www.bankinfosecurity.com/michaels-breach-how-fraudsters-pulled-off-a-8696 By Tracy Kitten @FraudBlogger Bank Info Security November 20, 2015 More than four years after the point-of-sale attack that struck 80 Michaels craft stores throughout the U.S., compromising nearly 100,000 payment cards, details about how the attackers pulled off their scheme have finally emerged. On Nov. 17, Crystal Banuelos of California, a lead defendant named in the 2011 Michaels debit breach, pleaded guilty to conspiracy to commit bank fraud and aggravated identity theft (see Michael’s Breach: What We’ve Learned). Banuelos’ sentencing date has not yet been set. She faces a maximum sentence of 32 years in prison and a $1 million fine. In her plea filed with a New Jersey District Court, Banuelos notes that she conspired to steal credit and debit card data, as well as PINs, from Michaels’ customers, and knowingly used counterfeit cards created from that stolen data to conduct fraudulent cash withdrawals at ATMs. In all, authorities believe Banuelos and Angel Angulo, a co-defendant named in the indictment whose case is still pending, stole $420,000 from banks through fraudulent ATM withdrawals. Banks defrauded in the scheme, according to the indictment, include U.S. Bank, BMO Harris, Bank of America, JPMorgan Case, TD Bank, Beneficial Bancorp and Wells Fargo. To perpetrate their crime, prosecutors allege Banuelos, Angulo and other unnamed conspirators swapped out 88 legitimate POS devices at 80 different Michaels locations across 19 states with manipulated terminals that were used to capture and store card data and PINs. […]
http://www.csoonline.com/article/2928928/disaster-recovery/heartland-issues-breach-notification-letters-after-computer-theft.html By Steve Ragan Salted Hash CSO Online June 1, 2015 In a letter to the California Attorney General, Heartland Payment Systems has disclosed a data breach impacting personal information. The letter states that the data exposure is the result of a break-in at one of their offices, which included stolen computers. The notification letter says that the theft took place at Heartland’s Santa Ana, California offices on May 8. The incident involved the theft of many items including password protected computers that might have contained Social Security Numbers and / or banking information that is processed by employers. “We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur. We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand,” the notification letter states. In 2008 Heartland was the victim of one of the world’s first major data breaches that exposed 130 million U.S. credit and debit cards. […]
http://www.eweek.com/mobile/wearables-maker-jawbone-sues-fitbit-over-alleged-data-theft.html By Todd R. Weiss eWEEK.com 2015-05-28 Wearables vendor Jawbone is suing rival Fitbit based on allegations that Fitbit hired away some Jawbone employees who then took confidential corporate information with them to their new jobs. The lawsuit, which was filed in California State Court in San Francisco, charges that Fitbit employees were “systematically plundering” confidential information by hiring the former Jawbone workers, who “improperly downloaded sensitive materials shortly before leaving,” according to a May 27 report by The New York Times. “This case arises out of the clandestine efforts of Fitbit to steal talent, trade secrets and intellectual property from its chief competitor,” Jawbone lawyers wrote in the complaint, according to the story. The lawsuit comes at an interesting time for Fitbit, which earlier in May filed for an initial public offering. The company has been in the business of creating and selling a full line of health tracking and fitness bands since 2007. […]
Cool Vendors in security intelligence offer highly innovative technologies that address an organization’s demand for data-driven analytics, techniques in obfuscation and deception, and advanced detection solutions. CISOs should use this research when evaluating technology trends for planning. … illusivenetworks.com ) Analysis by Avivah Litan and Lawrence Pingree Why Cool: Illusive networks offers advanced attack deception … California ( trapx.com ) Analysis by Craig Lawson, Lawrence Pingree and Oliver Rochford Why Cool: TrapX Security is …
Gartner clients can access this research by clicking here.
This research looks at various segments relevant to Imperva — Web application firewalls (WAFs), data-centric audit and protection (DCAP), cloud security, and cloud access security brokers (CASBs) — to provide the reader with the ability to assess the company’s prospects. Based in Redwood Shores, California, Imperva provides hardware and software cybersecurity solutions designed to protect data and applications in the cloud and on-premises. Customers use these solutions to discover assets and risks, protect information, and comply with regulations. …
Gartner clients can access this research by clicking here.
http://krebsonsecurity.com/2015/05/foiling-pump-skimmers-with-gps/ By Brian Krebs Krebs on Security May 4, 2015 Credit and debit card skimmers secretly attached to gas pumps are an increasingly common scourge throughout the United States. But the tables can be turned when these fraud devices are discovered, as evidenced by one California police department that has eschewed costly and time-consuming stakeouts in favor of affixing GPS tracking devices to the skimmers and then waiting for thieves to come collect their bounty. One morning last year the Redlands, Calif. police department received a call about a skimming device that was found attached to a local gas pump. This wasn’t the first call of the day about such a discovery, but Redlands police didn’t exactly have time to stake out the compromised pumps. Instead, they attached a specially-made GPS tracking device to the pump skimmer. At around 5 a.m. the next morning, a computer screen at the Redlands PD indicated that the compromised skimming device was on the move. The GPS device that the cops had hidden inside the skimmer was beaconing its location every six seconds, and the police were quickly able to determine that the skimmer was heading down a highway adjacent to the gas station and traveling at more than 50 MPH. Using handheld radios to pinpoint the exact location of the tracker, the police were able to locate the suspects, who were caught with several other devices implicating them in an organized crime ring. […]
http://www.nextgov.com/defense/2015/04/heres-how-you-hack-drone/111229/ By Aliya Sternstein Nextgov.com April 27, 2015 Research studies on drone vulnerabilities published in recent years essentially provided hackers a how-to guide for hijacking unmanned aircraft, an Israeli defense manufacturer said Monday. A real-life downing of a CIA stealth drone by Iranians occurred a month after one such paper was published, noted Esti Peshin, director of cyber programs for Israel Aerospace Industries, a major defense contractor. In December 2011, the Christian Science Monitor reported that Iran navigated a CIA unmanned aerial vehicle safely down to the ground by manipulating the aircraft’s GPS coordinates. The 2011 study, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled “The Requirements for Successful GPS Spoofing Attacks.” The scholars detailed how to mimic GPS signals to fool GPS receivers that aid navigation. “It’s a PDF file… essentially, a blueprint for hackers,” Peshin said. […]
http://www.nextgov.com/cybersecurity/2015/03/pentagon-personnel-are-talking-nsa-proof-smartphones/108820/ By Aliya Sternstein Nextgov.com March 30, 2015 The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government-surveillance firm Silent Circle, according to company officials. Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones. And for its spy-resistant “blackphone.” Apparently, troops don’t like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with secret code down to its hardware, to communicate “for both unclassified and classified” work, Silent Circle chairman Mike Janke told Nextgov. In 2012, Janke, who served in the Navy’s elite special operations force, and Phil Zimmermann, creator of Pretty Good Privacy (PGP, in short), started Silent Circle as a California-based secure communications firm. The company is no longer based in the United States, ostensibly to deter U.S. law enforcement from seeking access to user records. […]