Warning: file_get_contents() [function.file-get-contents]: SSL: The specified procedure could not be found. in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents(http://slashdot.org/stories/security) [function.file-get-contents]: failed to open stream: HTTP request failed! in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42
All Headlines
Krebs on Security
Infosec Island
 

LifeLock Bug Exposed Millions of Customer Email Addresses

Jul 25, 2018 | Krebs on Security

Identity theft protection firm LifeLock -- a company that's built a name for itself based on the promise of helping consumers protect their identities online -- may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together lacked a basic understanding of Web site authentication and security. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together it lacked a basic understanding of authentication and security.

  (Read Story...)

Plug Your Cloud Cybersecurity Holes

Jul 26, 2018 | Infosec Island

Threat detection and analytics are only as effective as the granularity the network infrastructure provides for packet access.

  (Read Story...)

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Jul 27, 2018 | Krebs on Security

Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a "confusingly worded typed letter with occasional Chinese characters."

  (Read Story...)

Amnesty International Targeted with NSO Group Spyware

Aug 01, 2018 | Infosec Island

An Amnesty International staff member was recently targeted with spyware linked to the infrastructure previously associated with Israel surveillance vendor NSO Group.

  (Read Story...)

Changing Security Behaviors Via a Top Down Approach

Aug 02, 2018 | Infosec Island

When it comes to changing behaviors and building better security hygiene, the role of the leader is not only critical, but it is the impetus to change.

  (Read Story...)

Cryptojacking – More than a Nuisance, It Poses a Serious Threat to Data Centers

Aug 02, 2018 | Infosec Island

Pre-execution security technologies coupled with core antimalware technologies can effectively detect and not just block the cryptojacking payload, but also prevent the attack from occurring.

  (Read Story...)

Reddit Breach Highlights Limits of SMS-Based Authentication

Aug 02, 2018 | Krebs on Security

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

  (Read Story...)

The Year Targeted Phishing Went Mainstream

Aug 02, 2018 | Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

  (Read Story...)

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Aug 03, 2018 | Krebs on Security

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards.

  (Read Story...)

Most SMBs Not Equipped to Handle Security Concerns: Study

Aug 06, 2018 | Infosec Island

Most small and medium businesses (SMBs) are not equipped to handle IT security concerns and distribute security responsibilities across other roles, a recent Untangle survey reveals.

  (Read Story...)

Florida Man Arrested in SIM Swap Conspiracy

Aug 07, 2018 | Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone "SIM swaps."

  (Read Story...)

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Aug 13, 2018 | Krebs on Security

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.

  (Read Story...)

Patch Tuesday, August 2018 Edition

Aug 15, 2018 | Krebs on Security

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two "zero-day" flaws that attackers were already exploiting before Microsoft issued patches to fix them.

  (Read Story...)

Hanging Up on Mobile in the Name of Security

Aug 16, 2018 | Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one's online accounts may be to disconnect them from the mobile providers entirely.

  (Read Story...)

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Aug 17, 2018 | Krebs on Security

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent "ATM cashout" scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

  (Read Story...)

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Aug 17, 2018 | Krebs on Security

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent "ATM cashout" scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

  (Read Story...)

Hanging Up on Mobile in the Name of Security

Aug 16, 2018 | Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one's online accounts may be to disconnect them from the mobile providers entirely.

  (Read Story...)

Patch Tuesday, August 2018 Edition

Aug 15, 2018 | Krebs on Security

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two "zero-day" flaws that attackers were already exploiting before Microsoft issued patches to fix them.

  (Read Story...)

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Aug 13, 2018 | Krebs on Security

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.

  (Read Story...)

Florida Man Arrested in SIM Swap Conspiracy

Aug 07, 2018 | Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone "SIM swaps."

  (Read Story...)

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Aug 03, 2018 | Krebs on Security

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards.

  (Read Story...)

The Year Targeted Phishing Went Mainstream

Aug 02, 2018 | Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

  (Read Story...)

Reddit Breach Highlights Limits of SMS-Based Authentication

Aug 02, 2018 | Krebs on Security

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

  (Read Story...)

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Jul 27, 2018 | Krebs on Security

Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a "confusingly worded typed letter with occasional Chinese characters."

  (Read Story...)

LifeLock Bug Exposed Millions of Customer Email Addresses

Jul 25, 2018 | Krebs on Security

Identity theft protection firm LifeLock -- a company that's built a name for itself based on the promise of helping consumers protect their identities online -- may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together lacked a basic understanding of Web site authentication and security. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock's brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company's site suggests that whoever put it together it lacked a basic understanding of authentication and security.

  (Read Story...)

Most SMBs Not Equipped to Handle Security Concerns: Study

Aug 06, 2018 | Infosec Island

Most small and medium businesses (SMBs) are not equipped to handle IT security concerns and distribute security responsibilities across other roles, a recent Untangle survey reveals.

  (Read Story...)

Cryptojacking – More than a Nuisance, It Poses a Serious Threat to Data Centers

Aug 02, 2018 | Infosec Island

Pre-execution security technologies coupled with core antimalware technologies can effectively detect and not just block the cryptojacking payload, but also prevent the attack from occurring.

  (Read Story...)

Changing Security Behaviors Via a Top Down Approach

Aug 02, 2018 | Infosec Island

When it comes to changing behaviors and building better security hygiene, the role of the leader is not only critical, but it is the impetus to change.

  (Read Story...)

Amnesty International Targeted with NSO Group Spyware

Aug 01, 2018 | Infosec Island

An Amnesty International staff member was recently targeted with spyware linked to the infrastructure previously associated with Israel surveillance vendor NSO Group.

  (Read Story...)

Plug Your Cloud Cybersecurity Holes

Jul 26, 2018 | Infosec Island

Threat detection and analytics are only as effective as the granularity the network infrastructure provides for packet access.

  (Read Story...)

Criminal Cyberattacks Are Up. Can Automated Security Help Bring Them Down?

Jul 26, 2018 | Infosec Island

Companies that still rely on manual processes – security tools that require frequent tuning or manual CVE patching, for example – fare worse if they are breached.

  (Read Story...)

U.S. Now Leads by Number of DDoS Botnet C&C Servers

Jul 25, 2018 | Infosec Island

The United States was the top region by number of distributed denial of service (DDoS) botnet command and control (C&C) servers in Q2 2018, Kaspersky Lab reports.

  (Read Story...)

Singapore Health Database Hit by 'Major' Cyberattack

Jul 20, 2018 | Infosec Island

Singapore’s Ministry of Health (MOH) said that a Singapore Health Services (SingHealth) database containing patient data, including personal information on Prime Minister Lee Hsien Loong, was hit by a “major” cyberattack.

  (Read Story...)

Q3 Oracle CPU Preview: Fewer Java SE Patches May Not Mean Fewer Flaws

Jul 16, 2018 | Infosec Island

The July 2018 quarterly Oracle Critical Patch Update (CPU) is expected to set a new two-year high for total Oracle product patches.

  (Read Story...)

Memory Protection beyond the Endpoint

Jul 16, 2018 | Infosec Island

Re-engineering security solutions to fit the new infrastructure, performance, and scalability needs of organizations is crucial as advanced threats often exploit security blind spots.

  (Read Story...)

←  1 / 151010  →