Browsing Category: Data Breaches

[img_assist|nid=1669|title=|desc=|link=none|align=right|width=115|height=115]The security glitch, which is linked to a “cash back” system
operated by Bing, potentially leaves users and retailers exposed to
fake transactions. But despite an outcry online over the existence of
the loophole, the world’s largest company has responded to the issue by
threatening legal action against the man who discovered the problem. First launched last year, before Microsoft rebranded
its search website, the affiliate scheme offers users the chance to
earn money back for every product they buy through the service. Read the full article. [guardian.co.uk]

Read more...

[img_assist|nid=1663|title=|desc=|link=none|align=right|width=115|height=115]A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS. Just like previous releases of the application, the Android version
keeps a detailed log of GPS locations, calls, visited URLs, and
incoming/outgoing SMS messages, available at the disposal of the
attacker who installed it manually by obtaining physical access to the
targeted device. Read the full article. [ZDNet]

Read more...

Categories: Data Breaches

[img_assist|nid=1652|title=|desc=|link=none|align=right|width=115|height=115]The four men whom a federal grand jury indicted this week for their alleged roles in a scam that stole millions of dollars from RBS WorldPay were no fools. The small crew of hackers had a distinct division of labor, operated with skill and efficiency and left one of the world’s larger banks holding the bag.

Read more...

Categories: Data Breaches

[img_assist|nid=1626|title=|desc=|link=none|align=left|width=115|height=115]U.S. and international prosecutors have taken down a criminal ring that they allege was responsible for an ATM scam last year that stole about $9 million from RBS WorldPay. The criminals were able to evade the company’s encryption system used on payroll debit cards and withdraw money from ATMs in 280 cities around the world.

Read more...

[img_assist|nid=494|title=|desc=|link=none|align=right|width=115|height=115]Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it. The COFEE application lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people’s computers.

Read more...

Categories: Compliance, Data Breaches

Federal authorities on Wednesd[img_assist|nid=1564|title=|desc=|link=none|align=right|width=115|height=117]ay filed intrusion charges against two
men accused of accessing the computer systems of their former employer. Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39,
of Williamstown, Kentucky, both worked as managers for Indiana-based
Stens Corporation until taking jobs with a competing company in Ohio,
according to an indictment filed in federal court.

Read more...

Individual [img_assist|nid=1443|title=|desc=|link=none|align=right|width=115|height=115]data compromised in a data breach is four times more likely to be used for identity theft finds Javelin Research in a multi-year study. Another key finding cited: Most consumers do not see the link between breaches and identity theft. “[D]espite 19.5 percent of breach victims
suffering some kind of fraud in the past year, only 2 percent attribute
their fraud to the breach.” Read the full article. [Dark Reading]

Read more...

A flaw i[img_assist|nid=1533|title=|desc=|link=none|align=left|width=115|height=138]n the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. The flaw, which requires a hack in to a network to launch, has devastating consequences and implications on database and mail servers. Discovered in August by PhoneFactor, the researchers have been working with ICASI to make an industry-wide fix, which is called “Project Mogul.” Researchers Chris Paget and HD Moore are helping to expose the flaw. Read the full article. [Computerworld]

Read more...

The FBI reports it has seen a rise of malware over the past few months targeting small and medium businesses and municipal government entities and school districts. Once a malicious attachment or link is opened, keylogging tactics obtain bank acco[img_assist|nid=1530|title=|desc=|link=none|align=right|width=115|height=115]unt info where criminals then initiate wire transfers or Automated Clearinghouse Transfers (ACH). The report also cites that in some cases individuals have been recruited to unknowingly help criminals with “work at home” jobs that tell them they will be working on sending these fraudulent funds transfers by Western Union or Moneygram. FBI has links to US CERT for help. Read the statement. [FBI]

Read more...