Crime

SOHOwned: 300K Home Routers Hacked

A string of reports in recent weeks has focused a spotlight on rising attacks against an often-overlooked piece of equipment that can be found in almost every home and business: the wireless router. Just this week, the security firm Team Cymru published a report (PDF) describing what it claims is a widespread compromise of small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. Cymru claims to have identified over 300,000 SOHO devices (mostly in Asia and Europe) that were compromised. According to the report, the compromises first came to light in January, after Team Cymru analysts noticed a pattern of SOHO routers with overwritten DNS settings in central Europe. The affected devices are from a range of manufacturers, including well-known brands like D-Link, Micronet, Tenda and TP-Link. The devices were vulnerable to a number of attacks, including authentication bypass and cross-site […]

Continue Reading

Target Breach Spells End for Magnetic Stripe Cards in 2015

After years spent fighting pushes for more secure standards, the payment card industry and retailers are moving quickly to abandon magnetic stripe cards and embrace so-called ‘chip and pin’ technology. Credit card firms MasterCard and Visa plan to have most customers on the more secure chip and pin cards by October, 2015, according to a report in the Wall Street Journal. The move comes in the wake of a massive heist of account information for tens of millions of credit card holders from the systems of U.S. retailers including Target, Neiman Marcus and Michaels Stores. In an interview with MasterCard’s Carolyn Balfany, the Journal notes that company has set October, 2015 as the date for a “liability shift” – a change in policy that will hold the party in a fraudulent transaction liable for losses due to that transaction. The goal, said Balfany, is to try to encourage merchants and […]

Continue Reading

Podcast: Security Challenges Ahead For Blackberry

With another busy week behind us in the security world, we sat down with Zach Lanier, a senior security researcher for mobile authentication specialist Duo Security. Zach is a recognized authority on the security of mobile devices, and was able to talk about some ongoing research he’s doing on Blackberry’s BB10 operating system. Zach told us that Blackberry 10, the latest version of Blackberry’s mobile operating system, is a big improvement over previous versions, including the TabletOS that Blackberry (formerly Research in Motion) used for its PlayBook – the company’s first foray into the tablet space.  But Lanier and fixed many of the information leaks that he and others found in TabletOS and reported to the company. “But there are still lots of questions we’re looking to answer,” Lanier said.   Among other things, Lanier is examining whether Blackberry 10’s support for so many different runtimes might pose security problems for […]

Continue Reading

Is 2014 The Year Uncle Sam Takes On Connected Device Security?

The Consumer Electronics Show – or CES- kicked off last week in Las Vegas. In the last decade, CES has become one of the premiere venues for consumer device makers to launch new products and to show off prototypes of technology they hope to introduce to the public. Home entertainment megafauna dominate the coverage of CES — there was Samsung’s 85-inch LED LCD model with 4K resolution that can transform from flat-screen to curved display. But this year’s show is also a showcase for the next wave of connected devices, including wearable technology, smart appliances and connected vehicles. All these new platforms raise important questions about security, privacy and reliability. I sat down to talk about some of those issues with Mark Stanislav, the lead security evangelist at the firm Duo Security. Mark is a frequent contributor to The Security Ledger who last joined us to provide an end of year […]

Continue Reading

Update: Retail Breaches Spread. Point of Sale Malware A Suspect.

Reuters is reporting on Monday that the recently disclosed hack of box store retailer Target Inc. was just one of a series of attacks against U.S. retailers, including Target, the luxury department store Neiman Marcus and other, as-yet-unnamed companies.* The story adds to other, recent revelations, including the breach at Neiman Marcus, which was first disclosed by the security blog Krebsonsecurity.com on Friday. Also on Monday, Target CEO Gregg Steinhafel confirmed that his company was the victim of malicious software installed on point of sale (PoS) systems at the store. According to the Reuters report, Target Corp and Neiman Marcus are just two retailers whose networks were breached over the holiday shopping season. The story cites unnamed sources “familiar with attacks,” which have yet to be publicly disclosed. Breaches of “at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target,” according […]

Continue Reading
1 9 10 11 12 13 18