Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 [...]

Stolen devices to blame for many breaches in the financial services sector

Help Net Security has just published an article on the new Bitglass Financial Services Breach Report, which provides analysis of all breaches in the financial sector since 2006. Zoltán Györkő, CEO at Balabit contributed comment towards the article, explaining the risks that lost corporate devices pose (it exposes the most common cause of data leaks in the financial sector) and how they can be mitigated. Read more at: http://ow.ly/X3Gd303A5C3



Bitglass performed an analysis of all breaches in the financial services sector since 2006, with data aggregated from public databases and government mandated disclosures. They found that leaks nearly doubled between 2014 and 2015, a growth trend on track to continue in 2016.[..]

The Long Arm of Russian Intelligence

After Russian 800-meter runner Yulia Stepanova and her husband exposed the systematic state-sponsored doping regimen pervasive in Russian athletics, the couple and their young son fled to the United States, fearing for their safety. Now it seems that their fears were well founded. The World Anti-Doping Agency (WADA) announced Aug. 13 that hackers had illegally accessed Stepanova's account in an agency database, which contains, among other personal information, her family's address in the United States. (Athletes are required to maintain current address information in the WADA system to facilitate unscheduled, off-competition drug testing.) WADA also noted that no other accounts had been accessed in the data breach, suggesting that Stepanova, who has since moved again with her family, was the specific target of the hack.[...]https://www.stratfor.com/weekly/long-arm-russian-intelligence?id=be1ddd5371&uuid=868ea409-9a7a-468c-a1d4-a8b20b366c6b&utm_content=bufferac175&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer

Cisco Exploit Leaked in NSA Hack Modifies to Target Latest Version of Firewalls

Recently released NSA exploit from "The Shadow Brokers" leak that affects older versions of Cisco System firewalls can work against newer models as well.[...]

Despite billions spent on cybersecurity, companies aren’t truly safe from hacks

Companies on a treadmill to stay ahead of data thieves

Last year, private sector companies globally spent more than $75 billion on security software to safeguard their systems and data.

That number is expected to grow about 7% annually, according to Gartner and other analyst firms. It doesn’t include all the massive amounts spent on fraud prevention by banks, a number that is widely under reported and expected to reach into the billions annually.

Has all that spending made private sector data and systems any safer? Is customer personal data any safer?

Teen Walks Free After Launching DDoS Attack Against Australian Bank

Teen Walks Free After Launching DDoS Attack Against Australian Bank: A teenager received no prison time after launching a distributed denial-of-service (DDoS) attack against an Australian bank, among other targets.[...]

Banking and Phishing: The Perfect Storm

Banking and Phishing: The Perfect Storm: The phishing storm clouds are gathering ever closer to the banking industry. Learn what actions can mitigate banks and cybercrime.[....]

Student Loans Company in Phishing Warning

Student Loans Company in Phishing Warning: Student Loans Company in Phishing Warning. New students targeted by email scams. 

The UK’s Student Loans Company has been forced to issue a fraud alert after phishers launched a new campaign targeting students starting this autumn.[...]

August Locky Blitz Hits Healthcare Organizations

August Locky Blitz Hits Healthcare Organizations: August Locky Blitz Hits Healthcare Organizations. US and Japan most affected as ransomware epidemic worsens.

August has seen a major new wave of Locky ransomware attacks targeting healthcare organizations in the US, Japan and elsewhere, according to FireEye. The security vendor claimed to have spotted “a few massive email campaigns” distributing the notorious ransomware this month. Healthcare was by far the worst hit, accounting for over 75% of total detections, followed by a long tail including telecoms, transport, manufacturing and many more. The United States was the most targeted country, followed by Japan and South Korea. [...]

Sage Employee Arrested in Connection with Data Breach

Sage Employee Arrested in Connection with Data Breach: The 32-year-old female was cuffed at London’s Heathrow airport. 

As the fallout from the recent Sage breach continues to rumble on, City of London police have arrested a Sage Group employee on suspicion of fraud.

The 32-year-old female was cuffed at London’s Heathrow airport yesterday in connection with the incident earlier this week, which saw the Newcastle-based software maker suffer what it described as “unauthorized access” to a “small number” of its six million or so UK customers via an internal login. The woman has since been released on bail and investigations are ongoing, police have confirmed.[...]

SCM: Balancing Security, Availability and Performance

SCM: Balancing Security, Availability and Performance: Security configuration management (SCM) recognizes that companies need to track all endpoint changes, including unauthorized ones initiated by an attacker. An organization’s computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the vulnerable software.[...]

