Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.
22 hours ago How a cyber cop patrols the underworld of e-commerceNetworkWorld Security View Synopsis+1
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.
20 hours ago TailsSchneier blog View Synopsis+1
Nice article on the Tails stateless operating system. I use it. Initially I would boot my regular computer with Tails on a USB stick, but I went out and bought a remaindered computer from Best Buy for $250 and now use that.
Gov't is too broke for that, Russian prez says
Vladimir Putin has said that Russia has no mass telephone and internet surveillance programs to compare with those in the United States.
17 hours ago Michaels confirms breach of as many as 2.6M cardsYahoo Security View Synopsis+1
Michaels Stores Inc. says Thursday that about 2.6 million cards used at its namesake stores may have been affected in a security breach but it has received "limited" reports of fraud. The nation's ...
Anyone who has worked in IT for a while has undoubtedly heard the term distributed denial-of-service (DDoS). A common method of attack used by both criminal and "hacktivist" organizations, the term made its way into the everyday lexicon during the WikiLeaks controversy, when groups used these types of attacks to bring down credit card and
2 days ago Is RAID Fading Into The Sunset?Network Computing Security View Synopsis+1
With the arrival of faster networks and SSDs, RAID can no longer keep up. Data protection alternatives such as replication and erasure codes are gaining traction.
2 days ago The 2014 Global Threat Intelligence ReportInfoRiskToday View Synopsis+1
The goal of the NTT Group Global Threat Intelligence Report (GTIR) is to raise awareness for executives and security professionals of how to avoid high-profile information security and data breaches, while understanding the needs for a strategic security program with proven controls that will help organizations balance cost and risk.
Using real-world case studies and findings from over 3 billion analyzed attacks, the 2014 NTT Global Threat Intelligence Report (GTIR) demonstrates strategies to minimize threat impact and compress the threat mitigation timeline. Among key findings of the study:
- The cost for a "minor" SQL injection attack can exceed $196,000;
- Anti-virus applications fail to detect 54 percent of new malware;
- Healthcare has seen a 13 percent increase in botnet activity.
In this session, the report's key architects walk through case studies that bring the findings to life, and they focus on strategies for refining the five critical areas of security: threat avoidance, threat response, threat detection, investigate capabilities and response capabilities.
Multiple weaknesses put devices and PayPal accounts within reach of attackers.
The permissions issue could allow a malicious app to alter legitimate home screen icons.
The former Homeland Security chief outlined two conditions we're going to be dealing with as companies, countries, and individuals: the global scourge of terrorism and the digital "forevermore."
3 hours ago Reverse HeartbleedSchneier blog View Synopsis+1
Heartbleed can affect clients as well as servers.
3 hours ago How Does the Heartbleed Bug Work?IT Toolbox Blogs View Synopsis+1
With so much conversation revolving around the Heartbleed bug, we turned to PC Mag to get the low down. For those of you that haven?t heard about the bug yet, people can capture portions of server memory, including encryption keys and passwords. The bug itself is supposed to be incredibly simple and many websites have already patched it.
4 hours ago Overreacting to RiskSchneier blog View Synopsis+1
This is a crazy overreaction:A 19-year-old man was caught on camera urinating in a reservoir that holds Portland's drinking water Wednesday, according to city officials.
Now the city must drain 38 million gallons of water from Reservoir 5 at Mount Tabor Park in southeast Portland.
I understand the natural human disgust reaction, but do these people actually think that their normal drinking water is any more pure? That a single human is that much worse than all the normal birds and other animals? Or that a few ounces distributed amongst 38 million gallons is negligible.
After LaCie announced earlier this week it was the victim of a massive credit card breach that lasted for a year, crafts store Michaels revealed in a press release that hackers may have stolen credit card data for 3 million of its customers, including buyers that shopped at its Aaron Brothers subsidiary. The company has hired two independent security firms to conduct an extensive investigation, which revealed that payment systems in Michaels and Aaron Brothers stores were attacked by "highly sophisticated malware" that had not been seen before by either firm. While the malware has been neutralized at this time, the company determined that the hack was quite extensive, allowing hackers to steal certain payment information including card number and
The evolving nature of cyberattacks demands a more dynamic response, according to government CIOs making an effort to implement real-time, continuous monitoring and reporting for security issues.
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.
4 hours ago Will the march of science halt in Crimea?IT Toolbox Blogs View Synopsis+1
Will the march of science halt in Crimea?
Checks if sites were vulnerable and what they've done about it
Internet stats clearinghouse Netcraft has released a new tool aimed at letting consumers know when the sites they visit might have been compromised by the Heartbleed encryption bug.
Meanwhile, Target investigators prepare for long process in nabbing hackers
As the officials investigating the Target data breach are settling in for what they believe will be a long and complex process of catching the hackers behind the heist, another US retailer is admitting that it lost millions of customer payment card details.