Charles Riley( WYFF4 - September 5, 2014 )
Apple plans to roll out new security features in the coming weeks that are designed to counter the methods used in a mass theft of nude celebrity photos. The company will use email and push notifications to alert users when someone tries to change an account password, restore cloud data on a new device, or connect an unfamiliar device to an existing Apple account. Apple also plans to widen its use of two-factor authentication. That option, available on most email or file-sharing platforms, is a second, temporary password that usually arrives in the form of a text message. Apple CEO Tim Cook explained the changes in an interview with The Wall Street Journal, his first public comments since private, nude photos of Jennifer Lawrence and other celebrities were leaked on the Internet. An Apple representative confirmed Cook’s remarks to CNNMoney. Apple has concluded hackers were able to force their way into the photo collections through phishing attempts, guessing passwords or figu
ring out answers to the celebrities’ security questions.

The weak link in the enterprise security chain: Falling for phishing

Charlie Osborne( Zero Day - September 4, 2014 )
New research suggests that human error and a lack of knowledge concerning online scams remain a risk to enterprise security. The report, McAfee Labs Threats Report: August 2014 (.PDF), claims that phishing campaigns remain a prime way to access enterprise networks. Phishing campaigns come in many forms and guises. These days, phishing goes far beyond crude emails telling you you’ve won the Spanish Lottery or have a rich uncle in Nigeria who wants to transfer millions of dollars to your account. Instead, cyberattacks hijack news events

Yuri Kageyama( Yahoo News - September 4, 2014 )
The boundary between the online and physical worlds got blurry last week when Sony’s PlayStation Network was disabled by an online attack, while simultaneously an American Airlines passenger jet carrying a Sony executive was diverted due to a bomb threat on Twitter.Experts say that’s a wakeup call for a world still coming to grips with cybersecurity: What goes down online can be equally if not more disruptive in the real world. What often surfaces from the Internet’s underbelly to make headlines are acts that verge on pranks, and the culprits who get caught are the amateurs, such as a teenager in the Netherlands who tweeted a threat to an airline, saying she was part of al-Qaida and was planning to do “something really big.” But that’s just the tip of the iceberg of 24-hour criminal action in cyberspace. The serious players are after much bigger trophies such as wreaking havoc with defense systems and stealing valuable corporate information. The days of computer mischief to s
ay “I was here,” common several years ago, are over.

Antone Gonsalves( NetworkWorld - September 4, 2014 )
The CryptoWall ransomware that filled the void left by the takedown of its CryptoLocker cousin is less effective and lacks the sophistication for wringing more money from victims. CryptoWall’s shortcomings include less virulent technology and no payment options beyond Bitcoins, a cryptocurrency that many people would not know how to use in paying to have malware-encrypted files unscrambled, according to Keith Jarvis, a senior researcher for the Dell SecureWorks Counter Threat Unit, which performed an extensive analysis on CryptoWall. “It made no advancements on what we saw with CryptoLocker,” Jarvis said Wednesday. Despite the lack of innovation, the criminals behind CryptoWall managed to compromise 625,000 computers in the last six months, surpassing the roughly half million infected with CryptoLocker. However, its lack of less complicated payment options has led to a much smaller take, roughly $1.1 million versus about $3 million for CryptoLocker.

Katherine Noyes( E-Commerce Times - September 3, 2014 )
Domain name registrar Namecheap on Monday reported that it was besieged Sunday night by cyberattackers who employed username and password data possibly stolen by the so-called CyberVor hacker gang. “Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems,” explained Matthew Russell, Namecheap’s vice president of hosting. “Upon investigation, we determined that the username and password data gathered from third party sites, likely the data [linked with ‘CyberVor’], is being used to try and gain access to accounts.” “CyberVor” is the name Hold Security used last month when it reported the theft of 1.2 billion online credentials. The cybercriminals executing the attack on Namecheap used stored usernames and passwords along with fake browser software to simulate authentic Web browser logins, Russell said. The “vast majority” of the malicious login attempts have been unsuccessful, he added, primarily because t
he information used was old and out of date. Some, however, have been successful, so Namecheap has secured the affected accounts. The company also is blocking the IP addresses that appear to be logging in with the stolen password data. In the meantime, the company is working with customers to improve their security.

North Korea cyber warfare capabilities exposed

Charlie Osborne( ZDNet - September 2, 2014 )
North Korea’s cyber warfare capabilities are on the rise despite being entrenched in ageing infrastructure and dampened by a lack of foreign technology. According to a report released by Hewlett-Packard researchers, the so-called ‘Hermit Kingdom’ may keep Internet access from the masses and maintain an iron grip on information exchange, but this hasn’t stopped the country from training up the next generation of cybersecurity and cyber warfare experts. A number of countries, including the United States, have imposed restrictions on North Korea which prevents the open trade of technologies which would enhance cyber tools and capabilities

Frank Bajak( CNS NEWS - September 2, 2014 )
The Peruvian hackers have broken into military, police, and other sensitive government networks in Argentina, Colombia, Chile, Venezuela and Peru, defacing websites and extracting sensitive data to strut their programming prowess and make political points. Their latest stunt may be their most consequential. Emails that the LulzSecPeru hackers stole from the Peruvian Council of Ministers’ network and dumped online last month fueled accusations that top Cabinet ministers have acted more like industry lobbyists than public servants. They helped precipitate a no-confidence vote last week that the Cabinet barely survived. The hackers are a compact, homegrown version of the U.S. and U.K-based LulzSec “black hat” hacker collective that grew out of the Anonymous movement, which has variously attacked the Church of Scientology and agitated on behalf of the WikiLeaks online secret-spillers and Occupy Wall Street. A lot of “hacktivism” out of the United States and western Europe has wan
ed or been driven underground after police pressure and arrests, said Gabriella Coleman, an anthropologist at McGill University, in Montreal, Canada, who has studied the phenomenon.