Credit-card stealing malware hits Hyatt, Marriott, Sheraton hotel chains

Credit-card stealing malware hits Hyatt, Marriott, Sheraton hotel chains: The sad reality is that 'hotel hacking' has become a regular headline in the last few years. Corporate victims have included Trump, Hilton, and Marriott...

Some 20 hotels belonging to HEI Hotels & Resorts have been attacked by hackers who planted point-of-sale malware on their systems.

Chances are that many of us aren’t familiar with HEI, but that doesn’t mean that we’re not potentially at risk if the hospitality firm suffers a data breach.[....]

China Launches World's 1st 'Hack-Proof' Quantum Communication Satellite



China has taken one more step forward towards achieving success in Quantum communication technology. China has launched the world's first quantum communications satellite into orbit aboard a Long March-2D rocket earlier today in order to test the fundamental laws of quantum mechanics at space.[....]

What happens when security enters the cloud?

Opinion: Avecto's Andrew Avanessian looks at how to coordinate your security in the cloud.

Over the past ten years there have been few buzzwords as commonly heard in the IT industry as ‘cloud’. I think it’s probably fair to say that a number of people using it in the early days weren’t really sure what it meant.[...]

280 Customers of Payroll Software Company Receive Notice of Data Breach

UK software group Sage has notified 280 of its customers that a data breach might have compromised the personal details and banking information of their employees.

On 12 August, the Newcastle-based provider of business management software for accounting and payroll services notified 280 of its UK customers about the breach. The company then published a statement about the incident on its homepage on 13 August:- "We believe there has been some unauthorized access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation. Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security."[...]

Bitcoin Exchange Offers $3.5 Million Reward for Information of Stolen Bitcoins

Hong Kong-based Bitcoin exchange 'Bitfinex' that lost around $72 Million worth of its customers’ Bitcoins last week is now offering a reward of $3.5 Million to anyone who can provide information that leads to the recovery of the stolen Bitcoins. Bitfinex [...]

The web *seems* scarier than ever. Is it?

@jordanr1000 explains #QuickTake http://www.bloomberg.com/view/quicktake/internet-security via @undefined. State-sponsored cyberwarriors are infiltrating nuclear power plants and blackmailingmultinational companies. Hacking gangs are breaking in to ATMs. Safety advocates arehijacking cars wirelessly — taking control of steering and brakes from drivers — as a warning about onboard vulnerabilities. Has the Internet ever seemed scarier? Maybe not, but wait. Yes, elite professionals are finding ingenious ways to gain entry to government, industrial and financial networks. Cybersecurity lapses have left some companies shockingly exposed. Still, when it comes to everyday security — of bank accounts and credit cards — the good guys actually have the upper hand.[...]

• 
  

CISOs adopt a portfolio  management  approach  for    cybersecurity

With a long to-do list and perpetual skills shortage, CISOs are managing requirements, allocating resources and outsourcing. 

Enterprise CISOs are in an unenviable position. Given today’s dangerous threat landscape and rapidly evolving IT initiatives, CISOs have a long list of tasks necessary for protecting sensitive data and IT assets. At the same time, however, most organizations are operating with a shortage of skilled cybersecurity professionals.  According to ESG research, 46 percent of organizations claim  they have a “problematic shortage” of cybersecurity skills in 2016. https://lnkd.in/eZi8M4Xvia @networkworld.[....]

Critical infrastructure attacks cost up to €15 million

Critical infrastructure attacks cost up to €15 million.

It deemed that Critical Information Infrastructures (CIIs) provide resources upon which society depends, and cybersecurity incidents affecting CIIs are nowadays considered global risks that can have “significant negative impact for several countries or industries within the next 10 years”.  The report found that the most common attack types for the financial sector and ICTs are DoS/DDoS and malicious insiders, with the latter affecting the public sector too, while the most expensive attacks are considered to be insider threats, followed by DDoS and web-based attacks. Data appears to be the most valuable asset.[...]

Secure Boot Vulnerability Exposes Windows Devices to Attacks | SecurityWeek.Com

Secure Boot Bypass Allows Hackers to Load Bootkits/Rootkits on Windows Devices 

Microsoft has been attempting to patch a serious Secure Boot vulnerability that can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices. Researchers believe the security flaw cannot be fully patched. [....]

http://www.securityweek.com/secure-boot-vulnerability-exposes-windows-devices-attacks via @SecurityWeek

Senior Information Security & Data Privacy Executive Deena Coffman Joins BDO Consulting | Business Wire.

