Phishing

Snowden RSA Controversy Just One Of Many Facing Security Industry

In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance. In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that […]

Continue Reading

Target: Hack Exposed Data On 70 Million

Target provided some guidance on its fourth quarter earnings on Friday and, not incidentally, dropped another bombshell in the long-running story about the November data breach that exposed credit card information on some 40 million customers. It turns out that the credit card numbers were just the tip of a much larger iceberg. The box store retailer now claims that its investigation of that incident revealed that data on around 70 million customers was exposed, including e-mail addresses, phone numbers, mailing addresses and more. In a statement, Target said that much of the stolen data was “partial in nature,” but that it will reach out to customers whose e-mail addresses were stolen to warn them about potential fraud, including “phishing” e-mails that purport to come from Target. “I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are […]

Continue Reading

US CERT Warns About Point-of-Sale Malware

With news of the breach of big-box retailer Target Inc. still in the headlines, the U.S. Computer Emergency Readiness Team (CERT) issued a warning about the danger posed by malicious software targeting Point of Sale (POS) systems. CERT issued an advisory (TA14-002A) on Thursday asking POS owners to take steps to secure the devices, and telling consumers to beware.  The warning comes after a string of reports that suggest that malware attacking point of sale systems is on the rise. In December, researchers from Arbor Networks said they had detected an “active PoS compromise campaign” to steal credit and debit card data that used the Dexter and Project Hook malware. Dexter is a Windows-based program that was first discovered in December, 2012 by Seculert, an Israeli security firm. It is still not known whether malware played a part in the huge theft of credit card data from Target Inc. That […]

Continue Reading

NSA Toolbox Included Hacks For Juniper, Cisco, Dell

The German magazine Der Spiegel made headlines this week with its story detailing the US National Security Agency’s (NSAs) offensive hacking capabilities. The story is based on classified NSA documents absconded with by former contractor Edward Snowden and lays bare a Webster’s Dictionary full of classified hacking tools and programs.   Among the highlights of the story: + The NSA developed and deployed a wide range of hacking tools that could compromise hardware from leading IT and networking equipment makers including Cisco Systems, Juniper Networks and the Chinese vendor Huawei and Dell Inc.   + The NSA tools were designed to provide persistent access that allowed the NSA to monitor activity on the compromised endpoint, avoid detection by third party security software and survive software and firmware updates. One such tool, DEITYBOUNCE, provided persistent access to Dell’s PowerEdge servers by “exploiting the system BIOS” and using “System Management Mode to […]

Continue Reading

Prediction: Rough Road Ahead in 2014 For Security and Internet of Things

With the New Year fast approaching, it’s (unofficially) ‘prediction season,’ when everyone worth their salt stares into the crystal ball and tries to imagine what the world will look like 12 months hence. To sort through our 2014 predictions, we called on Mark Stanislav, the chief Security Evangelist at Duo Security. Mark is a seasoned security researcher who has taken an interest in the security of the Internet of Things. Earlier this year, we wrote about research Mark did on the IZON Camera, an IP-enabled home surveillance camera that is sold by big-box retail stores like Best Buy, as well as by the Apple Store. Beneath the IZON’s polished exterior, the IZON was a mess of sloppy coding and poor security implementation, Stanislav discovered. Like many IoT devices, IZON cameras punted security to those responsible for the wireless network that it was deployed on – essentially trusting any connection from […]

Continue Reading
1 13 14 15 16 17 19