Aaron's computer rental chain settles FTC spying charges

Today, security is a main concern to all of us due to a high development of technology.

It was reported that Atlanta-based Aaron's rent-to-own computer chain has been surreptitiously snapping Webcam photos of its customers’ and recording them via spyware. Thus, Aaron's facilitated a violation of many consumers' privacy.

The company has been accused of knowingly installing software onto its computers that secretly monitored its customers. Recently, the Federal Trade Commission caught onto the Aaron's alleged tactics and filed a complaint against the company, and the chain agreed to settle with the FTC.

According to the FTC's complaint, Aaron's software tracked customers' locations, took photos with the computers' Webcams "including those of adults engaged in intimate activities," and activated key loggers that were able to capture login credentials for everything from e-mail to FaceBook to banking sites.

Under the terms of the settlement, Aaron's is prohibited from using monitoring technology that captures keystrokes, takes photos, or records sound. The company must also get customer consent before it uses location-tracking software on its rental computers.

Source: http://news.cnet.com/8301-1009_3-57608838-83/aarons-computer-rental-chain-settles-ftc-spying-charges/

Hackers Target Java 6 with Security Exploits

F-Secure anti-malware analyst Timo Hirvonen warned Java 6 users and recommended to upgrade to Java 7 as soon as possible to avoid being compromised by active attacks.

F-Secure anti-malware analyst Timo Hirvonen reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code.

The Neutrino crimeware kit was first spotted in March 2013, when it was identified as the source of a series of attacks that were exploiting Java vulnerabilities to install ransomware on victims' PCs, freezing them until users paid a fine that was supposedly being levied by the FBI and other law enforcement agencies

According to statistics released in March 2013, at least 47% of all Java users in the United States were still running Java version 6.

Vulnerability information provider Secunia reported that; the bug could be exploited by malicious local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a denial of service, bypass certain security restrictions, and compromise a vulnerable system.

While Java 6 is under the gun, the latest version of Java 7 also sports at least one serious unpatched vulnerability.  However, no technical details about that vulnerability have been publicly released.

Oracle plans to patch the bug. The fix will come in the form of "a back-ported (from JDK 8) implementation of the affected component in JDK 7 update 40. Also Oracle announced  to delay the release of Java 8 (aka JDK or JRE 8) while it redeployed developers to strengthen Java 7 security.

Source: http://www.informationweek.com/security/vulnerabilities/hackers-target-java-6-with-security-expl/240160443

WhatsApp Web site hijacked, shows pro-Palestinian message

Hey WhatsApp users, did you get to see this page on Tuesday, October 8^th?

Apparently, the Web site of WhatsApp was hijacked on Tuesday. The site showed a pro-Palestinian message at 2:40 a.m. A group called KDMS Team claimed credit for the attack. However, the company reported in their statement that no user data was lost or compromised. The company reported to be committed to users’ security and is working with their domain hosting vendor Network Solutions on further investigation of the incident.

 Be careful with the messages you exchange on the site. If you ever send sensitive information such as bank information, personal details, your information could be in danger of being hacked and used by the wrong hands.

For more information go to http://news.cnet.com/8301-1009_3-57606455-83/whatsapp-web-site-hijacked-shows-pro-palestinian-message/

FBI Warns Public That Cyber Criminals Continue to Use Spear-Phishing Attacks to Compromise Computer Networks

Hey guys, did you know that the FBI discovered an increase of criminals who use spear-phishing attacks to target multiple industry sectors?

It was found that attacks make use of access to create fake identities, steal intellectual property, and compromise financial credentials to steal money from victims’ accounts.

In spear-phishing attacks, cyber criminals target victims because of their involvement in an industry or organization they wish to compromise. Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed.

Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions or steal intellectual property and trade secrets.

To avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt, either call the company directly or open your computer’s Internet browser and type the known website’s address. Do not use the telephone number contained in the e-mail, which is likely to be fraudulent as well.

In general, avoid following links sent in e-mails, especially when the sender is someone you do not know or sometime it could be someone you know or appears to be from a business advising that your account information needs updated.

Keep your computer’s anti-virus software and firewalls updated. Many of the latest browsers have a built-in phishing filter that should be enabled for additional protection.

If you believe you may have fallen victim to a spear-phishing attack, file a complaint with the FBI’s Internet Crime Complaint Center,  http://www.ic3.gov/.

 

Source: http://www.fbi.gov/sandiego/press-releases/2013/fbi-warns-public-that-cyber-criminals-continue-to-use-spear-phishing-attacks-to-compromise-computer-networks