Tag Archives: today

[ISN] Supervalu Says Hackers May Have Stolen U.S. Customers’ Data


http://www.bloomberg.com/news/2014-08-15/supervalu-says-hackers-may-have-stolen-u-s-shoppers-card-data.html? By Robert Valpuesta Bloomberg.com Aug 15, 2014 Supervalu Inc. (SVU) said customers’ payment-card details may have been stolen as the U.S. grocery chain with more than 3,300 stores became the latest to fall victim to hackers. The data may have been stolen from cards used in Supervalu stores from June 22 to July 17 following a network intrusion, the Eden Prairie, Minnesota-based company said in a statement today. Payment companies have been notified and law-enforcement agencies are investigating, it said. Supervalu joins a lengthening list of companies whose systems have been compromised. Minneapolis-based retailer Target Corp. was victim of a breach last year that allowed hackers to gain access to payment data for 40 million customers’ cards. Hackers in Russia have amassed 1.2 billion sets of looted user names and passwords, the largest known cache of stolen personal information, U.S. company Hold Security LLC said this month. Cybercrime costs as much as $575 billion a year and remains a growth industry with attacks on banks, retailers and energy companies that will worsen, according to a June report by the Washington-based Center for Strategic and International Studies and sponsored by network security company McAfee Inc. [...]

Tags: , , , , , , , , , , , , , , , , , ,

[ISN] Former hedge fund researcher pleads guilty to helping colleague hide trade-secret thefts

http://www.chicagotribune.com/news/local/breaking/chi-former-hedge-fund-researcher-pleads-guilty-to-helping-steal-trade-secrets-20140812-story.html By Jason Meisner Chicago Tribune August 12, 2014 A former researcher with Chicago-based Citadel LLC pleaded guilty today to helping a colleague try to hide personal computers that had been used to steal trade secrets from the giant hedge fund’s high-speed automated trading system. Sahil “Sonny” Uppal, 26, of New Jersey, had been scheduled to go to trial next month in federal court in Chicago, but he pleaded guilty to one count of obstruction of justice just days after co-defendant Yihao “Ben” Pu entered a guilty plea to charges he stole trade secrets. Under federal sentencing guidelines, Uppal faces up to 16 months in prison at his sentencing in November. Prosecutors said Uppal and Pu were co-workers at an undisclosed New Jersey-based trading firm and later at Citadel, where Uppal’s primary job responsibilities included researching and developing a high-frequency trading strategy for equity investments. In July 2011, Uppal helped copy onto Pu’s personal hard drives three files containing research he had used to develop the trading strategy, according to his plea agreement with prosecutors. [...]

Tags: , , , , , , ,

[ISN] Poorly trained IT workers are ‘gateway for hackers’

http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html By Matthew Sparkes Deputy Head of Technology The Telegraph 06 Aug 2014 UK universities are failing to teach enough computer security skills and are churning out IT graduates who present a “risk to their own organisation”, according to a senior NHS IT manager. Derrick Bates, senior information security officer at North Cumbria University Hospitals NHS Trust, said: “Some of today’s graduates may have an abstract knowledge of info security, but how many of them could spot a dodgy attachment, run a penetration test or crack a code? “What is the point in universities turning out great software developers and web designers if they have no idea how to design them securely? It is like building a house without locks.” He warned that “under-skilled” IT staff can be a “gateway for hackers to get into the rest of the organisation”. [...]

Tags: , , , , , , , , , ,

[ISN] Sandwich Chain Jimmy John’s Investigating Breach Claims

http://krebsonsecurity.com/2014/07/sandwich-chain-jimmy-johns-investigating-breach-claims/ By Brian Krebs Krebs on Security July 31, 2014 Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation. Multiple financial institutions tell KrebsOnSecurity that they are seeing fraud on cards that have all recently been used at Jimmy John’s locations. Champaign, Ill.-based Jimmy John’s initially did not return calls seeking comment for two days. Today, however, a spokesperson for the company said in a short emailed statement that “Jimmy John’s is currently working with the proper authorities and investigating the situation. We will provide an update as soon as we have additional information.” The unauthorized card activity witnessed by various financial institutions contacted by this author is tied to so-called “card-present” fraud, where the fraudsters are able to create counterfeit copies of stolen credit cards. [...]

