[ISN] Banks: Credit Card Breach at Home Depot

http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/ By Brian Krebs Krebs on Security Sept. 2, 2014 Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and law enforcement agencies to investigate reports of suspicious activity. Contacted by this reporter about information shared from several financial institutions, Home Depot spokesperson Paula Drake confirmed that the company is investigating. “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Apple confirms celebrities’ accounts breached in “highly targeted” attack

http://arstechnica.com/tech-policy/2014/09/apple-confirms-celebrities-accounts-breached-in-highly-targeted-attack/ By Sean Gallagher Ars Technica Sept 2 2014 An Apple spokesperson has issued a statement on the company’s investigation of the hacking of female celebrities’ cloud accounts and the theft of photos from their accounts. And Apple is, in essence, blaming the victims. Or at least, their security questions and passwords. “We wanted to provide an update to our investigation into the theft of photos of certain celebrities,” the statement reads. “When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us.” Initial reports from security sources suggested that an exploit of a weakness in Apple’s “Find My iPhone” API that allowed a brute force password attack. Apple has discounted those reports, and it blames the success of the attacker on what amounts to social engineering of the accounts—by trying to use personal data to guess passwords or answers to security questions for the accounts in question. “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords, and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] JPMorgan breach likely impacts UCard users – again

http://www.csoonline.com/article/2599839/social-engineering/jpmorgan-breach-likely-impacts-ucard-users-again.html By Steve Ragan CSO Online Sep 2, 2014 The story is nearly identical to one from nearly a year ago. It starts with JPMorgan Chase disclosing that they’ve suffered a data breach. The bank says that an unknown number of records have been compromised, but it’s certain that the incident impacts customers from various services, including those using JPMorgan’s UCard. In 2013, the story focused on a breach that occurred in July and was detected and addressed in September. Several months later, JPMorgan’s most recent security problems were detected sooner, but the end result is still the same – gigabytes of data was compromised, including customer (savings and checking account) and corporate (HR) records. As such, JPMorgan Chase once again initiated the communications aspect of their incident response plan last week, and notified state agencies that people using pre-paid debit cards could be impacted by this latest breach. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Over 90% Of Cloud Services Used In Healthcare Pose Medium To High Security Risk

http://www.forbes.com/sites/danmunro/2014/09/01/over-90-of-cloud-services-used-in-healthcare-pose-medium-to-high-security-risk/ By Dan Munro Forbes.com 9/01/2014 According to cloud security vendor Skyhigh Networks, more than 13% of cloud services used in healthcare are high‒risk and 77% are medium risk ‒ as measured across 54 different security attributes (like data encryption and “two factor” authentication). As if to add emphasis to this exact point, risqué celebrity photos were hacked over the weekend in what is being rumored as a potentially broader attack on Apple’s iCloud service (specifically the Photo Stream feature). While cloud vendors have a general responsibility to encrypt data at rest and offer two‒factor authentication (iCloud does), they can’t really dictate the use of important safety measures ‒ especially on the retail/consumer side. In the case of two-factor authentication, it’s an extra, somewhat annoying step and the risks are often thought to be vague or low for casual consumer data. As a gentle reminder, if you haven’t read Mat Honan’s account of how he lost his digital life in one hour (August 2012 Wired), now would be a good time to get that chilling refresher. Which also underscores healthcare’s broader dilemma. On the one hand, cloud services can offer advanced technical solutions at an attractive price compared to on-premise hardware and software, but issues of privacy and security are also very different for healthcare. Recent statistics from Skyhigh Networks also serve to emphasize these concerns. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Reconnaissance code on industrial software site points to watering hole attack

http://news.techworld.com/security/3542635/reconnaissance-code-on-industrial-software-site-points-to-watering-hole-attack/ By Lucian Constantin Techworld.com 01 September 2014 Attackers have rigged the website of an industrial software firm with a sophisticated reconnaissance tool, possibly in preparation for attacks against companies from several industries. The incident was detected last week by researchers from security firm AlienVault who found rogue code injected into the website of a big industrial company that wasn’t named. “The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing,” said Jaime Blasco, director of the AlienVault Labs in a blog post. Unlike most watering hole attacks where hackers inject malware-carrying exploits into websites visited by their intended targets, the purpose of this attack was only to gain detailed information about visiting computers. The rogue code injected into the compromised site loaded a JavaScript file from a remote server that was actually a reconnaissance framework dubbed Scanbox, Blasco said. In addition to collecting basic information like the browser type, computer IP (Internet Protocol) address, operating system and language, this tool uses advanced techniques to detect which security programs are installed on the visitor’s system, he said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail