Tag: elegant-bride

Hack on JPMorgan website exposes data for 465,000 card holders

JPMorgan Chase has warned 465,000 holders of prepaid cash cards that their personal information may have been obtained by hackers who breached the bank’s network security in July, according to a report published Thursday. JPMorgan issued the cards on behalf of corporations and government agencies, which in turn used them to pay employees and issue tax refunds, unemployment compensation, and other benefits, Reuters reported . In September, bank officials discovered an attack on Web servers used by its www.ucard.chase.com site and reported it to law enforcement authorities. In the months since, bank officials have investigated exactly which accounts were involved and what pieces of information were exposed. Wednesday’s warning came after investigators were unable to rule out the possibility that some card holders’ personal data may have been accessed. The bank usually keeps customers’ personal information encrypted, but during the course of the breach, data belonging to notified customers temporarily appeared in plaintext in log files, Reuters said. The notified card holders account for about two percent of the roughly 25 million UCard users. Read 1 remaining paragraphs | Comments        

See the original post:
Hack on JPMorgan website exposes data for 465,000 card holders

Found: hacker server storing two million pilfered paswords

Spider Labs Researchers have unearthed a server storing more than two million pilfered login credentials for a variety of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites. More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave’s Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells. More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries. Read 5 remaining paragraphs | Comments        

Link:
Found: hacker server storing two million pilfered paswords

Anti-GMO crop paper to be forcibly retracted

Chiot’s Run Last year, a French researcher made waves by announcing a study that suggested genetically modified corn could lead to an increased incidence of tumors in lab animals. But the way the finding was announced seemed designed to generate publicity while avoiding any scientific evaluation of the results. Since then, the scientific criticisms have rolled in, and they have been scathing. Now, the editor of the journal that published it has decided to pull the paper despite the objections of its primary author. The initial publication focused on corn that had been genetically engineered to carry a gene that allowed it to break down a herbicide. French researchers led by Gilles-Eric Séralini fed the corn, with and without herbicide, to rats. Control populations were given the herbicide alone or unmodified corn. The authors concluded that the genetically-modified corn led to an elevated incidence of tumors and early death. But even a cursory glance at the results suggested there were some severe problems with this conclusion. To begin with, there were similar effects caused by both the genetically engineered crop and by the herbicide it was designed to degrade. None of the treatments showed a dose effect; in some cases, the lowest doses had the most dramatic effect. And, if the treatment populations were combined, in some cases they were healthier than the controls. Tests of whether the results were statistically significant were completely lacking. Read 8 remaining paragraphs | Comments        

More:
Anti-GMO crop paper to be forcibly retracted

TV news team falls for Facebook doppelgänger scam

The doppelgänger Facebook profile scraped from WBAL producer Chris Dachille convinced many of his friends that it was actually him—and then spammed them with requests for money and malicious links. WBAL Reporters and producers at a television station in Baltimore recently found out the hard way that they shouldn’t blindly accept Facebook friend requests. Last month, they found that their profiles had been cloned by an attacker who quickly used their network of friends to spread malicious links and ask for money. Attacks on media organizations’ social media accounts have been at an all-time high this past year, including “hacktivist” and state-sponsored attacks on media outlets from the Syrian Electronic Army. But the attack on the staff of WBAL-TV was directed toward staff members’ personal accounts. And this initiative was a more workaday one, less targeted at the station itself than the friends, co-workers, and viewers who were connected to the cloned accounts. Because some of WBAL’s staff members mixed their personal and professional social networking together, the attack gave the scammer access to a huge audience’s Facebook news feeds. After the attack was discovered, it took weeks for Facebook to shut down the fake accounts. Read 12 remaining paragraphs | Comments        

Read More:
TV news team falls for Facebook doppelgänger scam

New Linux worm targets routers, cameras, “Internet of things” devices

Wesley Fryer Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz , as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday . But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” Read 4 remaining paragraphs | Comments        

