The World News Tonight Of Security News Online

Saturday, April 19, 2014

Smart phone users still not disabling their location tracking on cameras

Smart phone users still not disabling their location tracking on cameras

ATLANTA — One of the biggest news stories of the year is about the government tracking Americans, on their phones and on-line, in the name of national security and stopping terrorists. But many people still don’t realize how much personal information they are putting on-line, all the time. As a result, criminals and ex-spouses and other cyber-stalkers continue to track where they are, and where their children are. And they’re able to do it every day, because many who love to take pictures with smart phones, and post the photos on social media, and email them, are still not turning off …continue reading

twitter facebook rss feed

Self-Described as ‘Anonymous’, arrested in South Korea

2

Three have been charged with threatening to launch cyber attacks against the Korean government. The Chosun Ilbo reports that two teenagers and a university student were recently arrested for threatening to launch cyber attacks on the South Korean government on April 14, 2014. The three, surnamed Kang, 17, Bae, 14, and Woo, 23, posted a YouTube video on March 21, 2014, stating, “To the Government of South Korea. We are watching you, and We Expect for the changes of the Korean Government. … This is the LAST WARNING MESSAGE for Korean Government. In April 14th 2014, Expect Our Revolution and …continue reading

After 11days of Heartbleed pain in market, VPN is Still Vulnerable

abx

The attackers exploited the security vulnerability in OpenSSL running in the client’s SSL VPN concentrator to remotely access active sessions. Researchers guessed heartbleed had infected two-thirds of all Web servers, and researchers at Sucuri reported Friday that just 2 percent of the top 1 million websites on the Internet remain infected and all of the top 1,000 sites have been patched against the OpenSSL vulnerability but Mandiant tracks a scary new attack vector–VPN user sessions. But also on Friday, Mandiant researchers reported an attack they tracked beginning on April 8 in which an attacker “leveraged the Heartbleed vulnerability in a …continue reading

New Android_s Feature will regularly scan your Android apps

22

The apps would be scanned at regularly basis to protect android users: Recently Google has officially announced to increase the security of Android users by adding a new feature to android which will regularly scan all the apps installed on the device to protect you from harmful malwares and viruses as said in an official blog by Rich Cannings. The new feature by Google would be a part of Verify Apps feature which is already protecting android users from harmful apps installed by third party store. Verify Apps feature was used 4 billion times last year and had protected almost …continue reading

Heart-Bleed , a over-rated vulnerability and the most famous vulnerability discovered till now

abx

Big companies like Microsoft , Apple and other were vulnerable to it but they’ve patched it as its a serious kind of vulnerability which admin will never want to be exploited. The companies which were affected by this vulnerability notified their customers about it before the site was exploited. According to the report published by Sydney Morning Herald, NSA is blamed to be familiar with the bug before it was leaked. According to the report NSA knew about it but didn’t leaked it. After Bloomberg article was published last week, the agency spokesman Vanee told the Time Magzine that,  “NSA …continue reading

Heartbleed – Better to Encrypt the Entire Internet

11

There are bundles of bugs, viruses but this time the Heartbleed bug crushed everyone?s faith in the secure web, but a world without the encryption software that Heartbleed exploited would be even worse. In fact, it?s time for the web to take a good hard look at a new idea: encryption everywhere. Mostly websites use either the SSL or TLS protocol to protect password or credit card information as it travels between browser and their servers. Whenever you see that a site is using HTTPS, as opposed to HTTP, you know that SSL/TLS is being used. But only a few …continue reading

Breach Point-Of-Sale risks millions of payment cards – Michaels, Aaron Brothers

1

The Michaels breach involved malware on point-of-sale systems that neither security firm had encountered before, Michaels CEO Chuck Rubin wrote in a Thursday statement, explaining the malware has been removed and the incident has been fully contained. About 2.6 million payment cards may have been compromised from Michaels outlets between May 8, 2013 and Jan. 27, Rubin said, adding that about 400,000 payment cards could have been compromised from Aarons Brothers stores, a Michaels subsidiary, between June 26, 2013 and Feb. 27. Rubin explained that the breach impacted a ?varying number? of Michaels stores, as well as 54 Aaron Brothers …continue reading

