels CEO, in a statement. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges."

Former National Security Agency (NSA) IT contractor Edward Snowden could be able to stay in Russia for more than one year, as the Russian government said they don't plan to send him packing.

Snowden, currently in Russia on a temporary one-year asylum, has offers from Brazil and several Central American countries interested in taking him in - but Alexy Pushkov, the Russian Foreign Affairs Committee legislator, noted that Snowden could stay longer. The 30-year-old American is now free to stay in Russia, working for private Russian companies, until he is ready to return back to the U.S.

During a recent online chat, Snowden said he would like to one day return to the United States, but that cannot happen unless he's granted protection under the federal Whistleblower Protection Act - which doesn't apply to former government contractors. Meanwhile, Snowden continues to claim he didn't carry out actions for Russia or any other foreign government, though some U.S. lawmakers still aren't so sure about that.

Edward Snowden, the former National Security Agency (NSA) IT contractor now living in Russia following his high-profile data leak, won't return to the United States until current laws are changed. The federal Whistleblower Protection Act isn't applicable to former government contractors, which means he could face significant legal trouble if he returns to the United States.

"Returning to the U.S., I think, is the best resolution for the government, the public, and myself, but it's unfortunately not possible in the face of current whistleblower protection laws," Snowden said in response to a question about getting a fair shake if he one day returns to the United States.

It seems highly unlikely Snowden will return to the U.S. unless he's offered immunity by the U.S. government, which is something the White House hasn't recently discussed publicly. It seems that the NSA and other government agencies would be able to learn from Snowden, but he won't touch U.S. soil just to face possible espionage charges.

The United States government believes National Security Agency (NSA) whistle blower Edward Snowden possibly received support from the Russian government.

"I don't think Mr. Snowden woke up one day and had the wherewithal to do this all by himself," said Rep. Michael McCaul (R-Teaxas), in a recent TV interview. "To say definitively I can't answer that, but I personally believe he was cultivated by a foreign power to do what he did. Again, I can't give a definitive statement on that, but I think given all the evidence I know Mige Rogers has access to, that I've seen, that I don't think he was acting alone."

Snowden has evolved into an enigma since his public data breach last year, as the former CIA technical assistant received a GED and dropped out of a Maryland community college. Described as a "geek," it seems shocking that he would eventually find his way to the U.S. government contractor Booz Allen Hamilton - and would remain there until he quickly left for Hong Kong in 2013.

Cyber security threats continue to plague users and businesses trying to defend against increasingly sophisticated and well-executed attacks, according to the Cisco 2014 Annual Security Report. Cyber security is a major business as Cisco and other companies develop cyber security efforts to protect end-users and businesses.

Overall cyber attacks increased 14 percent in 2013, with select industries facing a staggering number of attacks designed to steal information and disrupt day-to-day operations. The pharmaceutical, agriculture, mining, chemicals and electronics industries all saw an increase in malware aimed at compromising systems - a whopping growth of 600 percent - while energy, oil and gas industries saw a 400 percent increase in malware and cyber attacks.

"Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies - that that starts with empowering defenders with real-world knowledge about expanding attack surfaces," said John Stewart, Cisco Chief Security Officer, noted in a press release. "To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods - before, during and after an attack."