March 6, 2014
Security pros fear enterprising cybercriminals much more so than they do NSA spies. That’s an insight derived from a survey of techies strolling the floors of San Francisco’s Moscone Convention Center last week at the RSA Conference, which doubled in size this year.
Given the quickening pace of bad guys probing weaknesses in mobile computing, those fears appear to be well founded.
Some 56.2% of respondents to a survey conducted by by Gulf Breeze, Florida-based messaging security firm AppRiver named external sources as the most dangerous threat they must defend against.
The next most feared exposure: insider threats, cited by 33% . Only 5.3% of the survey takers indicated that government security threats were a big concern. (more…)
February 9, 2014 | Comments Off
By Byron Acohido, Last Watchdog
PUNTA CANA, Dominican Republic – Last Watchdog is en route to this warm Caribbean locale, having left a Seattle blizzard. I will be reporting from the Kaspersky Security Analyst Summit through Thursday. Meanwhile, officials at US-CERT have issued a warning for those attending the Winter Olympics in Sochi.
Visitors and stay-at-home fans, alike, should be wary of the usual scams and …more
February 6, 2014 | Comments Off
SEATTLE – In his latest scoop, investigative blogger Brian Krebs makes the case that the Target vendor whose network credentials were used to tap into 110 million customer accounts may have been a heating, ventilation and air conditioning (HVAC) contractor.
Krebs reports that intruders accessed Target’s network on Nov. 15, 2013 using network credentials stolen from a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.
February 5, 2014 | Comments Off
SEATTLE — The cyberunderground paused last week to note that Aleksandr Andreevich Panin, aka “Gribodemon,” had pleaded guilty to charges pegging him as the mastermind of SpyEye.
SpyEye is the tool of choice for hackers who routinely pilfer from online bank accounts. It arose in 2009 as a cheaper imitation of the pioneering banking Trojan, ZeuS, which was the creation of a brilliant, young Russian programmer who goes by the aliases Slavik, A-Z, Umbro and Monstr.
ZeuS’ creator remains on the loose.
The tale of how SpyEye overtook ZeuS could fit in any textbook on entrepreneurship. What’s more, it demonstrates how business-like and resilient the world of criminal hacking has become.
Let’s pick up the story circa 2009, with the help of Don Jackson, director of threat intelligence at security start-up PhishLabs, and Loucif Kharouni, researcher at anti-malware firm Trend Micro.
ZeuS is selling for as much as $8,000 to crime gangs expert at hijacking online bank accounts. ZeuS hacks require customized tuning of the attack code, and crews of hackers working in concert to pull off Ocean’s Eleven-like heists. …more
February 5, 2014 | Comments Off
SEATTLE — The disclosure of consumer data breaches at certain Marriott, Hilton, Sheraton and other major hotel chains managed by White Lodging Hotels comes as Congress is getting briefed about how cybercriminals are taking advantage of flaws in systems that collect and store sensitive data.
Senators Al Franken, Dick Durbin, and Diane Fienstein yesterday got …more
February 4, 2014 | Comments Off
SEATTLE — Target CFO John Mulligan appeared before a U.S. Senate committee this morning to express that the retail giant was “deeply sorry” for losing 110 million customer records to hackers.
“We will learn from this incident and, as a result, we hope to make Target, and our industry, more secure for customers in the future,” he said.
Mulligan is right about lessons to be learned. And let’s hope that these public disclosures of the scale of daily cybercrime will help …more
February 3, 2014 | Comments Off
SEATTLE – Researchers at RSA’s First Watch cybersecurity team have unearthed evidence of another ring of data thieves focusing on retailers, akin to the gang that tapped into the point-of-sales systems at Target, Neiman-Marcus and Michaels. That gang used a memory parsing program called POSRAM. This most recently discovered ring of thieves makes use of a similar piece of malware dubbed ChewBacca. CyberTruth …more
January 31, 2014 | Comments Off
Yet on Thursday the tech giant admitted hackers stole data from an undisclosed number of Yahoo mail users; this time getting to the precious data via a third party website.