Cyber Attacks – New Face of Terrorism

windows-xp-support

The keyboard can create more disastrous results than a bomb or natural disaster. Cyber attacks what many fear are the new face of terrorism. In April 2011, tornadoes hit Alabama hard, wiping the power supply to millions of homes for days. Could the results of that natural disaster be recreated by man in the form of a cyber attack? For those in the industry of preventing cyber attacks, it’s a continuing game of cat and a click of a mouse. For the Tennessee Valley, the heart of power generation lies with TVA and nuclear power from Browns Ferry. Rob Arnold …continue reading

Microsoft’s free Threat Modeling tool with new features available now

Microsoft Corp

“More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating,” blogged Tim Rains. “Threat modeling is also used to help identify mitigations that can reduce the overall risk to a system and the data it processes. Once customers try threat modeling, they typically find it to be a useful addition to their approach to risk management.” According to Tim Rains, director of Microsoft Trustworthy Computing Microsoft?s threat modeling tool updated with new features designed to offer …continue reading

Canada Revenue Agency breach causes Heartbleed hacker arrested

2

  Canadian police has arrested and charged, 19-year-old by a who allegedly exploited the Heartbleed bug to steal personal data from the Canadian Revenue Agency’s website. Stephen Arthuro Solis-Reyes, grabbed 900 social insurance numbers (SINs) over a period of six hours, marks the first time that authorities have apprehended someone in relation to the bug in OpenSSL. Solis-Reyes of London, Ontario is a student at Western University, was detained by the London Police Service and the Royal Canadian Mounted Police National Division Integrated Technological Crime Unit. In a statement, Assistant Co mmissioner Gilles Michaud of the RCMP, said: The RCMP …continue reading

Samsung Galaxy S5′s fingerprint scanner hacked in 4days

11

The Samsung?s latest flagship handset Galaxy S5?s fingerprint scanner has already been hacked just few days after the device was launched, although a teardown reveals a bill of materials in excess of $250 (£150) ? higher than the iPhone 5S. Researchers at Germany?s Security Research Labs (SRLabs) publicized their findings in a YouTube clip. According to the narrator: ?the spoof was made under lab conditions but is based on nothing more than a camera phone photo of an unprocessed latent print on a smartphone screen.? A PCB mould is then made from the photo, into which wood glue is smeared …continue reading

PDF in Android version allows attacker to access files

android

The android version of Adobe PDF Reader – contains a security virus that could allow an attacker to give and take documents stored in reader and other files stored on the android’s memory card. The security researcher says: the problem is because of few insecure Javascript interfaces.  These Javascript interfaces allow an attacker to run malicious Javascript code inside Adobe reader. “An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file” security researcher Yorick Koster said. Researcher has successfully verified the existence of vulnerability in the …continue reading

Heartbleed is being fixed by ORACLE in atleast 13 products

Oracle Headquarters Redwood Shores

Oracle points out that all its cloud services should be Heartbleed-proof and that six of its products ? including Oracle Linux 6 and Solaris 10.2 ? were vulnerable but can be patched with existing updates. So Oracle has emitted its formal advice about Heartbleed, revealing it has 13 products that need a patch and 14 more ?which may be vulnerable?. The news is not so good for the following products, as Oracle puts them in a bucket containing software that is ?likely vulnerable but for which no fixes are yet available.? 1.    BlueKai 2.    Java ME – JSRs and Optional …continue reading

88% U.S. Consumers Are Worried About Data Privacy

us-lgflag

A recent GfK survey of 1,000 U.S. citizens has found that 88 percent of respondents are at least “a little” concerned about the privacy of their personal data. The poll, conducted from March 7 to 9, 2014, also found that one third of consumers were directly impacted by the misuse of personal data within the past year. Concerns about privacy are increasing — 49 percent of respondents now say they’re “very much” concerned about data privacy, and 59 percent say their concern has risen in the last 12 months. Fifty-six percent of respondents say top organizations like social networks and …continue reading

