54581611
submission
wiredmikey writes:
Telecommunications giants Verizon and AT&T both announced (separately) this week that they would join a growing list of tech and telecom sector companies in publishing a "transparency report" about demands for information from law enforcement agencies.
Verizon said the first report would come in early 2014, with updates being published semi-annually. AT&T said it would also release a semiannual report starting in early 2014 with information "to the extent permitted by laws and regulations."
The transparency reports will include things such as the total number of law enforcement agency requests in criminal cases, subpoenas, court orders and warrants. However, telecom and tech firms are still barred from releasing data on national security requests from the FBI and US intelligence services.
The announcements come after a period when the telecom firms were notably absent from a debate on disclosures about the scope of US surveillance programs from fugitive former intelligence contractor Edward Snowden.
54510991
submission
wiredmikey writes:
Retail giant Target today confirmed rumors that it had fallen victim to a major data breach affecting millions of customers at its U.S. retail stores starting on “Black Friday”, the biggest shopping day of the year. Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013, the company said.
Rumor of the massive data breach was originally reported Wednesday afternoon by security researcher and blogger, Brian Krebs, and quickly picked up by media outlets around the world. The New York Times reported that the US Secret Service is also investigating the incident.
Minneapolis-based Target Corporation operates 1,921 stores—1,797 in the United States. “If guests shopped in US Target stores during this time period, we encourage them to be vigilant in monitoring their accounts, a Target spokesperson told SecurityWeek.
54488137
submission
wiredmikey writes:
A board set up to review the NSA's vast surveillance programs has called for a wide-ranging overhaul of National Security Agency practices while preserving "robust" intelligence capabilities. The panel, set up by President Obama, issued 46 recommendations, including reforms at a secret national security court and an end to retention of telephone "metadata" by the spy agency.
The 308-page report (PDF) submitted last week to the White House and released publicly Wednesday says the US government needs to balance the interests of national security and intelligence gathering with privacy and "protecting democracy, civil liberties, and the rule of law."
Panel members said the recommendations would not necessarily mean a rolling back of intelligence gathering, including on foreign leaders, but that surveillance must be guided by standards and by high-level policymakers.
54436917
submission
wiredmikey writes:
A mobile botnet called MisoSMS is wreaking havoc on the Android platform, stealing personal SMS messages and exfiltrating them to attackers in China. Researchers at FireEye lifted the curtain off the threat on Monday, describing MisoSMS as "one of the largest advanced mobile botnets to date" and warning that it is being used in more than 60 spyware campaigns.
FireEye tracked the infections to Android devices in Korea and noted that the attackers are logging into command-and-controls in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages. FireEye's research team discovered a total of 64 mobile botnet campaigns in the MisoSMS malware family and a command-and-control that comprises more than 450 unique malicious e-mail accounts.
54336051
submission
wiredmikey writes:
Chinese and Americans widely distrust each other but few among the public or elite see the other power as an enemy, according to a study billed as one of the most comprehensive looks at the views of influential Chinese.
The study found that China's elite mostly described their opinions about the US as mild, despite the frequent disagreements between the nations. The survey found that strong majorities in both countries, especially in China, doubted that the other power could be highly trusted. Most Americans and Chinese elites, as well as 45 percent of the Chinese public, characterized the other nation as a competitor.
But only 15 percent of the US public and 12 percent of the Chinese public saw the other nation as an enemy, the study said. In one sharp disparity, 27 percent of Chinese government elites said they considered the United States an enemy — while a mere two percent of US government elites said likewise about China.
Even those generally sympathetic to China — voiced growing alarm over Beijing's alleged campaign of cyber hacking that has stolen US intellectual property.
Most of the Chinese public described Americans as aggressive, arrogant and greedy; majorities in the United States actually agreed with those characterizations of themselves but did not assign the same negative traits to Chinese.
54260937
submission
wiredmikey writes:
A Ukrainian national, Roman Vega, who pleaded guilty in 2009 to creating a popular online marketplace for selling stolen financial account data has been sentenced to 18 years in prison. Called one of the world’s “most prolific cybercriminals” by the Department of Justice, Vega, 49, will serve significant time in prison for his role in co-founding the notorious website CarderPlanet.
In the early 2000s, Vega co-founded and became a high-ranking administrator of the notorious website, which became one of the first and busiest online marketplaces for the sale of stolen financial information, computer hacking services and money laundering. At its height, CarderPlanet had more than 6,000 members and had a hierarchical leadership structure that borrowed its leadership titles from La Cosa Nostra, US authorities said.
54194991
submission
wiredmikey writes:
Business for Switzerland's 55 data centers is booming. They benefit from the Swiss reputation for security and stability, and some predict the nation already famous for its super-safe banks will soon also be known as the world's data vault. For example, housed in one of Switzerland's numerous deserted Cold War-era army barracks, one high-tech data center is hidden behind four-ton steel doors built to withstand a nuclear attack — plus biometric scanners and an armed guard. Such tight security is in growing demand in a world shaking from repeated leaks scandals and fears of spies lurking behind every byte.
Revelations from former NSA contractor Edward Snowden of widespread spying by the agency has served as "a wake-up call" to the dangers in this era of electronic espionage. While the global data storage industry is ballooning, companies in Switzerland, which has some of the world's strictest data protection laws, are especially reaping the benefits of the paranoia. Under Swiss law, personal data is defined as a "precious good" that can under no circumstances be handed over to governments or authorities without authorization from a judge.
While Switzerland's reputation as the land of tight-lipped confidentiality has taken a bit of a hit with the ongoing erosion of its bank secrecy practices, it remains miles ahead of most other countries in terms of data protection, according to Peter Gruter, the head of the Swiss Telecommunications Association.
One Swiss data center operator said business has more than tripled since the NSA leaks by Snowden began earlier this year.
54109073
submission
wiredmikey writes:
Google announced on Saturday that it detected a French government agency using unauthorized digital certificates for several Google domains to perform man-in-the-middle attacks on a private network.
Google security engineer Adam Langley said the company traced the fraudulent certificates to Agence nationale de la sécurité des systèmes d’information (ANSSI), a French certificate authority that falls under the government's cyber-security agency. "ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network," Langley noted in a blog post.
In a separate statement, ANSSI blamed "human error" for the incident.
Google's Langley described the incident as a "serious breach" and warned that the company is considering additional actions.
53911109
submission
wiredmikey writes:
President Barack Obama admitted Wednesday he was not allowed to have an iPhone owing to security fears — explaining why he is sometimes seen with a bulky super secure BlackBerry. "I'm not allowed for security reasons to have an iPhone," Obama told a group of young people at the White House for an event promoting his health care law.
Within days of being inaugurated president, Obama won his battle with the Secret Service to hang on to his BlackBerry, despite fears that it was vulnerable to being hacked. The White House says the president's personal email address was strictly limited to a small list of senior officials and personal friends, but will not detail the encryption devices that are used to secure his communications.
Obama did say that his daughters Sasha and Malia spend a lot of time on their iPhones.
53888781
submission
wiredmikey writes:
Royal Bank of Scotland's CEO admitted on Tuesday that the bank had failed to invest in its IT systems "for decades", after a glitch left customers unable to access cash for three hours.
Chief executive Ross McEwan said it was unacceptable that customers could not use their credit and debt cards for a period of the evening on "Cyber Monday", one of the busiest shopping days of the year.
"For decades, RBS failed to invest properly in its systems," McEwan said. The bank said in a statement earlier Tuesday that the "systems issues" that caused Monday's outage had been resolved and all services were now working normally.
The latest glitch follows an incident in June 2012 when a software upgrade left hundreds of thousands of people unable to make or receive payments for several days, and cost the group £175 million (290 million) in compensation.
53652609
submission
wiredmikey writes:
A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware.
Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
53178747
submission
wiredmikey writes:
Sweden said it will hand over Pirate Bay co-founder Gottfrid Svartholm Warg to Denmark where he is wanted for questioning on alleged hacking charges.
"It (the extradition) will take place on November 27," the prosecutor in charge of the case, Henrik Olin, said, adding that Sweden was responding to an arrest warrant issued by Copenhagen.
In June, Danish police revealed that the 30-year-old Swedish hacker is suspected of illegally downloading police files between April and August 2012. He is currently serving a one-year sentence in Sweden for hacking into the computer systems of contractors working for the national tax authority.
52993207
submission
wiredmikey writes:
Jeremy Hammond, a computer programmer linked to the online hacktivist group Anonymous who pleaded guilty to hacking the intelligence firm Stratfor was sentenced to 10 years in prison today.
He was sentenced by a US federal judge in New York after pleading guilty in May to conspiracy charges in connection with the 2011 hack of Stratfor, the US attorney's office said.
Hammond, whose case has been supported by digital rights activists and others, also was part of a group which broke into the FBI computer network and later delivered documents to WikiLeaks, according to investigators.
The Electronic Frontier Foundation argued in a brief that Hammond "did not profit financially as a result of his actions, but rather, exposed uncomfortable truths."
Hammond, who could have faced a longer prison sentence before his "non-cooperating plea agreement," admitted his involvement in computer intrusions into the FBI Virtual Academy, the Arizona Department of Public Safety and other government networks.
52953637
submission
wiredmikey writes:
Microsoft announced today that it has opened a new cybercrime center that combines technical expertise with cutting-edge tools and technology and cross-industry expertise, to combat cyber crime. Located at Microsoft's campus in Redmond, Washington, the center houses technologies that enable teams to visualize and identify global cyberthreats developing in real time, including SitePrint, which allows the mapping of online organized crime networks; PhotoDNA, a leading anti-child-pornography technology; cyberforensics, a new investigative capability that detects global cybercrime, including online fraud and identity theft; and cyberthreat intelligence from Microsoft’s botnet takedown operations.
The Cybercrime Center also has a secure location for third-party partners, including from academia and law enforcement, allowing cybersecurity experts from around the world to work in the facility with Microsoft’s experts for an indefinite period of time.
52915603
submission
wiredmikey writes:
Popular Mac news and information site MacRumors.Com said that its forums site was hacked on Monday, according to a notice alerting readers that usernames, email addresses and (hashed) passwords were likely obtained by the attacker(s). As of late Tuesday night, statistics displayed that MacRumors Forums had 860,182 members.
“In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known,” Arnold Kim, Founder and Editor of MacRumors.com, wrote in a security notice Tuesday evening.
Some users are already reporting suspicious and malicious activity in accounts they have with other services, indicating that the hackers are already putting the stolen data to use, mainly by trying to use the same combination of username/password elsewhere in attempt to gain access.
Kim said the MacRumors Forums breach is being investigating with the help of a 3rd party security researcher.
