Identity Theft

SOHOwned: 300K Home Routers Hacked

A string of reports in recent weeks has focused a spotlight on rising attacks against an often-overlooked piece of equipment that can be found in almost every home and business: the wireless router. Just this week, the security firm Team Cymru published a report (PDF) describing what it claims is a widespread compromise of small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. Cymru claims to have identified over 300,000 SOHO devices (mostly in Asia and Europe) that were compromised. According to the report, the compromises first came to light in January, after Team Cymru analysts noticed a pattern of SOHO routers with overwritten DNS settings in central Europe. The affected devices are from a range of manufacturers, including well-known brands like D-Link, Micronet, Tenda and TP-Link. The devices were vulnerable to a number of attacks, including authentication bypass and cross-site […]

Continue Reading

Target Breach Spells End for Magnetic Stripe Cards in 2015

After years spent fighting pushes for more secure standards, the payment card industry and retailers are moving quickly to abandon magnetic stripe cards and embrace so-called ‘chip and pin’ technology. Credit card firms MasterCard and Visa plan to have most customers on the more secure chip and pin cards by October, 2015, according to a report in the Wall Street Journal. The move comes in the wake of a massive heist of account information for tens of millions of credit card holders from the systems of U.S. retailers including Target, Neiman Marcus and Michaels Stores. In an interview with MasterCard’s Carolyn Balfany, the Journal notes that company has set October, 2015 as the date for a “liability shift” – a change in policy that will hold the party in a fraudulent transaction liable for losses due to that transaction. The goal, said Balfany, is to try to encourage merchants and […]

Continue Reading

In Next Phase: Web Tracking Cookies Grow Legs

It’s easy to focus on the low hanging fruit in the Internet of Things revolution – the Internet-connected thermostats, connected vehicles and lawn sprinklers that you can manage from the Web.   But the biggest changes are yet to come – as powerful, wearable technology, remote sensors and powerful data analytics combine to map and record our every waking (and sleeping) moment. I got a glimpse of that reading this article over at the blog StreetFightMag.com, a site that concentrates on the hyperlocal marketing sector. Hyperlocal was a big thing about six or seven years ago, as online media outfit (and their advertisers) decided that consumers were losing interest in the thin gruel that online mass-media provided, but remained intensely interested in local news and affairs. Alas, capitalizing on the relatively small-scale opportunities in ‘hyperlocal’ proved harder than anyone thought, as this week’s decision to shutter AOL’s remaining Patch web […]

Continue Reading

Is 2014 The Year Uncle Sam Takes On Connected Device Security?

The Consumer Electronics Show – or CES- kicked off last week in Las Vegas. In the last decade, CES has become one of the premiere venues for consumer device makers to launch new products and to show off prototypes of technology they hope to introduce to the public. Home entertainment megafauna dominate the coverage of CES — there was Samsung’s 85-inch LED LCD model with 4K resolution that can transform from flat-screen to curved display. But this year’s show is also a showcase for the next wave of connected devices, including wearable technology, smart appliances and connected vehicles. All these new platforms raise important questions about security, privacy and reliability. I sat down to talk about some of those issues with Mark Stanislav, the lead security evangelist at the firm Duo Security. Mark is a frequent contributor to The Security Ledger who last joined us to provide an end of year […]

Continue Reading

Update: Retail Breaches Spread. Point of Sale Malware A Suspect.

Reuters is reporting on Monday that the recently disclosed hack of box store retailer Target Inc. was just one of a series of attacks against U.S. retailers, including Target, the luxury department store Neiman Marcus and other, as-yet-unnamed companies.* The story adds to other, recent revelations, including the breach at Neiman Marcus, which was first disclosed by the security blog Krebsonsecurity.com on Friday. Also on Monday, Target CEO Gregg Steinhafel confirmed that his company was the victim of malicious software installed on point of sale (PoS) systems at the store. According to the Reuters report, Target Corp and Neiman Marcus are just two retailers whose networks were breached over the holiday shopping season. The story cites unnamed sources “familiar with attacks,” which have yet to be publicly disclosed. Breaches of “at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target,” according […]

Continue Reading
1 11 12 13 14 15 21