Credit and debit card information belonging to customers who did business at 51 UPS Store Inc. locations in 24 states this year may have been compromised as the result of an intrusion into the company's networks.
The complete listings: Computerworld's 100 Best Places to Work in IT for 2015
A compact list of the 56 large, 18 midsize and 26 small organizations that ranked as Computerworld's READ NOW
In a statement Wednesday, UPS said it was recently notified by law enforcement officials about a "broad-based malware intrusion" of its systems.
A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.
The intrusion may have exposed data on transactions conducted at the stores between Jan. 20 and Aug. 11, 2014. "For most locations, the period of exposure to this malware began after March 26, 2014," UPS said in a statement.
Reference:
Wednesday, September 9, 2015
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Today, Fiat Chrysler recalled 1.4 million vehicles possibly affected by a vulnerability in the UConnect infotainment system that could allow attackers to hijack the vehicle's steering and braking. Car hacking researchers Chris Valasek and Charlie Miller demonstrated proof of concept in striking fashion, when they wirelessly took control of a 2014 Jeep Cherokee driven by Wiredreporter Andy Greenberg and brought it from 70 mph to a screeching halt.
The National Highway Traffic Safety Administration (NHTSA) is launching an investigation to determine the effectiveness of Fiat Chrysler's recall.
As Dark Reading's Kelly Jackson Higgins wrote yesterday in an interview with Valasek:
Miller and Valasek were able to control a 2014 Jeep Cherokee's steering, braking, high beams, turn signals, windshield wipers and fluid, and door locks, as well as reset the speedometer and tachometer, kill the engine, and disengage the transmission so the accelerator pedal failed.
The National Highway Traffic Safety Administration (NHTSA) is launching an investigation to determine the effectiveness of Fiat Chrysler's recall.
As Dark Reading's Kelly Jackson Higgins wrote yesterday in an interview with Valasek:
Miller and Valasek were able to control a 2014 Jeep Cherokee's steering, braking, high beams, turn signals, windshield wipers and fluid, and door locks, as well as reset the speedometer and tachometer, kill the engine, and disengage the transmission so the accelerator pedal failed.
Thursday, May 7, 2015
Kicking The Stool Out From Under The Cybercrime Economy
CSO Online had the opportunity to chat with Shape Security's senior threat researcher, Wade Williamson, at this year's Black Hat conference, and he offered a brief background of these types of popular malware platforms before putting the threat landscape into perspective.
Google Report Unmasks Ad Injection Economy
"Our results reveal that ad injection has entrenched itself as a cross-browser monetization platform that impacts tens of millions of users around the globe," according to a report from Google and a team of researchers that will be presented at the IEEE Symposium on Security and Privacy later this month. "Our client-side telemetry finds that 5.5% of unique daily IP addresses visiting Google properties have at least one ad injector installed. The most popular, superfish.com, injects ads into more than 16,000 websites and grossed over $35 million in 2013 according to financial reports."
UPS Now The Third Company In A Week To Disclose Data Breach
Credit and debit card information belonging to customers who did business at 51 UPS Store Inc. locations in 24 states this year may have been compromised as the result of an intrusion into the company's networks.
In a statement Wednesday, UPS said it was recently notified by law enforcement officials about a "broad-based malware intrusion" of its systems.
A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.
In a statement Wednesday, UPS said it was recently notified by law enforcement officials about a "broad-based malware intrusion" of its systems.
A subsequent investigation by an IT security firm showed that attackers had installed previously unknown malware on systems in more than four-dozen stores to gain access to cardholder data. The affected stores represent about 1% of the 4,470 UPS Store locations around the country.
5 Ways Schools Can Upgrade Cyber Security
May 06, 2015 Added by:Paul Lipman
Today’s cyber criminals are more aggressive than ever before in their quest to achieve financial gains through hacking. With that being said, it should come as no surprise that our nation's schools are a prime target for such attacks. In this article, iSheriff CEO Paul Lipman highlights the five actions that can be taken to upgrade cyber security practices.