Tags: , , , , , , , , , , ,

[ISN] Mitigating cyber risk as healthcare data sharing accelerates

http://healthitsecurity.com/2014/07/30/mitigating-cyber-risk-as-healthcare-data-sharing-accelerates/ By Greg Michaels HealthITSecurity.com July 30, 2014 When it comes to protecting their data, healthcare organizations are increasingly finding themselves caught between the proverbial rock and a hard place. On the one hand, healthcare reform has not only led to organizations generating vast amounts of electronic data, but has also driven the exchange and integration of this information among providers and payers on an unprecedented scale. All of this creation and sharing of electronic health information is aimed at improving patient care, realizing greater efficiencies and lowering overall costs. On the other hand, the million-dollar question—or make that the $5.6 billion question according to the Ponemon Institute’s fourth annual Patient Privacy & Data Security Study—is what happens when a healthcare organization discovers its data has been compromised, whether it be protected health information (PHI), payment card details or personal employee information? Protecting data within the organization and along the supply chain is a major challenge for healthcare entities. Most are already stretched by pressures unique to their industry—i.e., the move from paper to electronic records; the implementation for the ICD-10 code set; Meaningful Use requirements; and the HIPAA Omnibus Rule on privacy protections released last year. Add in issues commonly experienced by most businesses today—e.g., lean staffing, financial stresses—and it’s easy to see how healthcare organizations can find it difficult to dedicate the time to develop an effective information security program and proactively assess and mitigate risks. [...]

Tags: , , , , , , , , , , , , , , , , , , ,

[ISN] The CIA Fears the Internet of Things

http://www.defenseone.com/technology/2014/07/cia-fears-internet-things/89660/ By Patrick Tucker Defense One July 24, 2014 The major themes defining geo-security for the coming decades were explored at a forum on “The Future of Warfare” at the Aspen Security Forum on Thursday, moderated by Defense One Executive Editor Kevin Baron. Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology, said today’s concerns about cyber war don’t address the looming geo-security threats posed by the Internet of Things, the embedding of computers, sensors, and Internet capabilities into more and more physical objects. “Smart refrigerators have been used in distributed denial of service attacks,” she said. At least one smart fridge played a role in a massive spam attack last year, involving more than 100,000 internet-connected devices and more than 750,000 spam emails. She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.” “The merger of physical and virtual is really where it’s at. If we don’t grok that then we’ve got huge problems,” she said. Grok, a reference to Robert A. Heinlein’s 1961 novel Stranger in a Strange Land, describes the telepathic communion of thoughts, feelings, and fears. [...]

Tags: , , , , , , , , , , , ,

[ISN] Seven Arrested For Fleecing StubHub For $1.6 Million In Tickets

http://www.forbes.com/sites/katevinton/2014/07/23/seven-arrested-for-fleecing-stubhub-for-1-6-million-in-tickets/ By Kate Vinton Forbes Staff 7/23/2014 Seven alleged cyber criminals have been arrested as part of an international cybercrime ring that hacked StubHub and laundered upwards of $1.6 million dollars, the New York D.A.’s Office announced Tuesday. Two of the alleged criminals were arraigned in New York today, with bail set at $2 million and $500,000. Six of the arrests were made on Tuesday across three countries—three in London, one in Toronto, and two in New York—highlighting the international scope of cybercrime. A seventh criminal was arrested in Spain earlier this month. One American is expected to turn himself in this week, and two cybercriminals are still beyond reach in Russia, according to Manhattan D.A. Cyrus R. Vance at a press conference on Tuesday. This case originally began over a year ago in March 2013, when StubHub discovered a cyber breach and reported it to authorities, Vance said. This led to a case being opened with the New York City District Attorney’s Office, according to a StubHub statement. The investigation uncovered that cybercriminals had gained access to StubHub accounts and used customers pre-existing card information to purchase tickets for resale, in what is known as an “Account Take-Over Fraud.” StubHub, the subsidiary of eBay EBAY +1.17% (which had its own cyber breach) that allows people to buy and sell tickets online to games, concerts, and theater shows, notified affected customers after the breach and refunded them for the tickets in addition to increasing security, according to a statement. [...]

Tags: , , , , , , , , , , ,

[ISN] Meet ‘Project Zero, ‘ Googles Secret Team of Bug-Hunting Hackers

http://www.wired.com/2014/07/google-project-zero/ By Andy Greenberg Threat Level Wired.com 07.15.14 When 17-year-old George Hotz became the world’s first hacker to crack AT&T’s lock on the iPhone in 2007, the companies officially ignored him while scrambling to fix the bugs his work exposed. When he later reverse engineered the Playstation 3, Sony sued him and settled only after he agreed to never hack another Sony product. When Hotz dismantled the defenses of Google’s Chrome operating system earlier this year, by contrast, the company paid him a $150,000 reward for helping fix the flaws he’d uncovered. Two months later Chris Evans, a Google security engineer, followed up by email with an offer: How would Hotz like to join an elite team of full-time hackers paid to hunt security vulnerabilities in every popular piece of software that touches the internet? Today Google plans to publicly reveal that team, known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software. Those secret hackable bugs, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. By tasking its researchers to drag them into the light, Google hopes to get those spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing bugs only in Google’s products. They’ll be given free rein to attack any software whose zero-days can be dug up and demonstrated with the aim of pressuring other companies to better protect Google’s users. “People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,” says Evans, a British-born researcher who formerly led Google’s Chrome security team and will now helm Project Zero. (His business cards read “Troublemaker.”) “We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.” [...]

Tags: , , , , , , , , , , , , , , , , , , ,