Hacking, Security & Privacy News - Page 86

Trying to keep PCs and devices safe from increasing numbers of cyberattacks hasn't been easy, with sophisticated malicious code targeting PCs.

Even with elevated malicious attacks in the wild, there are a few basic steps that can be done to boost defenses before something critical occurs.

The first step: "Make sure you have up-to-date Anti-Virus software - preferably not the freeware versions," said Bruce Campbell, IT outsourcing company Clare Computer Solutions, in a statement to TweakTown. "For home users, make sure you activate the Norton or McAfee that comes with the computer, and renew it every year."

Things just got a lot worse for former Bitcoin exchange, Mt. Gox. Today a Russian leakster announced that he has accessed then entire source code that ran Mt. Gox's operations. The code is only 1,700 lines long, so it is highly unlikely that the entire thing is there, but it does provide enough information to show how Mt. Gox handled Bitcoin transactions, and the methods used to transmit and receive Bitcoin hashes.

Along with the source code, the leakster / hacker claims to have a 20GB data dump of customer and employee information that includes passport scans, and every piece of contact information customers and employees entered into the system. With a breach this big, it leaves us to wonder how many other exchanges were using a part of this source code, and how many are now venerable to even more attacks now that the information is public? If you are interested, the source link below has links to the stolen code.

It's incidents like this that further undermine the security and trustworthiness of Bitcoins as a viable digital currency. This is the exact reason that US Congressmen are calling for Bitcoin trading to be banned in the us. With such a large economy growing around the virtually unregulated Bitcoin market, a simple crash like Mt. Gox experienced, or major Bitcoin heist like Flexcoin experienced over the weekend could send the entire market crashing down and millions of people would lose everything they have invested in Bitcoins.

There is a security transition from defending against various virus and Trojan formats to sophisticated malware, and anti-virus programs are "totally useless," according to Mohammad Mannan, Concordia Institute for Information Systems Engineering assistant professor.

In a recent survey from Visa, almost 92 percent of respondents said they have been targeted by attempted phishing attempts - and the complexity of these attacks continues to evolve.

Just a few years ago, if a user was infected with malware, it was a major disruptive problem that directly led to PCs running poorly. However, malware is largely being written by cybercriminals aiming to either hijack compromised devices, or steal personal information and make money, so malware runs in the background a lot more efficiently.

Researchers have discovered a large number of comprised small office and home wireless routers. Hackers attacked more than 300,000 wireless router devices manufactured by D-Link, Micronet, Tenda, TP-Link and more. This discovery was made by researchers from a security firm 'Team Cymru' who has also disclosed a cross-site request forgery (CSRF) where attackers can access TP-Link routers using a blank password.

The idea is that hackers use multiple techniques to take over the wireless routers. Once the hackers get access, they change the domain name system (DNS) servers that's used to translate 'human-friendly' domain names into IP addresses for computers to track down web servers. The router re-directs to a fake website via the DNS where the unsuspecting victims insert login credentials. Once the credentials are inserted, the attackers use it to log into victims' accounts and uses socially engineering sms to induce the victim to unknowingly approve a transfer of funds to the attackers online banking account.

The hackers have attacked more than 300,000 routers located in multiple countries such as Vietnam, India, Colombia, etc. These compromised devices can now re-direct all of its end users to a malicious website to steal banking passwords. There is also a series of attacks that targets bank customers in Poland. It was found that fake DNS was used on the home and small office router which redirect computers, tablets and smartphones to a website made to collect online banking credentials from unsuspecting customers.

There's a new phishing scheme which involves Netflix and using the fear of having your account suspended unless you call the company's 'tech support'. Jerome Segura of Malwarebytes Unpacked uncovered 'Tech Support' scammers where they try to use Netflix account suspicion scare to steal its victims' photos, name, address, passwords and even credit cards.

Segura said that the error from Netflix urged him to call the 1-800 number on the screen, which was not the official support number and therefore prompted deeper investigation. Upon contacting the fake tech support, the representative made him download a 'Netflix Support Software' which turned out to be Teamviewer. After the remote connection was made, the scammer said that his account was suspended because of 'illegal activity' and showed 'proof' using a 'Foreign IP Tracer' which was a custom-made Windows batch script.

What was strange is that the tech support scammer advised him to connect with a Microsoft Certified technician. He also went ahead and transferred the call to a certified technician (fake, of course) who already had Teamviewer access. The fake support explained the issue and drafted a bill for installing network firewall, AVG antivirus cleanup followed by a $50 fake Netflix discount coupon and offered a discount. What was later found out that the scammer was trying to buy time and distract the victim. In the meantime, the scammer was going through his personal files and stealing data of his interest, as found in TeamViewer file transfer eventlog.

Meetup is one of those websites that almost everyone has used at some point, and with more than 12 years of an online presence it is no surprise that many have grown to depend on the service for spreading the word about their meetings. Unfortunately for the last several days, Meetup has been experiencing a massive Distributed Denial of Service attack (DDoS) that has crippled its servers and rendered the service unusable.

While the attack lessens from time to time, I have only noticed the service up twice over the last 4 days with it being back down within an hour of it coming back online. The attack is non political, and is purely designed to extort money from the company behind Meetup. An email arrived in CEO, Scott Heiferman's, inbox shortly after the attack began that read; "A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer."

Meetup chose not to pay the extortionist even though the amount demanded was extremely small as it has a policy not to negotiate with criminals. At the time of this writing Meetup was back up, but has been down on and off for most of the day. The company says that it is working on restoring stability, and hopes that things will return to normal shortly.

PC and mobile users are under constant threat from increasingly advanced types of malware, with attack servers handing out malware attack commands in 206 countries across the world, according to security company FireEye.

The United States, South Korea, Canada, Japan, and United Kingdom lead all countries targeted with advanced persistent threats (APTs). The government, services/consulting, and technology verticals most targeted, as cyberattacks are increasingly used to spy on rivals and steal information.

"The increasing frequency at which cyber attacks are happening illustrates the allure of malware to those with malicious intentions," said Dr. Ken Geers, FireEye senior global threat analyst, in a press statement. "Across the board, we are seeing a global expansion of APTs, malware, CnC infrastructure, and the use of publically available tools to facilitate the attack process. The global scale of threat has put cyber defenders in the very difficult position of not having any clue where the next attack will come from."

After being exposed by former IT contractor Edward Snowden last year, the NSA has the difficult task of trying to regain trust among the American people.

It's not impossible for the NSA and federal government to earn trust back, but without a sign of good faith, people will likely remain skeptical.

"I think we need to step back, set a framework for discussion with the American people," outgoing NSA chief Gen. Keith Alexander said during a recent Senate Armed Services Committee. "This is going to be absolutely important in setting up what we can and cannot do in cyberspace to protect this country. And from my perspective, that's going to be one of the big issues that we move forward. I think a precursor to that is getting the NSA issues resolved. We have to get those resolved because, ironically, it operates in the same space."

Russia's news website RT.com was recently compromised, and hackers have changes multiple articles with the word 'Russian' to 'Nazi'. Currently there's tension going between the country and Ukraine as Russia decides to move its troops towards the border and planning many military exercises.

The hack was reported at about 11 pm EST, which lead to changed in many news headlines such as 'Thousands rally again 'illegitimate govt', raise Nazi flags in eastern Ukraine' and 'up to 143,000 Nazis requested asylum in Russia in two weeks'.

After some time, RT.com was able to revert the headlines and made an announcement about the hack via Twitter. The reason RT.com became involved in this controversy is that their media reports were being heavily criticized for being allegedly bias and was funded entirely by Russia.

Struggling retailer Sears is the latest company to suffer a security data breach that is now being investigated by the U.S. Secret Service, according to unnamed resources.

Details regarding the reported attack haven't been released, including time of the breach or how many customers could have been affected.

"There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach," said Howard Riefs, Sears spokesperson, in a statement. "We have found no information based on our review of our systems to date indicating a breach."