There are five actions that can be taken to move you toward the ideal. These include:
- Establish a policy and technology to allow BYOD
- Upgrade the web filter
- Protect owned devices while off the network
- Anti-malware protection does still matter
- Integrate and move your security to the cloud
Wednesday, January 7, 2015
Monday, June 2, 2014
'Oleg Pliss' Hack Makes for A Perfect Teachable IT Moment
Computerworld - Earlier this week, a number of iOS device owners woke up to discover that someone had locked them out of the iPhones, iPads, and iPod touches. The attack, primarily aimed at users in Australia and New Zealand (though there are now reports of users in North America and other countries being hit), demanded a ransom be paid to unlock each device. Ironically, the PayPal account referenced in the demand did not seem to even exist.
The "Oleg Pliss" hack, if you can call it one, wasn't particularly sophisticated. The party behind it -- most likely relied on information like user IDs (including email addresses used as usernames) collected by attacks on non-Apple websites like the recent breach that compromised eBay user accounts. Since a lot of people reuse user IDs, passwords and account security questions, all the hacker(s) needed to do was use that information to log into iCloud and use the Find My iPhone/iPad/iPod feature to lock the device and display a message on it. (The feature is typically used to locate a lost or stolen iOS device.)
Read more...
The "Oleg Pliss" hack, if you can call it one, wasn't particularly sophisticated. The party behind it -- most likely relied on information like user IDs (including email addresses used as usernames) collected by attacks on non-Apple websites like the recent breach that compromised eBay user accounts. Since a lot of people reuse user IDs, passwords and account security questions, all the hacker(s) needed to do was use that information to log into iCloud and use the Find My iPhone/iPad/iPod feature to lock the device and display a message on it. (The feature is typically used to locate a lost or stolen iOS device.)
Read more...
Thursday, January 23, 2014
Board Declares NSA Data Sweep Illegal
The president did not go nearly as far when he called last week for ending government control of phone data collected from hundreds of millions of Americans. In its report, obtained by Fox News and scheduled for release Thursday afternoon, The Privacy and Civil Liberties Oversight Board (PCLOB) said the program ran afoul of the law on several fronts.
"The ... bulk telephone records program lacks a viable legal foundation," the board's report said, adding that it raises "serious threats to privacy and civil liberties" and has "only limited value."
"As a result, the Board recommends that the government end the program," the panel wrote.
It remains to be seen whether Obama will accept all or part of the recommendations, but the findings could nevertheless be used as leverage in federal lawsuits against NSA spying.
The report concluded that the NSA collection raises "constitutional concerns" with regard to U.S. citizens' rights of speech, association and privacy.
Guccifer Unmasked!
- Romanian authorities announced Wednesday the arrest of Marcel Lazar Lehel, 40, a hacker believed to work under the name 'Guccifer'.
- Guccifer became known in the U.S. a year ago after releasing personal Bush family pictures.
- In Romania his hacking dates as far back as 2010.
- He was found guilty in his home country of a dozen hacking-related charges in February 2012.
Romanian authorities announced Wednesday that they arrested 40-year-old Marcel Lazar Lehel in the town of Arad.
The raid was organized by Romania's Directorate of Investigating Organized Crime and Terrorism (DIICOT) who said that they were cooperating with U.S. authorities.
Guccifer became known in the U.S. last year when he released pictures of former President George H.W. Bush in the hospital along with other former president George W Bush's hobby paintings.
While Bush II's paintings turned out to be more of a lighthearted hack, Guccifer eventually went on to expose the more serious secrets of America's powerful.
Guccifer hacked into the website of Colin Powell, revealing an affair between the former secretary of state and Romanian European Parliament member Corina Cretu - an affair the married man continues to deny.
Read more:
Subscribe to:
Posts (Atom)