Scotty Zifka was looking for a sales job. He started one in late May at a company called EZ Tech Support, a small inbound call center in an older building in northeast Portland, Oregon.The first day of Zifka’s unpaid training involved listening in on sales calls. But within three hours, Zifka felt something wasn’t quite right.“Everything about it was so weird,” he recalled.The company’s 15 agents answer calls from people who’ve seen a pop-up message saying their computer may be having problems, and advising them to call a number, which rings at the offices of EZ Tech Support.The agents are instructed to stick to a 13-page script. They ask callers whether they have an antivirus program installed. If they do, Zifka said, callers are usually told that whatever they’re using isn’t a “full-time real spectrum virus protection program.”To read this article in full or to leave a comment, please click here
Twitter, to reduce abusive content on its site, is letting users share lists of the people they block, so they can more easily silence those account holders on their own profiles.With the changes, users can save an exported file of the accounts they block to share with others. Users can import a list of the blocked accounts so they can block them all at once, rather than blocking the accounts individually.Twitter, in a blog post, said it hopes the tool will help people on the site who face similar problems or who experience high volumes of unwanted interactions.To read this article in full or to leave a comment, please click here
VMware has released security updates for several of its virtualization products in order to address critical vulnerabilities that could allow attackers to break out of virtual machines and execute rogue code on the host operating systems.The code execution flaws affect the Windows versions of VMware Workstation, VMware Player and VMware Horizon Client. They were discovered by Kostya Kortchinsky of the Google Security Team and stem from a printer virtualization feature that allows a virtual machine’s guest OS to access the printer attached to the host computer.“On VMware Workstation 11.1, the virtual printer device is added by default to new VMs, and on recent Windows Hosts, the Microsoft XPS Document Writer is available as a default printer,” Kortchinsky explained in an advisory. “Even if the VMware Tools are not installed in the Guest, the COM1 port can be used to talk to the Host printing Proxy.”To read this article in full or to leave a comment, please click here
All software and hardware in the German parliamentary network might need to be replaced. More than four weeks after a cyberattack, the government hasn’t managed to erase spyware from the system, according to a news report.Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination, several anonymous parliament sources told German publication Der Spiegel.In May, parliament IT specialists discovered hackers were trying to infiltrate the network. So far, they have been unable to mitigate the attack.To read this article in full or to leave a comment, please click here
Anticipating the approval of stricter data protection rules in the European Union, cloud storage startup Zettabox bets it will be able to compete against bigger rivals by guaranteeing customers that their data will be housed in Europe.Zettabox, whose service came out of beta on Wednesday, is entering a market dominated by U.S. cloud providers. To differentiate itself, Zettabox is setting up storage space in data centers across the continent so companies and governments can store data in their home countries if they want to.Zettabox has offices in London and Prague and was founded by James Kinsella and Robert McNeal, U.S. executives who have been working on the service for over two years.To read this article in full or to leave a comment, please click here
A state-sponsored espionage group that uses a malware platform called Duqu has compromised the computer networks of several hotels and venues that hosted negotiations over Iran’s nuclear program.The attacks that took place in 2014 and this year involved the use of a new version of the Duqu cyberespionage malware, according to antivirus firm Kaspersky Lab, which also found the malware on its own systems.Kaspersky Lab discovered in early spring that several of its internal systems had been compromised and the subsequent investigation resulted in the identification of what the company now calls Duqu 2.0.Duqu is a highly sophisticated malware platform used for cyberespionage that was originally found in 2011. It is believed to be related to Stuxnet, the computer worm developed by the U.S. and Israel to sabotage Iran’s nuclear program.To read this article in full or to leave a comment, please click here
