Your Health Information At Risk–Weak Vendor Security

As the Target Christmas case unfolded, the initial breach was eventually traced back to a refrigeration and AC vendor for a few of Target’s Ohio and Pennsylvania stores.  A clever spearphishing email caused some one at the contractor to reveal user credentials that allowed the attackers into one part of the network, and then they were able to traverse onto other more important parts of the network.

Well as bad at that was, the situation for your medical records is probably ...

Continue Reading →
0

Russian POS Hacker Arrested in the Maldives is Son of Russian Parliament Member

The US swooped down and scooped up Roman Valerevich Seleznev, 30, of Vladivostok, who is also know as Track2 and Bulba on Dark Net credit card exchange boards.  Seleznev was evidently vacationing in the Maldives, a popular set of resort islands in the Indian Ocean.  He is responsible for collecting credit card information directly from compromised point of sale (POS) systems, and reselling them on card trader boards on the Internet.  He was indicted in 2011 on:

five counts of bank ...

Continue Reading →
0

Sunday Funnies at Ax-Man Surplus Stores

If you have never been to Ax-Man, well you have missed out on a wonderful and hilarious experience.  With 4 locations in St Paul, Fridley, St Louis Park, and Crystal, there ought to be a location near to you, if you live in the Twin Cities anyway.  We were in the Crystal store on a Sunday recently, to browse the racks of surplus electronics, corks, jars, boxes, parts, packs and bags, wire, rope, ties, and other surplus detritus ...

Continue Reading →
0

How Do I Spy On Thee? Let Me Count The Ways

In case you are wondering what your tax dollars have been doing over at the NSA, there was an interesting release from the Snowden files that appeared in Bruce Schneier’s Crypto-Gram newsletter on July 15th.  If you are interested in more information, you can find it on First Look.  Just because you have “nothing to hide” doesn’t mean that they can’t find something to hang you with.  And here is how they can do it.  Just saying…

Here is ...

Continue Reading →
0

SEA Hacks Reuters Using Advertising

The Syrian Electronic Army (SEA) the middle east’s answer to the NSA, recently defaced the website of news agency Reuters.  They accomplish this by hacking the advertising servers of third-party advertising provider Taboola.  The SEA evidently gained access to Taboola through the use of phishing emails which asked the recipients for their logon credentials.  This is a very simple to use attack and almost anyone could use, and re-emphasizes the need for employee security awareness training.  This could have been ...

Continue Reading →
0

“GameOver”Not Over Yet, CryptoLocker Scammers Are Back

In June major parts of the GameOver botnet including the command and control servers, were taken down by police.  There was a brief respite in the distribution of the CryptoLocker ransomware exploit, but it looks like the cybercriminals are back in action.

As reported by Sophos, the GameOver crew is back in action as of last week, sending out a spam barrage to trick the unwary into downloading the CryptoLocker ransomware.  It appears that the email is designed to ...

Continue Reading →
0

Al-Qaeda Rolls Their Own Encryption

As reported by Bruce Schneier back in May, one of the outcomes of the Snowden revelations is that some people are abandoning open source encryption tools for things they are brewing up on their own.  And while home-brewing may be great for beer, proper cryptography is many orders of magnitude more difficult to make than beer.  Al-Qaeda is one of the organizations reputedly creating three new “NSA-proof” encryption schemes.

Since 2007, Al-Qaeda’s use of encryption technology has been based on ...

Continue Reading →
0

Keyloggers Found on Many Hotel Business Center Computers

Bad news business and vacation travelers, those free computers that are in many hotel business centers have been infected with keylogger malware.  This means that whatever you are typing while sitting at one of these publicly accessible computers is being sent to a cyber-criminal somewhere.  Hopefully you are savvy enough to NOT be doing online banking or checking your brokerage accounts on these systems, but even just checking your email can open you up to having that account hijacked and ...

Continue Reading →
0

It’s Not Just Retail–Oil and Electric Utilities Hacked by Dragonfly

As reported by Symantec on June 30, and covered by the New York Times and SiliconBeat, there is a active exploit running against U.S. and European energy firms using the Dragonfly or Energetic Bear exploit kit.  Similar to Stuxnet, this exploit seeks to gain access and control of the industrial control systems that manage the flow of electricity. oil, and gas.  The article on Symantec is very through and gives a pretty technical readout, as well ...

Continue Reading →
0
Page 236 of 278 «...210220230234235236237238...»