fraud

Report: Cards Stolen From Target Used – at Target

The web site that first broke the news that data on millions of credit cards was lifted from box retailer Target now reports that those cards are being used to make fraudulent purchases at brick and mortar stores- including at Target itself.   Writing on the website Krebsonsecurity.com, Brian Krebs said that so-called “dumps” of stolen card data are flooding underground “carder” web sites where cyber criminals fence stolen card information. Citing an unnamed source at a New England bank, Krebs said that the bank had, with his help, purchased about 20 cards for its customers that were offered for sale on rescator(dot)la, the carder web site, and confirmed that all the stolen cards had been used at Target. Furthermore, the source confirmed to Krebs that some of the stolen cards had already been used to make fraudulent purchases – including at Target and other big box retailers. Only one […]

Continue Reading

Target Confirms Massive Breach – 40 million Credit Cards Affected

Black Friday just got a bit more black. Target Corp., one of the U.S.’s leading retail outfits, confirmed in a statement Thursday morning that reports of a massive breach of the company’s payment infrastructure, resulting in the exposure of data on an estimated 40 million credit and debit card accounts. The statement, released on Target’s website, follows media reports on Wednesday citing reports from leading credit card issuers. In it, the company confirmed “it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores.” According to statements by Target, the credit card data was stolen between Nov. 27 and Dec. 15, 2013 and includes customer name, credit or debit card number, and the card’s expiration date and the CVV, or three-digit security code. Shoppers at the company’s U.S. stores were affected, but the breach did not affect Target’s Canadian […]

Continue Reading

FTC Settles With Flashlight App Maker Over Geotracking

The Federal Trade Commission (FTC) announced on Thursday that it settled with the maker of a popular Android mobile flashlight application over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC announced the settlement with Goldenshores Technologies, LLC of Moscow, Indiana, makers of the “Brightest Flashlight Free” Android application, saying that the company failed to disclose wanton harvesting and sharing of  customers’ location and mobile device identity with third parties. Brightest Flashlight Free is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices that it is installed on. However, the device also harvested a wide range of data from Android phones which […]

Continue Reading

Two Million Passwords Stolen From Facebook, Twitter, ADP

The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]

Continue Reading

Verizon: New Cloud Encryption Service Will Secure IoT Devices

Identity is one of the biggest challenges facing companies that are deploying products for the “Internet of Things,” as well as traditional enterprises that find IoT technologies of all types knocking at the door. The question, in short, is “how do I know that this device is legitimate, and ties back to an identity that I trust with access to my network resources and data? Of course, identity management has always been an aching problem in the enterprise space. The problem with the IoT is scale – given the sheer size of the IoT (30 billion connected devices by 2020), you can add a few “zeros” onto the number of devices that could, potentially, be seeking access to your network at any time. [Related read: Identity Management’s Next Frontier: The Interstate] It makes sense that, in a distributed environment like that, the cloud may be the best place to address […]

Continue Reading
1 14 15 16 17 18