Police in several European countries arrested 49 suspected members of a gang they say broke into corporate email accounts, using them to divert payments from business customers.The gang operated in Italy, Spain, Poland, the U.K., Belgium and Georgia, according to Eurojust and Europol, the two agencies that coordinated and provided support to the police operation on the ground.The gang’s members, who were mainly from Nigeria, Cameroon and Spain, used malware and social engineering to compromise the computers of various large European companies. They then gained access to corporate email accounts and monitored them for payment-related communications from customers.To read this article in full or to leave a comment, please click here
Website owners are complaining that a free security tool started displaying unwanted advertising pop-ups to their visitors.The tool is made by SweetCAPTCHA. It requires users to correctly pick out and match images before they’re allowed to do some action on a website. CAPTCHAs are intended to prevent abuse by spammers and automated registrations by web bots.SweetCAPTCHA was busy Tuesday fielding complaints on Twitter from some who noticed a script that was injecting the pop-up ads. Sucuri, a security company, said the pop-ups promote tech support schemes and bogus dating sites.To read this article in full or to leave a comment, please click here
Mozilla is giving a raise to security researchers who spot Firefox browser vulnerabilities, more than doubling its maximum reward for information on the most high-risk flaws.The change comes as many major companies have launched lucrative bug bounty programs, which benefit software developers by attracting a more diverse set of eyes on their code.“The amount awarded was increased to $3,000 five years ago, and it is definitely time for this to be increased again,” wrote Raymond Forbes, an application security engineer at Mozilla.To read this article in full or to leave a comment, please click here
North Korea has responded to a report that it was the target of an unsuccessful Stuxnet-style cyber attack by threatening a cyber attack of its own against the U.S.In an article published in the country’s largest daily newspaper on Tuesday, North Korea said it would wage a cyber war against the U.S. to hasten its ruin. Such bellicose threats are fairly common in North Korean media and aren’t always followed by action, but when it comes to cyber attacks, the country has been blamed for several large attacks in the past.Most have been against South Korea, but the country was also publicly accused by the U.S. government of being behind last year’s devastating attack against Sony Pictures.To read this article in full or to leave a comment, please click here
Internet Explorer, always heavily scrutinized by both security researchers and online attackers, has once again gotten the majority of patches in this month’s Microsoft’s Patch Tuesday round of monthly bug fixes.For June, Microsoft issued 8 bulletins, which collectively contain 45 patches. The bulletin for IE alone MS15-06 contains 24 patches, including 20 that cover critical flaws, meaning they should be applied as quickly as possible.Other bulletins cover faults in the Windows operating system, the Office suite, Windows Media Player, Active Directory, and the Exchange Server.To read this article in full or to leave a comment, please click here
Adobe Systems fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure.Users should upgrade to Flash Player 18.0.0.160 for Windows and Mac, Adobe Flash Player 11.2.202.466 for Linux, or Flash Player 13.0.0.292 if they are on the extended support release channel.Users of Internet Explorer on Windows 8.x and Google Chrome on Windows, Linux and Mac will receive the Flash Player update for their respective browser automatically.Adobe also released updates for the AIR runtime on Windows, Mac and Android, as well AIR SDK and Compiler, because these programs bundle Flash Player.To read this article in full or to leave a comment, please click here
Two years after the first leaks by Edward Snowden about U.S. surveillance programs, the country’s tech companies are still worried about a backlash from other governments.Several foreign governments continue to push policies requiring that data generated in their countries be stored within their borders, said Yael Weinman, vice president of global privacy policy at the Information Technology Industry Council.“We’ve all heard the metaphor—data is the new oil,” Weinman said at the Techonomy Policy conference in Washington, D.C., Tuesday. “Barriers to cross-border data-flows make doing business today ... much more difficult.”The first surveillance leaks from Snowden, a former contractor with the U.S. National Security Agency, came out two years ago, and the impact of the surveillance programs was part of the backdrop for several debates at the conference.To read this article in full or to leave a comment, please click here
The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America—but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world.Hacked point-of-sale (PoS) terminals were responsible for 65 percent of the data compromises investigated by security firm Trustwave last year in North America, compared to only 10 percent in Europe, Middle East and Africa and 11 percent in the Asia and Pacific region. Worldwide, the company investigated 574 breaches, half of them in the U.S.The difference between PoS breach numbers in North America and other regions is largely due to a payment card standard called EMV (Europay, MasterCard, and Visa), which mandates the use of electronic chips in cards for antifraud protection. These are also called Chip-and-PIN or Chip-and-Signature cards and they have only recently started to be introduced in the U.S. and Canada.To read this article in full or to leave a comment, please click here