“Cross-border data transfers continue to be constrained by disparate global privacy regulations and stricter oversight, which significantly impact business operations for many organizations,” said Carl W. Pergola, Executive Director of BDO Consulting. “Deena’s compliance knowledge and in-house IT experience will be instrumental in helping BDO’s clients balance risk with value as data privacy obligations grow in an escalating cyber threat environment.”[...]

The Hottest Security Technology You Didn’t See on the Black Hat Floor

The Hottest Security Technology You Didn’t See on the Black Hat Floor: Hacker summer camp is over. The vendor hall of Black Hat USA was a bazaar of solutions waiting to “solve” every security challenge you might face.[...]

PCI 3.2 and The Regulation Storm

 It is encouraging to see the relatively rapid pace of PCI versions. PCI 3.1 was published in April 2015, PCI 3.2 was published in April 2016.

There is never a dull moment for compliance and security. Case in point, amidst a brewing storm of regulation, version 3.2 of the Payment Card Industry Data Security Standards (PCI DSS) announced in late spring articulates good data security intent along with controversy.

Researchers Demonstrate How to Steal Payment Card Data via PIN Pads

Researchers Demonstrate How to Steal Payment Card Data via PIN Pads: Two security researchers have demonstrated how attackers can steal unsuspecting users' payment card data via a PIN pad.[...]

Recommendations for Protecting Against ICS Security Threats

Recommendations for Protecting Against ICS Security Threats: Security is not the same for the industrial control systems (ICS) as it is for information technology (IT). Security is not the same for the industrial control systems (ICS) as it is for information technology (IT). This difference in part arises from the unique characteristics that set IoT and IT environments apart from one another.[...]

FireEye 2016 ICS Vulnerabilities Trend Report: Missed Warnings, Exposed Industrial Environments

FireEye 2016 ICS Vulnerabilities Trend Report: Missed Warnings, Exposed Industrial Environments: The FireEye iSight Intelligence 2016 ICS Vulnerability Trend Report is headlined “OVERLOAD – Critical Lessons from 15 years of ICS Vulnerabilities.

Industrial Control Systems (ICS) are the technology workhorses responsible for powering the electric grid and utilities, water treatment plants, oil and gas production, food and beverage manufacturing, and transportation systems, among many others. Our society relies on these systems more than we know to keep life running smoothly.[...]

Healthcare System to Pay $5.5 Million Settlement Over 2013 Data Breaches

Healthcare System to Pay $5.5 Million Settlement Over 2013 Data Breaches: Advocate Health Care Network has agreed to pay a $5.5 million settlement over breaches that exposed the data of more than 4 million patients in 2013.

The fine is the largest HIPAA enforcement settlement against a single entity to-date, which the Department of Health and Human Services’ Office for Civil Rights (OCR) said was “a result of the extent and duration of the alleged noncompliance.”[...]

Data Breach Costs Soaring

Data Breach Costs Soaring: New research from IBM and the Ponemon Institute has revealed that data breaches now cost an average of $4 million.[...]

Torrentz.eu Shuts Down Forever! End of Biggest Torrent Search Engine

Torrentz.eu Shuts Down Forever! End of Biggest Torrent Search Engine



Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation.

The surprise shutdown of Torrentz marks the end of an era.

How Employees React to Security Policies

How Employees React to Security Policies: Security professionals should bear in mind that if employees are stressed at work, making difficult decisions, performing productive tasks, they get tired.[....]

Nigerian Mastermind Scammer Arrested for Stealing $60M from Victims

Nigerian Mastermind Scammer Arrested for Stealing $60M from Victims: Authorities have arrested a Nigerian mastermind scammer for leading an international criminal network's efforts to steal $60 million from its victims.[...]

How Lackadaisical Software Management Can Jeopardize Your Endpoint Security

How Lackadaisical Software Management Can Jeopardize Your Endpoint Security: Today, organizations can best defend against digital threats by practicing endpoint discovery. Knowing exactly which devices are installed on a network provides security professionals with key intelligence for effective incident response. Indeed, information security teams who lack that knowledge might fail to detect or contain an intrusion before it escalates into a breach.[...]

Disney Confirms Data Breach of Playdom Forums’ Servers

Disney Confirms Data Breach of Playdom Forums’ Servers: Disney Consumer Products and Interactive Media has confirmed a data breach that affected some users of its Playdom forums.[...]