Cyber Crime - Infoworld en Teen arrested in Heartbleed attack against Canadian tax site <p>Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.</p> <p>Stephen Arthuro Solis-Reyes, of London, Ontario, took advantage of the vulnerability to steal information from the Canada Revenue Agency's website, according to the National Division of the Royal Canadian Mounted Police. They arrested him on Tuesday without incident. Solis-Reyes faces one count of unauthorized use of a computer and one count of "mischief in relation to data."</p> Security Authentication Cyber Crime Data Security Thu, 17 Apr 2014 11:23:07 +0000 admin 240684 at Think tank challenges Heartbleed handwringing <p>A think tank opinion piece that claims the threat from the <a href="">Heartbleed bug</a> is overblown has sparked a debate among researchers over the seriousness of the OpenSSL flaw.</p> Security Cyber Crime Encryption Vulnerability Assessment Wed, 16 Apr 2014 13:58:50 +0000 admin 240607 at Stung by file-encrypting malware, researchers fight back <p>Jose Vildoza's 62-year-old father was using his old Windows computer when a warning in broken English flashed on the screen: your files have been encrypted.</p> <p>Vildoza's father, who speaks Spanish, didn't understand the warning, which demanded payment in order to decrypt the files. When Vildoza looked at it, he knew it was bad. And he became angry.</p> Security Cyber Crime Data Loss Prevention Encryption Endpoint Protection Malware Thu, 10 Apr 2014 11:54:58 +0000 admin 240226 at World hit by record wave of 'mega' data breaches in 2013 <p>What do Target, AOL, LivingSocial, Evernote, and Adobe have in common with one another? Answer: they were all victims of huge data breaches during 2013, part of a phenomenon that a new Symantec report calcuates has reached epidemic levels.</p> Security Cyber Crime Data Security Hacking Wed, 09 Apr 2014 14:36:46 +0000 admin 240161 at New federal rule requires banks to fight DDoS attacks <p>Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week.</p> Security Federal Regulations Cyber Crime Fri, 04 Apr 2014 15:18:14 +0000 admin 239893 at Beware: The cloud's Ponzi schemes are here <p>The U.S. Securities and Exchange Commission has <a href="" target="_blank">shut down a worldwide pyramid scheme</a> that falsely promised fast gains to tens of thousands of Asian-American, Hispanic, and foreign investors from cloud computing services. The companies in question, WCM and WCM777, allegedly raised more than $65 million over the last year. They did this by promising people they could double their money in 100 days by investing between $399 and $1,999 in cloud services.</p> Cloud Computing The Industry Standard Cyber Crime Cloud Computing Fri, 04 Apr 2014 10:00:00 +0000 David Linthicum 239514 at China calls US spying actions 'hypocrisy,' plans to beef up security <p>China's Ministry of National Defense blasted the U.S. over recent allegations that it has been spying on Huawei Technologies, and said it plans to shore up the nation's Internet security in response.</p> <p>Recent reports on U.S. spying activities against China, its businesses, and people, expose the U.S.'s "hypocrisy" and "tyranny," said Defense Ministry spokesman Geng Yansheng at a press briefing on Thursday.</p> Security Cyber Crime Government Thu, 27 Mar 2014 11:34:12 +0000 admin 239205 at Cyber security expert: Internet of things is 'scary as hell' <p>The terms "Internet of things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, <a href="" target="_blank">Prescient Solutions</a>.</p> Networking Security Internet of things Cyber Crime Data Security Intrusion Detection Wed, 26 Mar 2014 12:07:02 +0000 admin 239104 at Security vendor Trustwave named in Target data breach suit <p>Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to <a href="">Target's data breach</a>, one of the largest on record.</p> <p>Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which "failed to live up to its promises or to meet industry standards," alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.</p> Security Cyber Crime Data Security Intrusion Detection Malware Wed, 26 Mar 2014 11:45:46 +0000 admin 239119 at ATM malware, controlled by a text message, spews cash <p>A group of enterprising cyber criminals have figured out how to get cash from a certain type of ATM -- by text message.</p> <p>The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.</p> Security Cyber Crime Malware Tue, 25 Mar 2014 11:15:03 +0000 admin 239028 at Chemical and drug makers are the biggest malware magnets <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="" alt="Chemical and drug makers are the biggest malware magnets" width="243" height="182" align="right" /></div><p>How likely are you to run into Web malware? Depending on the industry you're working in, either not very -- or far more often than you ever imagined.</p> Security Cyber Crime Malware Mon, 24 Mar 2014 10:00:00 +0000 InfoWorld Tech Watch 238909 at Mt. Gox finds $116 million worth of bitcoins <p>Mt. Gox has said it found 200,000 of the bitcoins it claimed may have disappeared as a result of a software flaw.</p> <p>In a <a href="" target="_blank">statement</a> on its website Thursday, the failed exchange said it found 200,000 bitcoins in an old-format digital wallet, reducing the number of bitcoins missing to 650,000.</p> Security The Industry Standard E-commerce Cyber Crime Fri, 21 Mar 2014 12:13:56 +0000 admin 238859 at Speedy attack targets Web servers with outdated Linux kernels <p>Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, Cisco Systems said on Thursday.</p> <p>All the affected servers were running the 2.6 version, first released in December 2003, of the Linux kernel, which is the core of the operating system. Most were running a 2.6 Linux kernel version released in 2007 or earlier, <a href="" target="_blank">wrote</a> Martin Lee, technical lead of Threat Intelligence for Cisco.</p> Open Source Software Security Linux Cyber Crime Malware Fri, 21 Mar 2014 11:44:01 +0000 admin 238853 at Researchers discover credential-stealing Unix-based server botnet <p>Cyber criminals are using sophisticated malware in compromising thousands of Unix-based servers to spew spam and redirect a half million Web users to malicious content per day, a security firm reported.</p> <p>Dubbed Operation Windigo, the attack has been ongoing for more than two and a half years and has compromised as many as 25,000 servers at one time, anti-virus vendor ESET said Tuesday. Systems infected with the backdoor Trojan are used in stealing credentials, redirecting Web traffic to malicious content and sending as many as 35 million spam messages a day.</p> Open Source Software Security Linux Cyber Crime Hacking Thu, 20 Mar 2014 11:59:37 +0000 admin 238687 at Court approves first-of-its-kind data breach settlement <p>Courts have generally tended to dismiss consumer class-action lawsuits filed against companies that suffer data breaches if victims can't show that the the breach directly caused a financial hit.</p> <p>A federal court in Florida broke the mold by approving a $3 million settlement for victims of a data breach in which personal health information was exposed when multiple laptops containing the unencrypted data were stolen.</p> Security Cyber Crime Data Loss Prevention Data Security Tue, 18 Mar 2014 11:40:14 +0000 admin 238550 at The bad guys have your credit card info -- so what? <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="" alt="The bad guys have your credit card info -- so what?" width="243" height="182" align="right" /></div> <p>I'm constantly perplexed by the sensational headlines claiming this or that breach resulted in millions of credit cards being stolen.</p> Security Cyber Crime Data Security Hacking Identity Management Tue, 18 Mar 2014 10:00:00 +0000 Roger A. Grimes 238558 at Bitcoin-stealing malware hidden in Mt. Gox data dump <p>An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who <a href="" target="_blank">compromised the blog of Mt. Gox CEO Mark Karpeles</a> also contains bitcoin-stealing malware for Windows and Mac.</p> <p>Security researchers from antivirus firm Kaspersky Lab analyzed the 620MB file called and concluded that in addition to various Mt. Gox-related documents and data, it contains malicious binary files.</p> Security E-commerce Cyber Crime Malware Mon, 17 Mar 2014 14:36:09 +0000 admin 238500 at Hackers allegedly hit Mt. Gox CEO's blog, post balance of remaining bitcoins <p>Hackers attacked the personal blog of Mt. Gox CEO Mark Karpeles on Sunday and posted what they claim is a ledger showing a balance of some 950,000 bitcoins based on records they obtained from the defunct exchange for the virtual currency.</p> <p>They said the sum contradicts Mt. Gox's claim in a Japanese bankruptcy protection filing Feb. 28 that it had lost about 850,000 bitcoins.</p> Security Cyber Crime Hacking Security Mon, 10 Mar 2014 11:28:44 +0000 admin 238033 at 10 questions on the Mt. Gox implosion <p>How do half a billion dollars vanish into thin air? That seems to be what happened at popular Bitcoin exchange Mt. Gox, which made <a href="">a bankruptcy protection filing</a> in Japan last week.</p> Security E-commerce Cyber Crime Web Services Thu, 06 Mar 2014 12:51:20 +0000 admin 237827 at Tor network hides 900 botnets and 'darknet' markets, says Kaspersky Lab <p>The Tor network is in danger of being swamped by criminals abusing its anonymity to hide an underworld of parasitic botnets, malicious command and control, and "darknet" markets, according to research from Kaspersky Lab.</p><p>Tor has long had its dark side but the scale of its use by criminals appears to have expanded quite rapidly in the last year. Kaspersky Lab had uncovered evidence of 900 services using Tor, said researcher Sergey Lozhkin, through its 5,500 plus nodes (server relays) and 1,000 exit nodes (servers from which traffic emerges).</p> Security Cyber Crime Malware Thu, 06 Mar 2014 12:27:44 +0000 ccraig 237832 at