The U.S. Department of Justice has filed to the Foreign Intelligence Surveillance Court for permission to continue the bulk collection of call records for another six months, as the new USA Freedom Act allows for this transition period.The filing, made public Monday, was submitted to the court last Tuesday, the same day President Barack Obama approved as law the USA Freedom Act, which puts curbs on the bulk collection of domestic telephone records by the National Security Agency.The new legislation was passed by the Senate following the expiry at midnight of May 31 of the authorization of the bulk collection under section 215 of the Patriot Act. It leaves the phone records database in the hands of the telecommunications operators, while allowing a targeted search of the data by the National Security Agency for investigations.To read this article in full or to leave a comment, please click here
Apple plans to require six-digit passcodes to unlock its latest mobile devices that use iOS 9, its forthcoming mobile operating system.
Users already have the option in iOS 8 of setting a much longer passcode than four digits, which is the current minimum requirement. Symbols and letters can also be used.
Increasing the minimum number of digits to six means that there will be 1 million possible combinations rather than 10,000, which “will be a lot tougher to crack,” Apple wrote on its website.
The move to longer passcodes is not likely to please U.S. authorities, who have expressed fears that stronger security measures, including encryption, may make it more difficult to obtain information for time-sensitive investigations, such as terrorism.To read this article in full or to leave a comment, please click here
A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products.Micros, which was acquired by Oracle last year, develops front and back office customer service systems that are popular in the hospitality, food and retail industries. Its technology is used at over 330,000 customer sites in 180 countries, according to the company.Security researchers from antivirus firm Trend Micro recently came across a highly configurable memory scraping malware program that they dubbed MalumPoS.This kind of program monitors the memory of other processes for payment card track data—the information that’s encoded on the magnetic stripe of payment cards and which can be used to clone them.To read this article in full or to leave a comment, please click here
In an effort to put an end to the bulk data collection of phone records and other large datasets from millions of people, campaign group Privacy International has filed a complaint with a U.K. court.The complaint was filed with the U.K. Investigatory Powers Tribunal, which deals with claims against U.K. intelligence agencies, including the country’s Government Communications Headquarters (GCHQ). It is meant to put an end to bulk data collection that was already banned in the U.S.Last Tuesday, the U.S. Senate passed the USA Freedom Actwhich put a stop to the old U.S. National Security Agency’s (NSA) bulk collection of domestic telephone records, restoring a limited telephone records program.To read this article in full or to leave a comment, please click here
Owners of fixed-code garage door openers might want to consider upgrading them because a researcher has developed a technique that guesses the numbers in seconds.To showcase the new attack, which he dubbed Open Sesame, security researcher Samy Kamkar reprogrammed a children's toy designed for short-distance texting called Radica Girl Tech IM-me because it has all the needed wireless components and because "it's pink," his favorite color.With a fixed-code garage door opener, the remote control, or "clicker" always transmits the same 8 to 12-bit binary code. For a 12-bit code, there are 4,096 possible combinations -- strings of 1s and 0s.To read this article in full or to leave a comment, please click here
Records on 4 million people stolen in huge government data breachIn what may be one of the biggest data breaches ever affecting the U.S. government, hackers broke into the systems of the Office of Personnel Management and the records of approximately four million people have been stolen. Investigators suspect hackers based in China and have linked this latest intrusion to earlier hacks into health insurers Anthem and Wellspring, the New York Times reports. An executive of security firm iSight told the Times that researchers believe the hacking group is creating a huge database of personally identifiable information “that they can reach back to for further activity.”To read this article in full or to leave a comment, please click here