Phishing

Europol Warns of Internet of Things Risk

In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]

Continue Reading

Chief Security Officer: The Toughest Job In IT?

Register now for our CISO Hangout with Jon Trull of Qualys, the former Chief Security Officer for the State of Colorado. Chief Information Security Officers (CISOs) are in the news a lot these days. The breaches at prominent corporations like Target, Home Depot and (this week) JP Morgan have solidified the consensus that the CISO is a necessary complement to the CIO. They’ve also shone a spotlight on what many consider to be the toughest job in corporate America. After all, successful cyber attacks and data breaches are the quickest path to a ruined corporate reputation. And a strong and capable CISO is increasingly seen as the best defense against such an unfortunate occurrence. (Target’s misfortune was the direct result, some argued, on its lack of a CISO.) With all that in the air, the time couldn’t be better to sit down with some of the top CISOs in industry and the public […]

Continue Reading

Report: Hacked Password Behind Compromise of 75m JPMorgan Accounts

The top news this week is about Wall Street giant JP Morgan Chase, which disclosed on Thursday that a previously disclosed breach was much larger than initially believed, affecting more than 75 million account holders. And once again, reports suggest that a compromised employee account may be at the root of the incident. Bloomberg, which first broke the news of the cyber attack on JPMorgan Chase in August, said on Friday that hackers exploited an employee’s access to a development server as part of an attack on a JPMorgan Chase & Co. server that led to one of the largest cyber-attacks ever and the theft of data on 76 million households and 7 million small businesses. According to the Bloomberg report, which cited “people familiar with the bank’s review,” the breach started in June when an employee’s user name and password for what’s described as “a web-development server” were compromised. From that […]

Continue Reading

Report: Apple IDs Targeted by Kelihos Botnet

There’s an interesting post over on Symantec’s blog about a shift noted in the behavior of the Kelihos botnet in recent days. According to Symantec, Kelihos operators have turned their attention to Apple customers, launching a phishing email campaign aimed at Apple iCloud users and Apple ID’s and passwords. According to the post, Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The body of the phishing email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and […]

Continue Reading

What Hollywood Can Teach Us: Passwords Matter More Than Ever

Andrey Belenko had what you might call a ‘brush with infamy’ earlier this week after a presentation he took part in on the security of Apple’s iCloud became a set piece in the news media scramble to identify the source of a huge trove of leaked celebrity photos – many depicting Hollywood A-List stars in various states of undress. “It’s not the kind of attention you want to receive,” said Belenko, a security researcher with the firm ViaForensics. “It’s all really creepy stuff.” Belenko’s link to the celebrity hacking scandal was a matter of happenstance. He was scheduled to give a presentation at a small, St. Petersburg multi-media conference, Chaos Constructions, over the weekend. Belenko was presenting research he had conducted a year earlier on the security of Apple’s KeyChain technology and iCloud – a talk he had given twice before in the last year. Prior to his talk, Belenko […]

Continue Reading
1 10 11 12 13 14 19