Hacking, Security & Privacy News - Page 85

Banks and other financial institutions are embracing biometrics as a next-level security platform, helping prevent against fraud and theft, according to a report published by the Global Industry Analysts (GIA) research group.

Fingerprint recognition is the most popular form of biometrics security, with high accuracy and relatively low deployment costs.

Most common biometric security tend to be fingerprint verification, hand-geometry recognition, speech recognition, and iris and retina scanning technologies. Each has significant advantages and disadvantages, leading some companies to adopt multiple types of biometrics. However, it's not cost-effective to install and maintain multiple layers of security, unless necessary, with each different solution needing a complex infrastructure.

Most cybercriminals want to exploit vulnerable networks and make a profit as quickly and easily as possible - and that includes compromising non-profit groups, even trying to conduct organized extortion. Hackers recently hijacked the crisis line of The Bridge for Youth, a Minnesota non-profit aimed at helping homeless adolescents in the state.

It seems The Bridge was hit with phone spam that was able to hijack phone lines and Internet access - and criminals will hold the lines for ransom, in exchange for monetary payment. Instead of paying the criminals, under police guidance, they refused - and then redirected the line to an answering machine - and worked with other non-profits to set up a new phone line.

"We had to shut down our crisis number of 35 years last Tuesday," said Dan Pfarr, The Bridge for Youth Executive Director, in a statement to the Minneapolis Star Tribune. "The guys who took over our crisis line wanted money. We told them we work with distressed families and kids at the low point of their lives. That we deal with lives. We can't have abused kids or parents... calling in and getting a busy signal."

Up to 168,500 patients of the Los Angeles County Department of Health Services are at risk after thieves broke into the Sutherland Healthcare Solutions (SHS) office and stole PCs with personal information.

Included in the data breach: Names, Social Security Numbers, birthdates, addresses, medical diagnoses, medical and billing information. The Southern California SHS office was broken into on February 5, and the company is now working with law enforcement - and reviewing its internal policies to try and prevent a similar breach from happening in the future.

"We take this incident very seriously and are taking the necessary precautions to protect all patient related information from theft or criminal activity," SHS said in an open memo. "We and Los Angeles County are actively working with law enforcement."

During his speech at the SXSW technology conference in Austin, Texas, Google chairman Eric Schmidt had some damning words to say about the Chinese, and the NSA. SChmidt said that government attacks from China, and the US, forced Google to boost its security protocols.

Schmidt said that governments around the world have come to the realization that trying to block Internet access to its citizens are futile, and that they have moved onto other methods of control. He said: "You don't turn off the Internet: you infiltrate it. The new model for a dictator is to infiltrate and try to manipulate it. You're seeing this in China, and in many other countries."

The Google chairman was pressed about the role of technology in uprisings, such as the one in the Ukraine right now, where he said that the spread of mobile devices has allowed people to organize much more easily, but although "revolutions are going to be easier to start," they'll also be "harder to finish."

Companies infected with the Cryptolocker ransomware are willing to pay up, with 40 percent of companies hit sending around $500 to recover files.

Cryptolocker is plaguing companies, encrypting certain file formats that cause workplace disruption, which is likely why companies are so quick to make a payment to cybercriminals overseas.

"If the results reported on the rate of Cryptolocker victims who pay a ransom are to be strengthened by further research, these figures would be extremely troubling, netting criminals behind the ransomware hundreds of millions." said Dr. Julio Hernandez-Castro, University of Kent School of Computing professor, said in a statement. "This would encourage them to continue with this form of cybercrime, potentially prompting other criminal gangs to jump into an extremely profitable cybercrime market."

Target is restructuring following a massive data breach in which the retailer was warned of security issues beforehand, and cybercriminals were able to deploy malware on the company's in-store point-of-sale machines.

"It's a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model," said Brian Sozzi, Belus Capital Advisors CEO, in a statement to Reuters.

Jacob is the first Target executive to resign - and it's possible others will either receive walking papers, or "quit" - and an interim CIO will be chosen to help move Target's cybersecurity forward. It seems shocking that Jacob didn't quit earlier, or that CEO Gregg Steinhafel didn't show her the door earlier, but expect the company to find an external hire next.

Tablets and smartphones helped force users into a mobile lifestyle, in which e-mails, content, work, and entertainment need to be optimized for non-PC devices.

Businesses risk downtime, lost productivity, legal problems, and possible customer backlash if data is compromised, especially due to negligence, and presents a unique problem.

"I haven't seen a lot of good products to add to tablets and smartphones - yet," said Bruce Campbell, Clare Computer Solutions VP of Marketing, in a statement to TweakTown. "While malware for these devices is on the rise, the more common problem is these devices being lost or stolen with personal or company data. Software that will enable the device to be 'wiped' clean if stolen or lost is a good idea."

Israeli Prime Minister Benjamin Netanyahu recently discussed his country's budding cybersecurity industry, which is tasked with stopping attacks from Islamist militant organizations and cybercriminal groups.

During the interview, Netanyahu was asked about companies purchasing Israeli technologies and whether they should be worried of NSA-like spying behavior.

"My point is that to build in Israel a global center for cybersecurity, in other words to prevent this spying to prevent the piracy, to prevent sabotage" Netanyahu said in an interview transcribed by BloomBerg. "You have user accounts. You have to protect them. You have bank accounts. You have to protect them. You have electricity grids. You have to protect them, traffic systems and aviation systems. All of these can be both individually and national infrastructures could be imperiled by cyber-attacks, are imperiled by cyber-attacks."

Andrew Meldrum, a 30-year-old British citizen, has been found guilty of three counts of unauthorized access to computer material after "fixing" webcams so he could remotely watch as many as three victims.

Meldrum was first suspected after one of the victims reported her computer was acting strangely, and it snowballed from there - one victim spoke with someone else, and victim 2 contacted a third victim - all three had the convicted creeper work on their PCs.

"I would like to thank all witnesses in this investigation but especially the three victims who game evidence on matters that were clearly of a private, intimate and personal nature to them," said Nick Pailthorpe, Southwark Borough CID, in a press statement. "I hope that they can take some consolation in the guilty verdict that sends out a clear message to anyone that this type of intrusion into a person's private life is not acceptable and the Metropolitan Police will support all victims and pursue all suspects."

Fruit jam and jelly company Smucker's reportedly suffered an online store data breach, with customer names, mailing addresses, e-mail, phone numbers, credit and debit card numbers, expiration dates, and verification codes at risk.

Security experts believe a sophisticated Trojan is likely to blame for Smucker's issues, with information siphoned from online web server applications.

"We are extremely disappointed this incident occurred and sincerely apologize for any inconvenience this may cause," Smucker's officials said in an online state. "Please be assured, we continue to thoroughly investigate this matter with federal authorities, and have taken steps to rectify the cause of this incident with the Online Store website."