Pentagon Cyber Security Force to be TRIPLE by 2016

cyber cmd

USA has always been worried about its security, no matter it?s about physical or cyber related. This time Defense Secretary Chuck Hagel announced Pentagon efforts to strengthen its U.S. Cyber Command in coming years. By 2016, the Fort Meade, Md.-based military command expects to triple its security staff to 6,000 people, he said Hagel revealed the recruitment efforts late last month during a speech at the National Security Agency’s (NSA) headquarters, according to a March PBS report. In the speech, Hagel also shared that the Pentagon’s hiring plans included military and civilian candidates. Hagel expects by this year’s end, the …continue reading

Google might reward secure websites with better ranking

google

Vulnerabilities in present encryption techniques and attacks in present websites gave a huge effect on internet. So, INTERNET SEARCH AND ADVERTISING HULK Google is considering giving websites that use strong encryption preferential placement on its search listings. Matt Cutts, Google senior engineer has hinted at this. Cutts was talking at the SMX West conference in San Jose, California, when website hacking came up and he talked about Google responses to it. He said that rewarding secure websites will save Google time whenever a fresh security panic sweeps the internet. “We don’t have the time to maybe hold your hand and …continue reading

Pakistan’s Upper House began debating a new bill on National Cyber Security

4545

Pakistan?s Upper House began debating a new bill seeking to establish a National Cyber Security Council, an agency the nation feels is needed to keep NSA at bay. Senator Mushahid Hussain Sayed presented The Cyber Security Council Bill 2014 with the aim of creating a body to draft policy, guidelines and strategy on cyber security issues according to international best practices. With  working to counter emerging online threats, it will also try to facilitate better communication and information-sharing between government and private sectors. To help achieve this, members of the proposed council would apparently be drawn from both sectors. Sayed …continue reading

Hackers Hacked Connecticut , Power shutdown

888

Electric, natural gas and major water companies and regional distribution systems in Connecticut have been penetrated by hackers and other cyber attackers, but defenses have prevented interruption. Security challenges are constantly evolving and “becoming more sophisticated and nefarious” and the ability of utilities to detect and stop penetration must constantly improve, the Public Utilities Regulatory Authority said in its report to Gov. Dannel P. Malloy, report about the hack of Connecticut. The report, required as part of legislation enacted last year, said the region’s Massachusetts-based grid operator, ISO-New England, has “more sophisticated” cyber defenses than utilities do. “ISO-NE is constantly …continue reading

FireEye made Google to install patche against a malware that sending victims to phishing sites

11

bl A malicious Android application spotted by FireEye – security vendor, that could modify the icons of other applications so that when they’re launched, they send victims to a phishing website. Google has issued a patch for that. The user give application permissions thought to have no malicious possibilities. Android users aren’t warned about granting those permissions when they install an application, FireEye wrote. But “using these normal permissions, allow malicious application to modify configuration settings of Android’s Launcher, including that of icons. FireEye developed a proof-of-concept attack using Google’s Nexus 7 tablet running Android version 4.2.2 to show icons …continue reading

Harley Medical Group,Cosmetic Surgery firm Hacked

444

The Harley Medical Group, a leading cosmetic surgery provider has been hacked by a computer hacker who may have accessed details of nearly 500,000 people considering procedures. The Harley Medical Group said it believed the cyber-attack was an attempt to extort money from the company and it had contacted police. Around 480,000 initial inquiry forms submitted online may have been accessed and they include a potential client’s name, address and telephone number, the company confirmed. The form also lists cosmetic procedures, including breast enlargements, liposuction and tummy tucks, in which potential clients can express an interest. The Harley Medical Group …continue reading

Elite Chinese hacking unit disappeared !

11

The hacking unit that helped uncover major online security breaches from China last year says exposing the hackers had the effect of shutting them down. The New York Times reported last year on what it believed to be an elite Chinese military unit that had been sitting on its networks, quietly spying on it and countless other U.S. companies. The news kicked off months’ worth of debate about America’s exposure to cyberattack. The unit, labeled as “Advanced Persistent Threat 1″ or APT1 by the independent security firm Mandiant, usually communicates with the malware it has installed in various targets year-round. …continue reading

Join the mailing list

Check your email and confirm the subscription

Get The Book Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!