Tag: krebsonsecurity

Sony Breach May Have Exposed Employee Healthcare, Salary Data

The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. Screen shot from an internal audit report allegedly stolen from Sony and circulating on file-trading networks. Several files being traded on torrent networks seen by this author include an global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals

KrebsOnSecurity on CBS’s ’60 Minutes’

In case any of you loyal readers missed it, KrebsOnSecurity.com and its author were featured in a 60 Minutes interview last night on the credit and debit card breaches that have hit countless retailers and consumers over the past year. I spent more than a dozen hours with 60 Minutes producers, film crews and the host of this segment — CBS’s Bill Whitaker , so I’m glad they were able to use as much footage as they did. Leading up to the filming, the producer of the show asked some very incisive questions — some of which I didn’t know the answers to myself — and I was hoping the segment would address some of the less discussed issues that contribute to this epidemic of card breaches.

Skimmer Innovation: ‘Wiretapping’ ATMs

Banks in Europe are warning about the emergence of a rare, virtually invisible form of ATM skimmer involving a so-called “wiretapping” device that is inserted through a tiny hole cut in the cash machine’s front. The hole is covered up by a fake decal, and the thieves then use custom-made equipment to attach the device to ATM’s internal card reader

Adobe Pushes Critical Flash Patch

For the second time this month, Adobe has issued a security update for its Flash Player software. New versions are available for Windows , Mac and Linux versions of Flash. The patch provides additional protection on a vulnerability that Adobe fixed earlier this year for which attackers appear to have devised unique and active exploits

Convicted ID Thief, Tax Fraudster Now Fugitive

In April 2014, this blog featured a story about Lance Ealy , an Ohio man arrested last year for buying Social Security numbers and banking information from an underground identity theft service that relied in part on data obtained through a company owned by big-three credit bureau Experian . Earlier this week, Ealy was convicted of using the data to fraudulently claim tax refunds with the IRS in the names of more than 175 U.S

Microsoft Releases Emergency Security Update

Microsoft today deviated from its regular pattern of releasing security updates on the second Tuesday of each month, pushing out an emergency patch to plug a security hole in all supported versions of Windows . The company urged Windows users to install the update as quickly as possible, noting that miscreants already are exploiting the weaknesses to launch targeted attacks

Link Found in Staples, Michaels Breaches

The breach at office supply chain Staple s impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation. Multiple banks interviewed by this author say they’ve received alerts from Visa and MasterCard about cards impacted in the breach at Staples, and that to date those alerts suggest that a subset of Staples stores were compromised between July and September 2014. Sources briefed on the ongoing investigation say it involved card-stealing malicious software that the intruders installed on cash registers at approximately 100 Staples locations.

Amazon: Spam Nation one of “Best of Month”

A quick update on my new book,  Spam Nation, The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door debuting on bookstore shelves  Tuesday, Nov. 18 :   Amazon has selected Spam Nation as one of their “ Best Books of the Month ” picks for November, listed alongside such notable authors as  Stephen King  and  Nora Roberts .