Tag Archives: theft

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Broad use of cloud services leaves enterprise data vulnerable to theft, report says

www.networkworld.com/article/3025944/security/broad-use-of-cloud-services-leave-enterprise-data-vulnerable-to-theft-report-says.html By Patrick Nelson Network World Jan 25, 2016 Data theft is a very real and growing threat for companies that increasingly use cloud services, says a security firm. Workers who widely share documents stored in the cloud with clients, independent contractors, or even others within the company are creating a Swiss-cheese of security holes, a study by Blue Coat Systems has found. In some cases, cloud documents were publicly discoverable through Google searches, the researchers say of their analysis. ‘Broadly shared’ The study found that 26% of documents stored in cloud apps are shared so widely that they pose a security risk. Compounding the issue is that many organizations aren’t even aware of it. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 8 out of 10 mobile health apps open to HIPAA violations, hacking, data theft

www.healthcareitnews.com/news/8-out-10-mobile-health-apps-open-hipaa-violations-hacking-data-theft By Bill Siwicki Healthcare IT News January 13, 2016 A new report shows 84 percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks. Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues. The new research from Arxan, which this year placed special emphasis on mobile health apps, was based on analysis of 126 popular health and finance apps from the United States. United Kingdom, Germany and Japan. There is a disparity between consumer confidence and the attention given to security by app developers, the study found. While the majority of app users and app executives said they believe their apps are secure, nearly all apps Arxan assessed proved to be vulnerable […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases

www.networkworld.com/article/3015999/over-650-terabytes-of-data-up-for-grabs-due-to-publicly-exposed-mongodb-databases.html By Lucian Constantin IDG News Service Dec 16, 2015 There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft. Matherly originally sounded the alarm about this issue back in July, when he found nearly 30,000 unauthenticated MongoDB instances. He decided to revisit the issue after a security researcher named Chris Vickery recently found information exposed in such databases that was associated with 25 million user accounts from various apps and services, including 13 million users of the controversial OS X optimization program MacKeeper. Matherly’s new results show an increase of over 5,000 insecure MongoDB instances since July, a somewhat surprising result giving that newer versions of the database no longer have a default insecure configuration. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 4 Brooklyn men charged with skimming ATMs in Skokie

www.chicagotribune.com/news/local/breaking/ct-skokie-atm-skimming-met-20151213-story.html By Dawn Rhodes Chicago Tribune December 13, 2015 Four men from New York by way of Russia and Kazakhstan were charged with felonies after allegedly stealing financial information from ATMs in Skokie. Irmiyo Izraelov, 24; Bakai Marat-Uulu, 23; Yevgeniy A. Dubovskiy, 24; and Konstantin Miroshnikov, 24, all of Brooklyn, appeared in bond court Sunday, accused of identity theft. Prosecutors alleged a Chase bank branch in the northern suburb was informed Dec. 1 that a skimming device had been attached to an ATM. Bank officials pulled video footage from the ATM and determined the four men were responsible. The bank then got another report of a skimming device on an ATM on Dec. 10, and again identified the four men as the ones responsible. They were arrested the same day. Police found card readers, decoders and other identity theft equipment in the men’s car and the hotel room where they were staying, prosecutors said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chinese public security chief heads to US for talks on cybercrime

www.scmp.com/news/china/diplomacy-defence/article/1885101/chinese-public-security-chief-heads-us-talks-cybercrime By Jun Mai scmp.com 30 November 2015 The first high-level dialogue between the United States and China on cybercrime is under way this week to flesh out a deal reached in September by the presidents of the two countries. State media reported on Sunday that Minister of Public Security Guo Shengkun would be in the US until Thursday. Guo would also co-chair a ministerial meeting with Jeh Johnson, Secretary of the US Department of Homeland Security, Xinhua said. During President Xi Jinping’s visit to the US in September, the two countries agreed that they would launch biannual ministerial-level talks on cybersecurity by the end of this year. Talks on the subject had been suspended a year earlier after the US charged five Chinese military officers with hacking. US President Barack Obama said he and Xi agreed that neither government would knowingly support cybertheft of corporate secrets to support domestic businesses. Renmin University international relations professor Shi Yinhong said the talks would aim to nail down detailed points of agreement on cybersecurity but a breakthrough would be difficult to realise. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Michaels Breach: How the Fraudsters Pulled it Off

www.bankinfosecurity.com/michaels-breach-how-fraudsters-pulled-off-a-8696 By Tracy Kitten @FraudBlogger Bank Info Security November 20, 2015 More than four years after the point-of-sale attack that struck 80 Michaels craft stores throughout the U.S., compromising nearly 100,000 payment cards, details about how the attackers pulled off their scheme have finally emerged. On Nov. 17, Crystal Banuelos of California, a lead defendant named in the 2011 Michaels debit breach, pleaded guilty to conspiracy to commit bank fraud and aggravated identity theft (see Michael’s Breach: What We’ve Learned). Banuelos’ sentencing date has not yet been set. She faces a maximum sentence of 32 years in prison and a $1 million fine. In her plea filed with a New Jersey District Court, Banuelos notes that she conspired to steal credit and debit card data, as well as PINs, from Michaels’ customers, and knowingly used counterfeit cards created from that stolen data to conduct fraudulent cash withdrawals at ATMs. In all, authorities believe Banuelos and Angel Angulo, a co-defendant named in the indictment whose case is still pending, stole $420,000 from banks through fraudulent ATM withdrawals. Banks defrauded in the scheme, according to the indictment, include U.S. Bank, BMO Harris, Bank of America, JPMorgan Case, TD Bank, Beneficial Bancorp and Wells Fargo. To perpetrate their crime, prosecutors allege Banuelos, Angulo and other unnamed conspirators swapped out 88 legitimate POS devices at 80 different Michaels locations across 19 states with manipulated terminals that were used to capture and store card data and PINs. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Pacific trade deal takes aim at Chinese hacking

www.ft.com/intl/cms/s/0/89a0137a-82b1-11e5-8095-ed1a37d1e096.html By Shawn Donnan in Washington FT.com November 4, 2015 Pacific Rim countries will be required to criminalise hacking attacks on companies under a new regional trade pact that shows Washington’s determination to clamp down on Chinese cyber theft and ban new forms of digital protectionism. The US, Japan and 10 other economies concluded five years of negotiations last month on the Trans-Pacific Partnership, covering roughly 40 per cent of the global economy. Although the pact does not include China, US officials are selling the TPP as a crucial component in Washington’s efforts to write the rules of the global economy before Beijing can. The deal will reduce trade barriers on everything from beef and dairy products to textiles, with new standards for environmental protection, investment disputes and the behaviour of state-owned enterprises. The TPP agreement — details of which will be released as soon as Thursday — will also include new rules governing the free flow of data, privacy and cyber security, showing how the US intends to use a trade deal to set new benchmarks that it hopes will become global standards. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail