data protection | Breaking Cybersecurity News | The Hacker News

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun...

Carriers, developers, and phone makers are rolling out new services and features to protect mobile devices from malicious attacks and data breaches. As people increasingly use smartphones for email, banking, and document access, the wireless industry is addressing mobile device security. According to Chris Knotts, vice president of technology and innovation at IT consulting company Force 3, there is a "consumerization of IT," where more employees use personal mobile devices like smartphones, laptops, and tablets for work purposes. IT administrators recognize that mobile devices are here to stay and need to be secured against attacks and data breaches. This effort extends beyond IT administrators. Carriers and phone makers are deploying new features and services to enhance mobile device security, as noted by the Wall Street Journal. Edward G. Amoroso, chief security officer of AT&T, stated, "Everyone is realizing that this is an uncontrolled environment. We don'...

Businesses can leave themselves vulnerable to data theft and other online threats, particularly as security and IT budgets are under pressure while companies try to save money. Although budgets are tight, it is crucial for companies to stay protected online. On average, the total cost of security breaches, including lost business, in the UK last year was $2,565,702. Data theft and other online threats represent significant dangers for businesses in the UK. The economic downturn exacerbates this problem, leading many executives to cancel, defer, or downsize security budgets. To highlight the risks facing companies today, Astaro has compiled the following list of the five most serious internet security threats. 1. Browser Vulnerabilities No browser provider is immune to security holes. A recent example is the CSS bug that affected Internet Explorer versions 6, 7, and 8 (CVE-2010-3962). This bug targets computers in a two-stage attack: first, the user follows an email link to a webpag...

CitySights NY, a company that organizes New York City tours on double-decker buses, has experienced a significant data breach. The personal information of 110,000 customers, including names, addresses, email addresses, credit card numbers, expiration dates, and Card Verification Value (CVV2) codes, was stolen. The breach likely occurred on September 26, when attackers used an SQL injection to upload a malicious script to the web server. The intrusion was discovered on October 25 by a web programmer who found the unauthorized script. According to a breach notification letter sent to and published by New Hampshire's attorney general, Twin America, CitySights NY's parent company, confirmed the compromise. In response to the breach, Twin America has taken several steps to enhance data security, including: Changing all administrative-level passwords to more complex ones. Restricting access to the administration panel and server to a few pre-approved IP addresses. Patching scri...

Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and expressed confidence that customers can now safely use their credit and debit cards in its stores. Nashville, Tennessee-based Genesco stated that the intrusion affected its U.S. Journeys, Journeys Kidz, Shi by Journeys, Johnston & Murphy stores, and some Underground Station stores. The company is currently investigating the extent of the compromise with the help of an outside expert. Robert Dennis, Chairman, President, and CEO of Genesco, said, "Since we learned of the intrusion, we have worked diligently with outside experts to protect our customers' information, and we are confident that they are safe shopping with their credit and debit cards at our stores. We recommend that our cust...

It will take several more years for the government to fully install high-tech systems to block computer intrusions. This prolonged timeline enables criminals to become more adept at stealing sensitive data, experts say. As the Department of Homeland Security (DHS) methodically works to secure the approximately 2,400 network connections used daily by millions of federal workers, experts suggest that technology may already be outpacing them. The DHS, responsible for securing non-military government systems, is gradually moving all government Internet and e-mail traffic into secure networks. These networks will eventually be protected by intrusion detection and prevention programs. However, progress has been slow. Officials are trying to finalize complex contracts with network vendors, resolve technology issues, and address privacy concerns related to monitoring employees and public citizens. The recent WikiLeaks release of over a quarter-million sensitive diplomatic documents highligh...

Two former University of Central Missouri students have been charged with hacking university databases, stealing confidential information, and attempting to sell it for profit. Joseph Camp and Daniel Fowler were indicted by a federal grand jury. They allegedly created a computer virus and spread it through email attachments and USB flash drives. They breached the personal data of about 90,000 UCM students, faculty, staff, and alumni. Camp and Fowler then tried to sell the information for $35,000. The seven-count indictment also charges them with attempting to steal university funds and using Facebook accounts to threaten potential witnesses. The charges could result in prison sentences of between two and ten years. According to a Computerworld report, "The duo used Fowler's room as their base and, over a three-month period between October and December 2009, broke into numerous university databases and computers, including one belonging to a university administrator." ...

Over the past three days, the European Union, the U.S., and NATO have approved new plans to combat cybercrime. On Monday, the European Commission announced its proposals to develop three systems aimed at enhancing cybersecurity for citizens and businesses. First, the E.U. plans to establish a cybercrime center by 2013 to coordinate cooperation between member states, E.U. institutions, and international partners. Second, a European information sharing and alert system, also set for 2013, will facilitate communication between rapid-response teams and law enforcement authorities. Third, the Commission aims to create a network of Computer Emergency Response Teams (CERTs) by 2012, with a CERT in every E.U. country. Home Affairs Commissioner Cecilia Malmström assured that these systems would not lead to the creation of another citizens' information database. She emphasized that the goal is to manage the flow of information to prevent cyber-attacks, not to store data. Meanwhile, follo...

Computer security firms and military personnel have issued warnings about certain Facebook features that could compromise both personal and national security. On Thursday, Sophos, a computer security developer, warned that Facebook's new online messaging service could increase users' vulnerability to identity theft. John Leyden of The Register reported that the service, which combines site updates, instant messaging chat, and SMS messages in one place, is an attractive target for cybercriminals. According to Leyden, spammers can easily target accounts, or they can be compromised to create Web 2.0 botnets. "Users need to realize that these new features increase the attack surface on the Facebook platform, making personal accounts more attractive to cybercriminals," said Graham Cluley, Sophos' senior technology consultant, to AFP. "Facebook accounts will now be linked with more people in users' social circles, creating new opportunities for identity fraud...

Today's cybercrime has far-reaching implications for security professionals. Corporate environments are increasingly targeted, with intellectual property becoming a primary focus for criminal activity. According to Uri Rivner, head of new technologies, identity protection, and verification at RSA, this trend was highlighted during a roundtable at the RSA conference in London this week. Rivner explained that in the past, cybercrime was often a one-man operation—typically a basement hacker causing mischief. Nowadays, it has evolved into an entire economy, run like legitimate businesses with a few key exceptions. "Online fraud is divided into two parts—harvesting and cashing out," he said. "This means those who steal and collect the data and those who monetize it by using the stolen credentials." Launching a Trojan attack has become remarkably easy. Rivner noted, "A Trojan costs around $700, with the famous Zeus Trojan priced at $3,000. An adware system cos...