Verizon security report itemizes annual data breaches

Verizon has published its latest Data Breach Investigations Report, which is released annually and looks at the instances of data breaches that happened over the course of a year. According to the report, 2012 saw 621 data breaches – those that were confirmed, that is – in addition to a much higher approximately 47,000 so-called security incidents. The numbers give us a look at what kind of threats are present, and who is most affected.

Screenshot from 2013-04-22 23:52:09

A data breach is self-explanatory, meaning that information of some sort has been compromised, whether it is employee data or a roster of login information. A security incident, however, is something related that doesn’t quite achieve the “breach” threshold, such as a DDOS attack. According to the breakdown, no one was spared from the cyberattcks, with all sorts of businesses and organizations falling victim.

Small, medium, and large businesses, law enforcement agencies, media companies, financial institutions, commercial websites, organizations, and more all suffered from various security breaches and incidents last year. Out of them, it is said that 76-percent were the result of either stolen or weak usernames/passwords, with the the data being harvested using means ranging from skimmers to malware.

According to the New York Times, Wade Baker, a principal author of the Verizon report, said: “The results validate that any business that operates online is at potential risk of suffering a data breach … the report shows that no matter the size of the organization — large, small, government agencies, banks, restaurants, retailers — people are stealing data from a range of different organizations and it’s a problem everyone has to deal with.”

[via New York Times]


Verizon security report itemizes annual data breaches is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Reuters fires journalist accused of conspiring with Anonymous

Matthew Keys, the journalist who was accused of conspiring with Anonymous, has been fired by Reuters today. On his Twitter account, Keys tweeted, “Just got off the phone. Reuters has fired me, effective today. Our union will be filing a grievance. More soon.” David Girardin, a Reuters spokesperson, confirmed the firing. According to Keys, his termination from Reuters had no relation to his alleged involvement with Anonymous, but was due to him violating his “Final Written Warning”.

Reuters fires journalist accused of conspiring with Anonymous 1

The final written warning was issued back on October 25th, 2012. It was issued to Keys because he created a parody Twitter account named @PendingLarry. It was used to mock Larry Page, CEO of Google. The warning goes on to say that creating the fake account that did not identify Keys as the author violated Reuter’s Social Media Policy. It also stated that his actions “displayed a serious lapse of judgment and professionalism that is unbecoming of a Reuters journalist.” The following sentences may be the reason as to why Keys was terminated,

“For these reasons, we are issuing this final written warning. We must see immediate improvement in your communications with managers and more discretion in your social media practices.”

Keys, who was Reuter’s Deputy Social Media Editor, recently came under fire a few days ago after he was criticized for tweeting misinformation from police scanners. His first tweet stated, “Dispatch: First Boston bomb suspect is Mike Mulugeta,” and his second tweet stated, “Dispatcher: Suspect 2 is missing Brown University student Sunil Tripathi.” Keys defended his position in a Facebook post, stating he was unaware that the police asked people not to publish information from police scanners, and that other social journalists were doing the same thing as he was.

Keys told Politico that his termination from Reuters “wasn’t unexpected”, and that his independent coverage of the Boston bombings was one of the reasons why he was fired. Keys also told Politico that Reuters had a “specific set of reasons for the termination” which he and the union agree “is incorrect and doesn’t hold any water.” He states that Reuters may have just been “looking for an out” and jumped at the opportunity to fire him.

[via Politico]


Reuters fires journalist accused of conspiring with Anonymous is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Whoops, CBS Got Twitter-Hacked And Spat Out Virus-y Links (Update: There’s More!)

Twitter hacks are an unfortunate reality of everyday social media life. Today, it was CBS’s 60 Minutes, 48 Hours, and CBS Denver accounts that took the hit and started dishing out some linkbait-y tweets with a virus-laiden garnish. Careful what you click. More »

LulzSec hacker “Recursion” sentenced to a year in prison

It has been a long process, but one of LulzSec‘s hackers who went by the name “Recursion” has been sentenced, receiving one year in prison for his part in a cyberattack on Sony Entertainment. After serving his year, the hacker, who’s real name is Cody Kretsinger, will have to perform 1,000 hours of community service and home detention. Kretsinger plead guilty to a single count of conspiracy and unauthorized impairment of a protected computer, according to Reuters.

Lulzsec

LulzSec is a branch from the more popularly-known Anonymous hacker collective, and has claimed to have initiated quite a few high-profile cyberattacks against private and government websites alike. One such attack was against Sony, who’s website Kretsinger claims to have accessed, gathering information and spreading it to two other LulzSec hackers.

That information was then made public on the group’s Twitter account and on its website, resulting in what prosecutors say was in excess of $600,000 worth of damage to the corporation. Additional members of the hacking group are slated for sentencing, having plead guilty to various related charges earlier this month and back in the summer of 2012.

On April 9, LulzSec members Jake Davis, Mustafa al-Bassam, and Ryan Ackroyd all plead guilty in London to cyberattacks against Sony, in addition to other entities, such as the NHS and News International. Ackroyd, in particular, plead guilty to also plotting cyberattacks against many other websites, among them being 20th Century Fox. Davis and al-Bassam plead guilty to conspiracy to attack law enforcement agencies in both the UK and US. They will be sentenced on May 14.

[via Reuters]


LulzSec hacker “Recursion” sentenced to a year in prison is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Microsoft Will Finally Offer Two-Step Verification For Your Entire Account

Over the next few days Microsoft will begin rolling out an overhaul to accounts, which will include a crucial security upgrade: Two-step verification. This will go a long way to preventing hackers from getting into your account and causing all sorts of damage. So if you have a Microsoft Account, you should definitely set the feature up at https://account.live.com/proofs/Manage. More »

Anonymous Hacks Into North Korean Websites Again

Anonymous Hacks Into North Korean Websites Again

Earlier this month, Anonymous revealed they had hacked a number of North Korea’s social networks as part of their “Operation Free Korea” campaign. It looks as though the organization isn’t stopping there as they have yet again launched an attack on a number of North Korean websites, resulting in complete control over the websites.

Anonymous is claiming responsibility for hacking its way into North Korean’s news and information site Uriminzokkiri.com, which has since been taken down and is completely offline as of this writing. Anonymous reveals they were the ones behind this attack as they tweeted on Uriminzokkiri’s Twitter account “more of North Korean websites are in our hand. They will be brought down.” (more…)

By Ubergizmo. Related articles: South Korea Blames North For TV Stations, Banks Cyberattacks, Google develops job search engine for the US military,

    

Hacker demonstrates remote airplane hijacking using Android phone

The Hack in the Box security conference is taking place in Amsterdam this week, and one of the talks was fairly interesting. Hugo Teso, who is a security professional as well as a licensed pilot demonstrated how one could remotely hijack an airplane using nothing but an Android device as the tool.

airbus-a350-580x366

It turns out that two important aviation systems — the Automated Dependent Surveillance-Broadcast (ADS-B) and the Aircraft Communications Addressing and Reporting System (ACARS) — are completely unencrypted and unauthenticated, allowing anyone with the right tools and a little know-how to access the system remotely without too much trouble.

Teso simply hit up eBay for “actual flight code software” that’s normally used for training pilots, as well as nabbing a radio transmitter. During the demonstration, Teso audited real aircraft code by searching for vulnerabilities on a fleet of virtual aircrafts (using real airplanes in this case would obviously be unethical and quite illegal. Along with an Android app called PlaneSploit (which won’t be hitting the Google Play store), Teso was able to control the steering of a Boeing jet, as long as the plane was in autopilot mode.

Teso has been working in the IT industry for 11 years now, and before that he was a trained and licensed commercial pilot for 12 years. His 23 years of combined experienced with the two professions has led him to teach the public about the state of the security of aviation computer systems and communication protocols, which are actually not that secure, as Teso demonstrated.

[via Help Net Security]


Hacker demonstrates remote airplane hijacking using Android phone is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

South Korea Blames North For TV Stations, Banks Cyberattacks

South Korea Blames North For TV Stations, Banks Cyberattacks

A few weeks ago, we reported on three South Korean television broadcasters and two banks becoming victims of a widespread malware attack, which resulted in serious network outages. The attack was perpetrated by “Whois Team,” which according to South Korea’s internet security agency was carried out by North Korea.

The attack was carried out by six computers located in North Korea accessing computer servers in South Korea, which used over a thousand different oversea IP addresses. The results of the attack wiped out the hard drives of over 30,000 PCs in the affected TV stations and banks and was being planned for up to eight months prior to when the attacks were carried out. (more…)

By Ubergizmo. Related articles: Adobe Launching Primetime To Tackle TV Everywhere, ‘North Korea Has Launched A Missile’ Accidentally Tweeted By Japanese City,

    

Ubisoft uPlay Hacked To Offer Unlimited Access To PC Games

Ubisoft uPlay Hacked To Offer Unlimited Access To PC Games

Ah – another day, another video game digital platform hacked. This time, the platform that has been hacked is Ubisoft’s uPlay which has allowed hackers to access to the company’s complete line-up of PC games as well as titles that have yet to be released.

A Russian gaming forum shared the details of the newly discovered exploit which uses a tool that tricks Ubisoft’s uPlay platform into recognizing the user as a member who is authorized to play games they don’t own. This has resulted hackers to download copies of the yet-to-be-released Far Cry 3: Blood Dragon for free and without DRM. Because of this exploit, pirated copies of the game have been making their way to numerous Bittorrent tracking websites as well as video walkthroughs have been popping up on YouTube and other streaming-video sites. (more…)

By Ubergizmo. Related articles: Pay Women To Play Video Games With You In China, Blizzard Details Diablo 3 1.0.8 Co-Op Multiplayer Improvements,

Botnet Warlord: Meet the Man Who Will Kill Your Computer

You can blow away any website in the world if you try hard. Throw enough traffic at a server on the internet—friendly or otherwise—and it’ll buckle. For most these attacks are a headache, but here’s one man who makes a sport (and money) out of swarming his enemies online. More »