Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing a blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers.
‘Poodle’ Bug Returns, Bites Big Bank Sites
Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible.
Toward a Breach Canary for Data Brokers
When a retailer’s credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we’ll examine one idea to hold consumer data brokers more accountable.
Sony Breach May Have Exposed Employee Healthcare, Salary Data
The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. Screen shot from an internal audit report allegedly stolen from Sony and circulating on file-trading networks. Several files being traded on torrent networks seen by this author include an global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals
Black Friday, Cyber Monday for Crooks, Too!
Underground cybercrime shops that sell credit and debit card accounts stolen from retailers are slashing prices and promoting their own Black Friday and Cyber Monday sales as fraudsters gear up for the busy holiday shopping season. Card data stolen from main street retailers, a.k.a.
Convicted ID Thief, Tax Fraudster Now Fugitive
In April 2014, this blog featured a story about Lance Ealy , an Ohio man arrested last year for buying Social Security numbers and banking information from an underground identity theft service that relied in part on data obtained through a company owned by big-three credit bureau Experian . Earlier this week, Ealy was convicted of using the data to fraudulently claim tax refunds with the IRS in the names of more than 175 U.S
‘Microsoft Partner’ Claims Fuel Support Scams
You can’t make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it…..tech support scammers based in India.
Network Hijackers Exploit Technical Loophole
Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world’s Internet address ranges. Last week, KrebsOnSecurity featured an in-depth piece about a well-known junk email artist who acknowledged sending from two Bulgarian hosting providers . These two providers had commandeered tens of thousands of Internet addresses from ISPs around the globe, including Brazil, China, India, Japan, Mexico, South Africa, Taiwan and Vietnam
How to Tell Data Leaks from Publicity Stunts
In an era when new consumer data breaches are disclosed daily, fake claims about data leaks are sadly becoming more common. These claims typically come from fame-seeking youngsters who enjoy trolling journalists and corporations, and otherwise wasting everyone’s time.
Seleznev Arrest Explains ‘2Pac’ Downtime
The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev , a Russian national who made headlines in July when it emerged that he’d been whisked away to Guam by U.S