More:
New Linux worm targets routers, cameras, “Internet of things” devices

Always-on voice search from your desktop: “Ok Google” comes to Google.com

Google Smartphones have changed the computing landscape quite a bit, and it often seems like desktop computers and laptops get left behind. “Always-on” voice search is going to completely change the way we interact with computers, but, until now, it has been strictly-mobile only. Today, Google released a Chrome extension that enables always-on voice search from a desktop. With the extension installed, voice search works just like it does on the Nexus 5. When Google.com is open, just say “Ok Google” and then your search term. This happens when you say “Ok Google” from the search results. Google The hotword even works when you’re already on a search page. You can just say “Ok Google” again and search for something else. It all feels like a step closer to the Star Trek future Google keeps promising us . Read 1 remaining paragraphs | Comments        

Original post:
Always-on voice search from your desktop: “Ok Google” comes to Google.com

Alleged Windows support scammer forfeits money earned by “fixing” PCs

Well, maybe this guy wasn’t quite as smart as Heisenberg. AMC A man accused of tricking PC users into thinking they had viruses and then offering to “fix” their perfectly fine computers has agreed to pay back every penny he allegedly received in the scam. Navin Pasari is a defendant in one of six complaints that the Federal Trade Commission filed in September 2012 against people and entities accused of leading Windows tech support scams.”According to the complaint against Pasari and his co-defendants, the defendants placed ads with Google, which appeared when consumers searched for their computer company’s tech support telephone number,” the FTC noted in an announcement today . “After getting consumers on the phone, the defendants’ telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. The scammers then offered to rid the computer of the non-existent malware for fees ranging from $139 to $360.” Pasari did not admit wrongdoing but agreed to a proposed  final judgment and order  in which he will forfeit $14,369, “which is the amount of money Mr. Pasari received from the other Defendants,” the document states. The money is being held in escrow and will be transferred to the FTC, assuming the order is approved by a US District Court judge. Read 11 remaining paragraphs | Comments        

Visit link:
Alleged Windows support scammer forfeits money earned by “fixing” PCs

GitHub resets user passwords following rash of account hijack attacks

GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses. The site for software development projects has already reset passwords for compromised accounts and banned frequently used weak passcodes, officials said in an advisory published Tuesday night . Out of an abundance of caution, site officials have also reset some accounts that were protected with stronger passwords. Accounts that were reset despite having stronger passwords showed login attempts from the same IP addresses involved in successful breaches of other GitHub accounts. “While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses,” Tuesday night’s advisory stated. “These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this. In addition, you will no longer be able to login to GitHub.com with commonly used weak passwords.” Read 3 remaining paragraphs | Comments        

See the article here:
GitHub resets user passwords following rash of account hijack attacks

Qualcomm’s Toq wants to be your platform-agnostic color smartwatch

Qualcomm Qualcomm became a surprise entrant in the wearable computing race when it announced its Toq smartwatch. Designed as a showcase for some of Qualcomm’s latest technology, the $349.99 Toq will go on sale on December 2nd through its own portal. From a function perspective, Toq follows somewhat worn paths with notifications sent from your phone, music playback controls, and additional data pushed from an on-phone app. Where Toq differs is less in interactions than hardware features. The display Qualcomm chose is its own Mirasol MEMS-based display. In effect, Mirasol is like a mash-up of E Ink and LCD displays, providing a low-power, static color image where appropriate, with video and animation capabilities that exceed those of traditional E Ink displays. Charging your Toq occurs through Qualcomm’s own WiPower LE wireless charging protocol, and the included charger serves as a case as well. Most smartwatches connect primarily through Bluetooth LE; Qualcomm’s Toq also includes access to its open source AllJoyn protocol, which offers a platform-agnostic approach to device-to-device communications. AllJoyn-enabled devices and software can interact with your Toq over WiFi-Direct or Bluetooth. Read 1 remaining paragraphs | Comments        

View original post here:
Qualcomm’s Toq wants to be your platform-agnostic color smartwatch

Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

János Pálinkás Forums software maker vBulletin has been breached by hackers who got access to customer password data and other personal information, in a compromise that has heightened speculation there may be a critical vulnerability in the widely used program that threatens websites that use it. “Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password,” vBulletin Technical Support Lead Wayne Luke wrote in a post published Friday evening . “Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password.” The warning came three days after user forums for MacRumors—itself a user of vBulletin—suffered a security breach that exposed cryptographically hashed passwords for more than 860,000 users . When describing the attack, MacRumors Editorial Director Arnold Kim said the compromise in many ways resembled the July hack of the Ubuntu user forums , which also ran on vBulletin. Read 9 remaining paragraphs | Comments        

Read the original:
Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks