Black Friday just got a bit more black. Target Corp., one of the U.S.’s leading retail outfits, confirmed in a statement Thursday morning that reports of a massive breach of the company’s payment infrastructure, resulting in the exposure of data on an estimated 40 million credit and debit card accounts. The statement, released on Target’s website, follows media reports on Wednesday citing reports from leading credit card issuers. In it, the company confirmed “it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores.” According to statements by Target, the credit card data was stolen between Nov. 27 and Dec. 15, 2013 and includes customer name, credit or debit card number, and the card’s expiration date and the CVV, or three-digit security code. Shoppers at the company’s U.S. stores were affected, but the breach did not affect Target’s Canadian […]
Crime
Two Million Passwords Stolen From Facebook, Twitter, ADP
The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]
Symantec Warns: Worm Can Target Internet of Things
Symantec, the security software firm, is reporting that its researchers have discovered a new, malicious “worm” that is spreading on the Internet and has been adapted to attack embedded devices running the Linux operating system, including many devices that are part of the Internet of Things. Writing on the Symantec research blog, Kaoru Hayashi, a threat analyst within Symantec’s Security Response organization, said that the company had uncovered the worm, dubbed Linux.Darlloz, spreading between more common PC systems. However, an analysis of the program revealed that its creators were thinking big: engineering the worm to be capable of attacking a “range of small, Internet-enabled devices in addition to traditional computers.” Specifically, Symantec’s team found variants of Darlloz for chip architectures common in devices ranging from home routers and set-top boxes to security cameras. The warnings about an “Internet of Things worm” were hypothetical, however. Hayashi said that no attacks against non-PC […]
BitCoin’s Popularity Is Undermining Promises of Anonymity
The virtual currency Bitcoin has soared in value against the U.S. dollar in recent months, topping out a staggering $913 USD to 1 Bitcoin (or BTC) as of late Tuesday. The currency had many ups and downs since it was launched in January 2009. But its main attraction, all along, has been anonymity. Unlike any other online payment system, Bitcoin transactions – like cash transactions – cannot be traced back to specific individuals. Also like cash, they cannot be reversed. Both those factors give Bitcoin users the confidence that their online purchasing activity – whether computer hardware or contraband will remain private. But a group of researchers at two U.S. universities have released a paper that suggests reports of Bitcoin’s anonymity may (to paraphrase Twain) “be greatly exaggerated.” Specifically: the researchers found that, by culling a variety of open source data using public data from the Bitcoin Peer to Peer network and from […]
Snowden Borrowed from APT Playbook In NSA Hack
We know for sure that Edward Snowden made short work of the protections that the National Security Agency used to segregate classified data. Snowden’s revelations about government spying on foreign governments, domestic and foreign firms and…well…just about everyone else first appeared in print in May. Since that time, a looming question is “how?” In other words: how did a single contractor gain access to such a massive trove of classified intelligence while working for the most security conscious organization in the world? While the exact methods used by Snowden are still not known, there are many theories. Now the security firm Venafi thinks that it has an answer, and is challenging the NSA to prove it wrong. In a blog post on Wednesday, the company laid much of the blame on poor management of digital certificates and user credentials, which allowed Snowden to move laterally within the NSA’s classified […]
