Tag Archives: Security

Bank Card Skimmers Installed at Some Calif., Colo. Safeways

Posted on by

“Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway would not name the affected locations, but bank industry sources say the fraud was traced back to Colorado locations in Arvada, Conifer, Denver, Englewood and Lakewood. In California, banks there strongly suspect Safeway locations in Castro Valley and Menlo Park may also have been hit.  Those sources say ATM fraud has been linked to customers using their debit cards at those locations since early September 2015.”

http://krebsonsecurity.com/2015/12/skimmers-found-at-some-calif-colo-safeways/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Target stores attacked by pornographic pranksters

Posted on by

“Explicit audio from a pornographic film was blasted out for all to hear. And it kept playing. And playing. For 15 minutes.  As pranks go, it’s fairly low-grade. But Target has a problem. Staff at the store in Campbell, a small city just south of San Jose, were all but powerless to stop it due to how the PA system is designed.  And it’s not an isolated incident. According to local media, it’s at least the fourth time this prank has happened since April. In one instance, a store had to be evacuated.  An email obtained by the BBC, sent by company bosses to Target store managers across the US on Friday afternoon, outlines a weakness in the store’s PA system being used to carry out the prank.”

http://www.bbc.com/news/technology-34556644

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hey Reader’s Digest: Your site has been attacking visitors for days

Posted on by

“Reader’s Digest has been infected since last week with code originating with Angler, an off-the-shelf hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack scripts. People who visit the site with outdated versions of Adobe Flash, Internet Explorer, and other browsing software are silently infected with malware that gains control over their computers. Malwarebytes researchers said they sent Reader’s Digest operators alerts last week warning the site was infected but never got a response. The researchers estimate that thousands of other sites have been similarly attacked in recent weeks and that the number continues to grow.”

http://arstechnica.com/security/2015/11/hey-readers-digest-your-site-has-been-attacking-visitors-for-days/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Researchers discover new attacks amid telcos’ Voice-over-LTE rollout

Posted on by

“Research shows how much damage a bad actor can do with a rooted phone and a linked computer, disguising regular traffic to look like the new VoLTE protocols. Exploiting that vulnerability, Tu was able to dodge data charges, shut down a target’s data connection with a DDoS-like attack, or drive a victim’s data charges through the roof.  Tu’s attacks work entirely within the cell network, setting them apart from normal internet-based exploits and letting them bypass traditional operator firewalls. The result for most exploits would be a simple loss of service, as high-priority signal traffic crowds out everything else arriving on the phone.”

http://www.theverge.com/2015/10/22/9594128/volte-vulnerability-attack-verizon-att-tmobile

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Critical Flaws Found in Network Management Systems

Posted on by

“Four leading network management system providers are busy patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7.  Three of the affected vendors, Spiceworks, Ipswitch and Opsview, have already patched their respective products, while Castle Rock Computing has yet to set a timeline for the availability of patches.  These management planes provide enterprises with a view into network activity and performance, and hackers with an attractive attack vector.”

https://threatpost.com/critical-flaws-found-in-network-management-systems/115649/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Car parking apps vulnerable to man-in-the-middle attacks

Posted on by

“The next time you need to pay for parking, it might be best to have a handful of coins ready for the meter.  That’s the advice from researchers at NCC Group, who recently dissected 6 mobile apps being used as alternatives to paying with coins or cards at parking meters.  Their findings: nearly all were affected by security vulnerabilities, ‘some more serious than others.’  While the app makers all recognized the need for some form of encryption – after all, these apps send sensitive data such as credit card details and passwords to the server – they’re not necessarily doing it right.”

https://nakedsecurity.sophos.com/2015/12/15/car-parking-apps-vulnerable-to-man-in-the-middle-attacks/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Europe’s highest court strikes down Safe Harbor data sharing between EU, US

Posted on by

“The case was originally sent to the CJEU by the High Court of Ireland, after the Irish data protection authority rejected a complaint from Maximillian Schrems, an Austrian citizen. He had argued that in light of Snowden’s revelations about the NSA, the data he provided to Facebook that was transferred from the company’s Irish subsidiary to the US under the Safe Harbour scheme was not, in fact, safely harboured. Advocate General Yves Bot of the CJEU agreed with Schrems that the EU-US Safe Harbour system did not meet the requirements of the Data Protection Directive, because of NSA access to EU personal data.”

http://arstechnica.com/tech-policy/2015/10/europes-highest-court-strikes-down-safe-harbour-data-sharing-between-eu-and-us/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

When a single e-mail gives hackers full access to your network

Posted on by

“The vulnerability, which is on by default in the NX, EX, AX, FX series of FireEye products, was [disclosed by] FireEye last week, after researchers from Google’s Project Zero privately reported it. It made it possible for attackers to penetrate a network by sending one of its members a single malicious e-mail, even if it’s never opened. It’s not uncommon for outsiders to find such critical flaws in a security product. Still, the proof-of-concept exploit underscores that such game-over threats often extend to some of a network’s most critical equipment.”

http://arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Western Digital self-encrypting hard drives riddled with security flaws

Posted on by

“Several versions of self-encrypting hard drives from Western Digital are riddled with so many security flaws that attackers with physical access can retrieve the data with little effort, and in some cases, without even knowing the decryption password, a team of academics said.  The paper, titled got HW crypto? On the (in)security of a Self-Encrypting Drive series, recited a litany of weaknesses in the multiple versions of the My Passport and My Book brands of external hard drives. The flaws make it possible for people who steal a vulnerable drive to decrypt its contents, even when they’re locked down with a long, randomly generated password.”

http://arstechnica.com/security/2015/10/western-digital-self-encrypting-hard-drives-riddled-with-security-flaws/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Posted on by

“The encryption backdoor argument has been made and soundly rejected many times, most notably in the 1990s, when the government wanted the Clipper Chip, a requirement for a back door in technology for law enforcement and national security officials to use.  A report by a group of leading security experts concluded that installing back doors would undermine security by creating an enormous vulnerability: ‘If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege.'”

https://www.linkedin.com/pulse/kafkaesque-sacrifice-encryption-security-name-daniel-solove

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet