Tag Archives: acquired

Gartner Signs Definitive Agreement to Sell CEB Talent Assessment to Exponent for $400 Million

Gartner, Inc. (NYSE: IT), the world's leading research and advisory company, today announced that it has reached a definitive agreement to sell CEB Talent Assessment to Exponent Private Equity, a UK-based private equity firm, for $400 million. The agreement comes at the end of a previously announced process to evaluate strategic alternatives for CEB Talent Assessment, formerly SHL, which was acquired by Gartner as part of the CEB acquisition in 2017. The transaction is expected to clo

[ISN] Dating site Topface pays hacker who stole 20 million credentials

http://www.techworld.com/news/security/dating-site-topface-pays-hacker-who-stole-20-million-credentials-3596333/ By John E Dunn Techworld.com Jan 30, 2015 The ‘Mastermind’ hacker who stole 20 million user credentials from Russian dating website Topface has got an extraordinary response from his victim – an undisclosed payment for “finding” the vulnerability that led to the calamitous breach. It’s an extraordinary turns of events that would be unthinkable in almost any other country but the site justified its decision with the argument that recovering the data would end the matter once and for all. Recall that the hacker in question had tried to sell the stolen data on a crime forum which is where the breach was first noticed by a third party, US securty outfit Easy Solutions. Without that discovery the data would probably have been sold on without the site realising that a breach had happened in the first place. “He [Mastermind] has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of acquired email addresses database,” the firm said in a statement. […]


[ISN] Coca Cola sued by former employee over unencrypted laptop data theft

http://news.techworld.com/security/3585884/coca-cola-sued-by-former-employee-over-unencrypted-laptop-data-theft/ By John E. Dunn Techworld 13 November 2014 Coca-Cola is facing a potential class-action lawsuit after one of the people whose personal data was on one of a clutch of laptops stolen from the company says he suffered identity theft as a result of the breach. Laptops thefts are a common occurrence for most large organisations but the circumstances surrounding the loss of 55 laptops over a six-year period from the drinks giant’s Atlanta office and a bottling firm it acquired were always puzzling. Made public on 24 January this year, it turned out that an employee, Thomas William Rogers III, had allegedly taken the machines without their loss being realised. The machines contained the records of 74,000 people, all current or former employees, including 18,000 revealing social security numbers. Coca-Cola eventually recovered some of the laptops in December 2013, at which point the seriousness of the breach was realised. None of the records on the laptops had been encrypted. […]


[ISN] Google: Manual Account Hijacks Much More Dangerous Than Bot Takeovers

http://www.darkreading.com/attacks-breaches/google-manual-account-hijacks-much-more-dangerous-than-bot-takeovers/d/d-id/1317301 By Jai Vijayan Dark Reading 11/6/2014 Targeted attacks are less common but cause more problems and financial losses for victims than nontargeted mass account takeovers, a new report from Google says. Most online account hijacking capers are carried out using automated bots, but not all. In fact, some of the most effective and damaging heists result from targeted, carefully staged, manual attacks, a new study by Google shows. Researchers at the search company recently reviewed manual account hijacking incidents involving users of various Google services from 2011 to 2014. For the study, the researchers looked at how criminals acquired a victim’s login credentials to take over an account and how they attempted to exploit and monetize that access. For the purposes of the study, the researchers defined a manual hijack as an incident where an attacker spends considerable time exploiting a single victim’s account for financial gain. They discovered that such incidents are extremely rare. In fact, over the period of the study, the researchers observed an average of just nine incidents of manual account hijackings per million Google users per day. […]


[ISN] Even Script Kids Have a Right to Be Forgotten

http://krebsonsecurity.com/2014/07/even-script-kids-have-a-right-to-be-forgotten/ By Brian Krebs Krebs on Security July 18, 2014 Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That’s because the breached databases crawled by this search engine are mostly sites frequented by young ne’er-do-wells who are just getting their feet wet in the cybercrime business. Indexeus boasts that is has a searchable database of “over 200 million entries available to our customers.” The site allows anyone to query millions of records from some of the larger data breaches of late — including the recent break-ins at Adobe and Yahoo! – listing things like email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts. Who are Indexeus’s target customers? Denizens of hackforums[dot]net, a huge forum that is overrun by novice teenage hackers (a.k.a “script kiddies”) from around the world who are selling and buying a broad variety of services designed to help attack, track or otherwise harass people online. Few services are as full of irony and schadenfreude as Indexeus. You see, the majority of the 100+ databases crawled by this search engine are either from hacker forums that have been hacked, or from sites dedicated to offering so-called “booter” services — essentially powerful servers that can be rented to launch denial-of-service attacks aimed at knocking Web sites and Web users offline. […]


[ISN] Banks: Credit Card Breach at P.F. Chang’s

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/ By Brian Krebs Krebs on Security June 10, 2014 Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide. On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014. Contacted about the banks’ claims, the Scottsdale, Arizona-based restaurant chain said it has not yet been able to confirm a card breach, but that the company “has been in communications with law enforcement authorities and banks to investigate the source.” “P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the company said in an emailed statement. “We will provide an update as soon as we have additional information.” […]


[ISN] E-commerce security startup Forter lands $3M in funding from Sequoia Capital

http://www.zdnet.com/e-commerce-security-startup-forter-lands-3m-in-funding-from-sequoia-capital-7000027705/ By Larry Barrett Between the Lines ZDNet News March 25, 2014 Forter, an Israeli security startup that provides online retailers with real-time e-commerce fraud prevention services, secured $3 million in Series A funding from Menlo Park, Calif.-based venture capital firm Sequoia Capital. In the wake of catastrophic security breaches at major retailers, including Target and Neiman Marcus among many, many others, retailers online and off are scrambling to find more holistic and comprehensive security applications and processes to safeguard their customers’ credit and debit card accounts. Forter’s founders, including CEO Michael Reitblat, first became acquainted with the prowess of behavioral data and cyber intelligence technology as intelligence officers in the Israeli Defense Force, before they went on to start Fraud Sciences, a fraud prevention company that was eventually acquired by PayPal in 2008 for $169 million. Forter’s plug-and-play technology automates the review process by instantly analyzing customers’ profile and behavioral data in real time rather than relying on customer-provided data—which is often easy to falsify


[ISN] Iran Hacks Energy Firms, U.S. Says

http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html By SIOBHAN GORMAN and DANNY YADRON The Wall Street Journal May 23, 2013 WASHINGTON — Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials. In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded “far enough to worry people,” one former official said. The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage. U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by “denial of service” strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org