Monthly Archives: January 2014

Android banking malware with a twist in the delivery

Here's an intriguing tale of an Android malware curveball spotted recently in SophosLabs.

You're expecting the pitch to come at you in a predictable direction, but a hidden twist in the action brings the onslaught from another angle altogether...

Yahoo prompts password reset after mass attack on email service

Yahoo

Yahoo has revealed that it's resetting passwords for a number of its email users after discovering a coordinated effort to gain access to accounts. We explain how Yahoo Mail users can better protect their accounts immediately.

Guilty plea for SpyEye banking malware author

Guilty plea for SpyEye banking malware author

Panin, a Russian national, admitted to developing and distributing the banking malware, which was sold to over 150 clients through underground cybercrime forums, and is designed to compromise PCs and connect them to botnets of similarly backdoored systems.

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Target says hackers got in by using a vendor's credentials

Target says hackers got in through a vendor

The company has reportedly shut down remote access to at least two internal systems: one for HR and one for suppliers. And yes, the DOJ is investigating this, one of the biggest breaches of all time.

Grassroots campaign seeks to fry the NSA by turning off the water tap

Grassroots campaign seeks to fry the NSA by turning off the water tap

It takes a lot of water to cool the spy agency's supercomputers, plus a lot of electricity. Two 4th Amendment-focused nonprofits are putting forth a template for a bill that would enable US states to turn off the lights and the taps and thereby, basically, starve the agency of the juice it needs to run.

Law enforcement in US, China, India, Romania collaborate to arrest hackers-for-hire

Law enforcement in US, China, India, Romania collaborate to arrest hackers-for-hire

Law enforcement in four countries have managed to work together to take down a number of hackers-for-hire, all accused of operating websites offering to break into email accounts for a fee.

Lavabit appeals contempt of court ruling surrounding handover of SSL keys

Lavabit appeal contempt of court ruling surrounding handover of SSL keys

Lavabit, a now-defunct private email service, has appealed against a contempt of court ruling centred around the company not handing over unencrypted data of one of its users - widely believed to be Edward Snowden.

Spy agencies are slurping personal data from leaky mobile apps

Spy agencies are slurping personal data from leaky mobile apps

Beyond device details, data shared over the internet by iOS and Android apps can include personal information such as age, gender, and location, while some apps share even more sensitive user information, such as sexual preference.

SSCC 132 - More breaches, treacherous gas pumps, poor passwords and Data Privacy Day [PODCAST]

sscc-132-thumb-250

This week's Chet Chat starts out with credit card breaches, covers the issue of whether you really need good passwords everywhere, and ends with an upbeat and encouraging conclusion...

Listen and learn more!

San Jose Police seek private residents' security camera footage for database

San Jose Police seek private residents' security camera footage for database

San Jose residents are voluntarily signing up to make it easy for Police to use their security camera footage. Is it a sensible and well managed use of available technology or, as the EFF claims, is it police overreach?

Report from the future: Data Privacy in the year 2044

privacy-2044-250

It's Data Privacy Day today, 28 January 2014.

So we asked Naked Security's Virtual Futurist, Frank di Scorse, to go forward 30 years and report back from the future on Data Privacy Day 2044....

Take the 3-step Privacy Plan Diet

privacy-plan-diet-250

Losing your grip on personal privacy is easy these days: the internet is never more than an arm's length away.

That's why we've come up with the 3-step Privacy Plan Diet - it's time to say "Hello" to the new you!

Privacy is not dead - you're just doing it wrong

iheartpriv-250

Today is Data Privacy Day. While many have declared privacy to be dead, it isn't up to them, it is up to you.

Being aware about what you are sharing with whom can go a long way towards preserving your privacy.

Jail time for Twitter abusers who spewed out rape and death threats

Jail_thumb_SS

A man and a woman have been handed custodial sentences for abusing high-profile feminist campaigner Caroline Criado-Perez and MP Stella Creasy on Twitter.

Bug, not DDoS, took down US court systems - just like Gmail

Bug. Image courtesy of Shutterstock.

Several US judicial system websites were offline for a spell on Friday, prompting immediate worries of some kind of organised cyber assault aimed at bringing the nation's legal system to its knees.

FBI warns of crimewave hitting cash registers

FBI warns of crimewave hitting cash registers

The US Federal Bureau of Investigations (FBI) has warned retailers to harden their defences against cyber-heists - particularly those that latch onto credit card details from shoppers

Revenge-porn king Hunter Moore indicted on 7 counts of aggravated identity theft

XXX. Image courtesy of Shutterstock.

Moore and alleged accomplice Charles "Gary" Evens were also indicted on 8 other counts including conspiracy and 7 counts of hacking to steal victims' nude or sexually explicit photos.

SEA hits CNN, may be linked to Microsoft law enforcement info heist

SEA hits CNN, may be linked to Microsoft law enforcement info heist

Microsoft has admitted that spearphishers compromised email accounts at the company, potentially leaking documents "associated with law enforcement inquiries". Just the day before Microsoft revealed the legal data loss, the SEA made another strike, this time targeting news outlet CNN.

Monday review - the hot 19 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.