Tag: portfolio-cond

Hack on JPMorgan website exposes data for 465,000 card holders

JPMorgan Chase has warned 465,000 holders of prepaid cash cards that their personal information may have been obtained by hackers who breached the bank’s network security in July, according to a report published Thursday. JPMorgan issued the cards on behalf of corporations and government agencies, which in turn used them to pay employees and issue tax refunds, unemployment compensation, and other benefits, Reuters reported . In September, bank officials discovered an attack on Web servers used by its www.ucard.chase.com site and reported it to law enforcement authorities. In the months since, bank officials have investigated exactly which accounts were involved and what pieces of information were exposed. Wednesday’s warning came after investigators were unable to rule out the possibility that some card holders’ personal data may have been accessed. The bank usually keeps customers’ personal information encrypted, but during the course of the breach, data belonging to notified customers temporarily appeared in plaintext in log files, Reuters said. The notified card holders account for about two percent of the roughly 25 million UCard users. Read 1 remaining paragraphs | Comments        

See the original post:
Hack on JPMorgan website exposes data for 465,000 card holders

Charged with theft, man arrested for plugging car into school’s outlet

Nissan A man in an Atlanta suburb was confronted by a police officer for plugging his electric car into an outside outlet at a school. Ten days later, he was arrested at home and charged with theft for taking about 5 cents worth of electricity “without consent.” Kaveh Kamooneh plugged an extension cable from his Nissan Leaf into a 110-volt external outlet at Chamblee Middle School while his son was practicing tennis. A short time later, he noticed someone in his car and went to investigate—and found that the man was a Chamblee police officer. “He informed me he was about to arrest me, or at least charge me, for electrical theft,” Kamooneh told Atlanta’s Channel 11 News . Kamooneh said that the car, when plugged into a 110-volt outlet, draws a kilowatt an hour. “Over an hour, that’s maybe eight or nine cents” worth of electricity, he said, depending on the rates. He was plugged in for less than 20 minutes, so he estimated the amount of power he drew from the school at less than 5 cents. Read 2 remaining paragraphs | Comments        

Read this article:
Charged with theft, man arrested for plugging car into school’s outlet

Found: hacker server storing two million pilfered paswords

Spider Labs Researchers have unearthed a server storing more than two million pilfered login credentials for a variety of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites. More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave’s Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells. More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries. Read 5 remaining paragraphs | Comments        

Link:
Found: hacker server storing two million pilfered paswords

Scientist-developed malware covertly jumps air gaps using inaudible sound

Topology of a covert mesh network that connects air-gapped computers to the Internet. Hanspach and Goetz Computer scientists have developed malware that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection. The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals. The researchers, from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics , recently disclosed their findings in a paper published in the Journal of Communications . It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps . The new research neither confirms nor disproves Dragos Ruiu’s claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today’s malware. Read 6 remaining paragraphs | Comments        

More:
Scientist-developed malware covertly jumps air gaps using inaudible sound

Anti-GMO crop paper to be forcibly retracted

Chiot’s Run Last year, a French researcher made waves by announcing a study that suggested genetically modified corn could lead to an increased incidence of tumors in lab animals. But the way the finding was announced seemed designed to generate publicity while avoiding any scientific evaluation of the results. Since then, the scientific criticisms have rolled in, and they have been scathing. Now, the editor of the journal that published it has decided to pull the paper despite the objections of its primary author. The initial publication focused on corn that had been genetically engineered to carry a gene that allowed it to break down a herbicide. French researchers led by Gilles-Eric Séralini fed the corn, with and without herbicide, to rats. Control populations were given the herbicide alone or unmodified corn. The authors concluded that the genetically-modified corn led to an elevated incidence of tumors and early death. But even a cursory glance at the results suggested there were some severe problems with this conclusion. To begin with, there were similar effects caused by both the genetically engineered crop and by the herbicide it was designed to degrade. None of the treatments showed a dose effect; in some cases, the lowest doses had the most dramatic effect. And, if the treatment populations were combined, in some cases they were healthier than the controls. Tests of whether the results were statistically significant were completely lacking. Read 8 remaining paragraphs | Comments        

