I n case anybody still believed we were doing ok on cybersecurity, Staples just announced that malware deployed at 115 of its stores nationwide gave hackers access to some 1.16 million customers’ payment cards. Check here to see if your store was hit. Read more…
More here:
1.16 Million Payment Cards Breached in Staples Hack
Last year, we discovered that Iranian hackers had breached Navy computer systems , which sent an understandable wave of panic through the administration. But it looks like that might’ve just been the tip of a much bigger, more sophisticated and more deadly iceberg. Read more…
See original article:
Report: Iran Has Been Hacking Major Infrastructure For Last Two Years
itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook’s onion address. This was done both for internal technical reasons and as a way for users to verify Facebook’s ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time. Read more of this story at Slashdot.
daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43, 000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years. Read more of this story at Slashdot.
Continue Reading:
Security Companies Team Up, Take Down Chinese Hacking Group
This week, people camped outside Apple stores for days anticipating the iPhone 6. But those line-waiters weren’t all frenzied Apple fans high on the joy of a new smartphone: As filmmaker Casey Neistat portrays it , many of the line-sitters were buying the new iPhone to immediately resell it on the black market. Read more…
Read the article:
The Reality of the iPhone Line Is a Black Market Nightmare
Home Depot confirmed today that the company was, indeed, the victim of a large credit card breach reported by many customers last week. An estimated 60 million card numbers were stolen, which would make it the biggest such hack in retail history. Read more…
See more here:
Home Depot Confirms Hack: As Many As 60 Million Cards Stolen
paysonwelch writes The United Parcel Service announced that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised. There are 4, 470 franchised center locations throughout the U.S., according to UPS. The malware began to infiltrate the system as early as January 20, but the majority of the attacks began after March 26. UPS says the threat was eliminated as of August 11 and that customers can shop safely at all locations. Read more of this story at Slashdot.
Visit site:
UPS: We’ve Been Hacked
Trailrunner7 writes The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day. Researchers at IBM’s X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ’s penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it. “There are two possible explanations for this. First, someone from the GOZ group could have moved to the Bugat team. This would not be the first time something like this has happened, which we’ve witnessed in other cases involving Zeus and Citadel; however, it is not very likely in this case since Bugat and GOZ are essentially competitors, while Zeus and Citadel are closely related. The second and more likely explanation is that the Bugat team could have analyzed and perhaps reversed the GOZ malware before copying the HTML injections that made GOZ so highly profitable for its operators, ” Etay Maor, a senior fraud prevention strategist at IBM, wrote in an analysis of the new malware. Read more of this story at Slashdot.
View the original here:
New Cridex Malware Copies Tactics From GameOver Zeus
For more than a year, Intel’s 14-nanometer Broadwell chip, the successor to its Haswell microarchitecture, has been consistently delayed , due in part to early-stage manufacturing snafus. But today Intel gave a glimpse of this incredibly tiny powerhouse, and the computing future it will introduce in its wake. Read more…
Visit link:
Intel’s Broadwell Chips Will Make Full-Fledged PCs as Tiny as Tablets
An anonymous reader writes We’ve been calling it for years — connect everything in your house to the internet, and people will find a way to attack it. This post provides a technical walkthrough of how internet-connected lighting systems are vulnerable to outside attacks. Quoting: “With the Contiki installed Raven network interface we were in a position to monitor and inject network traffic into the LIFX mesh network. The protocol observed appeared to be, in the most part, unencrypted. This allowed us to easily dissect the protocol, craft messages to control the light bulbs and replay arbitrary packet payloads. … Monitoring packets captured from the mesh network whilst adding new bulbs, we were able to identify the specific packets in which the WiFi network credentials were shared among the bulbs. The on-boarding process consists of the master bulb broadcasting for new bulbs on the network. A new bulb responds to the master and then requests the WiFi details to be transferred. The master bulb then broadcasts the WiFi details, encrypted, across the mesh network. The new bulb is then added to the list of available bulbs in the LIFX smart phone application.” Read more of this story at Slashdot.
View post:
Hacking Internet Connected Light Bulbs