More:
Anti-GMO crop paper to be forcibly retracted

TV news team falls for Facebook doppelgänger scam

The doppelgänger Facebook profile scraped from WBAL producer Chris Dachille convinced many of his friends that it was actually him—and then spammed them with requests for money and malicious links. WBAL Reporters and producers at a television station in Baltimore recently found out the hard way that they shouldn’t blindly accept Facebook friend requests. Last month, they found that their profiles had been cloned by an attacker who quickly used their network of friends to spread malicious links and ask for money. Attacks on media organizations’ social media accounts have been at an all-time high this past year, including “hacktivist” and state-sponsored attacks on media outlets from the Syrian Electronic Army. But the attack on the staff of WBAL-TV was directed toward staff members’ personal accounts. And this initiative was a more workaday one, less targeted at the station itself than the friends, co-workers, and viewers who were connected to the cloned accounts. Because some of WBAL’s staff members mixed their personal and professional social networking together, the attack gave the scammer access to a huge audience’s Facebook news feeds. After the attack was discovered, it took weeks for Facebook to shut down the fake accounts. Read 12 remaining paragraphs | Comments        

Read More:
TV news team falls for Facebook doppelgänger scam

New Linux worm targets routers, cameras, “Internet of things” devices

Wesley Fryer Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz , as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday . But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” Read 4 remaining paragraphs | Comments        

More:
New Linux worm targets routers, cameras, “Internet of things” devices

Google launches Play Newsstand: a hybrid magazine store and RSS reader

The long-rumored Google Play Newsstand for Android has finally launched , and it’s not at all what we were expecting. Early reporting and investigation pinned it as a newspaper section of the Play Store, but it’s much more than that. Google is selling newspapers and magazines under a single banner, and  there’s a visual-heavy RSS reader, sort of like Flipboard. This means Newsstand is replacing two of Google’s existing apps: Google Play Magazines and Google Currents. Google is pitching it as “all your subscriptions in one place.” Like most things “Google” these days, calling it an “app” isn’t really the whole story. There’s also a new section of the desktop Play Store, and some magazines and newspapers are even viewable in the browser. RSS is strictly confined to the app, though. Just like the old Play Magazines, paid content is available as a subscription or on a per-issue basis, and 30-day trials are available for some premium content. RSS feeds, magazines, and newspaper can be downloaded for offline reading later, and there’s also a bookmark function. Read 1 remaining paragraphs | Comments        

See the original post:
Google launches Play Newsstand: a hybrid magazine store and RSS reader

Alleged Windows support scammer forfeits money earned by “fixing” PCs

Well, maybe this guy wasn’t quite as smart as Heisenberg. AMC A man accused of tricking PC users into thinking they had viruses and then offering to “fix” their perfectly fine computers has agreed to pay back every penny he allegedly received in the scam. Navin Pasari is a defendant in one of six complaints that the Federal Trade Commission filed in September 2012 against people and entities accused of leading Windows tech support scams.”According to the complaint against Pasari and his co-defendants, the defendants placed ads with Google, which appeared when consumers searched for their computer company’s tech support telephone number,” the FTC noted in an announcement today . “After getting consumers on the phone, the defendants’ telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. The scammers then offered to rid the computer of the non-existent malware for fees ranging from $139 to $360.” Pasari did not admit wrongdoing but agreed to a proposed  final judgment and order  in which he will forfeit $14,369, “which is the amount of money Mr. Pasari received from the other Defendants,” the document states. The money is being held in escrow and will be transferred to the FTC, assuming the order is approved by a US District Court judge. Read 11 remaining paragraphs | Comments        

Visit link:
Alleged Windows support scammer forfeits money earned by “fixing” PCs

Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Noah Coffey Federal authorities have arrested five more men accused of taking part in a 21st-century bank heist that siphoned a whopping $45 million out of ATMs around the world in a matter of hours. Prosecutors said the men charged on Monday were members of the New York-based cell of a global operation and contributed to the $45 million theft by illegally withdrawing $2.8 million from 140 different ATMs in that city. The arrests came after the defendants sent $800,000 in cash proceeds in a suitcase transported by bus to a syndicate kingpin located in Florida, US Attorney for the Eastern District of New York Loretta E. Lynch said . Photos seized from one defendant’s iPhone showed huge amounts of cash piled on a hotel bed and being stuffed into luggage, she said. The heists took place during two dates in December 2012 and targeted payment cards issued by the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman respectively. Prosecutors dubbed the heists “unlimited” operations because they systematically removed the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that processed online payments for the two targeted banks, prosecutors alleged in earlier indictments. Prosecutors didn’t identify the payment processors except to say that one was in India and the other was in the United States. Read 3 remaining paragraphs | Comments        

Visit link:
Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase