Tag Archives: fraud

[ISN] Point-of-Sale Vendor NEXTEP Probes Breach

http://krebsonsecurity.com/2015/03/point-of-sale-vendor-nextep-probes-breach/ By Brian Krebs Krebs on Security March 9, 2015 NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned. The acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada. Last week, KrebsOnSecurity reached out to Zoup after hearing from financial industry sources about fraud patterns indicating some sort of card compromise at many Zoup locations. Zoup CEO Eric Ersher referred calls to NEXTEP, saying that NEXTEP was recently informed of a security issue with its point-of-sale devices. Ersher said Zoup runs NEXTEP’s point-of-sale devices across its entire chain of stores. In an emailed statement, NEXTEP President Tommy Woycik confirmed Ersher’s account, but emphasized that the company does not believe all of its customers are impacted. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Credit Card Breach at Mandarin Oriental

http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/ By Brian Krebs Krebs on Security March 4, 2015 In response to questions from KrebsOnSecurity, upscale hotel chain Mandarin Oriental Hotel Group today confirmed that its hotels have been affected by a credit card breach. Reached for comment about reports from financial industry sources about a pattern of fraudulent charges on customer cards that had all recently been used at Mandarin hotels, the company confirmed it is investigating a breach. “We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue,” the company said in an emailed statement. “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.” Mandarin isn’t saying yet how many of the company’s two-dozen or so locations worldwide may be impacted, but banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington, D.C. Sources also say the compromise likely dates back to just before Christmas 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attackers protesting Superfish debacle hijack Lenovo e-mail, spoof website

http://arstechnica.com/security/2015/02/attackers-take-control-of-lenovo-com-hijacking-e-mail-and-web-servers/ By Dan Goodin Ars Technica Feb 25, 2015 Almost a week after revelations surfaced that Lenovo preinstalled dangerous ad-injecting software on consumer laptops, attackers took complete control of the company’s valuable Lenovo.com domain name, a coup that allowed them to intercept the PC maker’s e-mail and impersonate its Web pages. The hijacking was the result of someone compromising a Lenovo account at domain registrar Web Commerce Communications, and changing the IP address that gets called when people typed Lenovo.com into their Web browsers or e-mail applications. As a result, the legitimate Lenovo servers were bypassed and replaced with one that was controlled by the attackers. Marc Rogers, a principal security researcher at content delivery network CloudFlare, told Ars the new IP address pointed to a site hosted behind his company’s name servers. CloudFlare has seized the customer’s account, and at the time this post was being prepared, company engineers were working to help Lenovo restore normal e-mail and website operations. “We took control as soon as we found out (minutes after it happened) and are now working with Lenovo to restore service,” Rogers said. “All we saw was the domain come in to us, at which point we took immediate action to protect them and their service.” Rogers went on to say the unknown attackers posted MX mail server records that allowed them to read e-mail sent to Lenovo employees. The fraudulent records have since been removed. Rogers’ account is consistent with an image posted by the LizardCircle Twitter account. The image showed an e-mail sent by an outside PR person to several people inside Lenovo’s PR department. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI offers record $3M reward for Russian hacking suspect

http://www.cnet.com/news/fbi-offers-record-3m-reward-for-russian-hacking-suspect/ By Steven Musil CNET News February 24, 201 The FBI is offering a $3 million reward for information leading to the arrest or conviction of a Russian hacking suspect, the highest bounty ever offered by US authorities in a cybercrime case. Evgeniy Mikhailovich Bogachev is accused of being the mastermind behind the GameOver Zeus botnet, which was used by cybercriminals to steal more than $100 million from businesses and consumers since 2011. A 14-count indictment unsealed last year charged Bogachev, 31, with conspiracy, computer hacking, wire fraud, bank fraud and money laundering. “This reward offer reaffirms the commitment of the US Government to bring those who participate in organized crime to justice, whether they hide online or overseas,” the US Department of State said in a statement. The FBI believes that Bogachev is still living in Russia. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy

http://www.wired.com/2015/02/hacker-claims-feds-hit-44-felonies-refused-fbi-spy/ By Andy Greenberg Threat Level Wired.com 02.18.15 A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him. A Southern District of Texas judge sentenced Salinas earlier this month to six months in prison and a $10,600 fine after he pleaded guilty to a misdemeanor count of computer fraud and abuse. The charge stemmed from his repeatedly scanning the local Hidalgo County website for vulnerabilities in early 2012. But just months before he took that plea, the 28-year-old with ties to the hacktivist group Anonymous instead faced 44 felony hacking and cyberstalking charges, all of which were later dismissed. And now that his case is over, Salinas is willing to say why he believes he faced that overwhelming list of empty charges. As he tells it, two FBI agents asked him to hack targets on the bureau’s behalf, and he refused. Over the course of a six-hour FBI interrogation in May, 2013, months after his arrest, Salinas says two agents from the FBI’s Southern District of Texas office asked him to use his skills to gather information on Mexican drug cartels and local government figures accepting bribes from drug traffickers. “They asked me to gather information on elected officials, cartel members, anyone I could get data from that would help them out,” Salinas told WIRED in a phone interview before his sentencing. “I told them no.” “Fundamentally this represents the FBI trying to recruit by indictment,” says Salinas’ lawyer Tor Ekeland, who took the case pro bono last year. “The message was clear: If he had agreed to help them, they would have dropped the charges in a second.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Did Obama’s Cyber Summit Miss the Mark?

http://www.bankinfosecurity.com/did-obamas-cyber-summit-miss-mark-a-7918 By Tracy Kitten Bank Info Security February 16, 2015 Payments security was a marquee topic at last week’s White House Summit on Cybersecurity and Consumer Protection. But was it all just talk, or will decisive action result from the Summit? Some observers say that, despite commitments made by leading payment card brands to enhance security, the Summit produced no specifics about how public and private sectors will collaborate to curb cyber-fraud. They also say the card brands’ plans fail to address tokenization concerns that banking/security leaders and retailers have been at odds over for the past several months. Fraud expert Avivah Litan, an analyst at the consultancy Gartner, says most of the payments security initiatives noted by the White House are more of a roundup of innovative private-sector initiatives, rather than specific action points the government plans to take to curb cyber-related fraud. Most notable of all, Litan says, is the lacking specificity the Obama Administration has provided about action it plans to take to stop data breaches, “for example, by coming up with a method to tokenize Social Security numbers.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Impostors bilk Omaha’s Scoular Co. out of $17.2 million

http://www.omaha.com/money/impostors-bilk-omaha-s-scoular-co-out-of-million/article_25af3da5-d475-5f9d-92db-52493258d23d.html By Russell Hubbard World-Herald staff writer FEBRUARY 4, 2015 Corporate cybercrime on an international scale has hit one of Omaha’s biggest and oldest companies. The Scoular Co., an employee-owned commodities trader founded 120 years ago, has been taken for $17.2 million in an international email swindle, according to federal court documents. An executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so, says an FBI statement filed last month in U.S. District Court in Omaha. The orders turned out to be a fraud. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The ZeroAccess botnet is back in business

http://www.computerworld.com/article/2877923/the-zeroaccess-botnet-is-back-in-business.html By Lucian Constantin IDG News Service Jan 30, 2015 A peer-to-peer botnet called ZeroAccess came out of a six-month hibernation this month after having survived two takedown attempts by law enforcement and security researchers. At its peak in 2013, ZeroAccess, also known as Sirefef, consisted of more than 1.9 million infected computers that were primarily used for click fraud and Bitcoin mining. That was until security researchers from Symantec found a flaw in the botnet’s resilient peer-to-peer architecture. This architecture allowed the bots to exchange files, instructions and information with each other without the need for central command-and-control servers, which are the Achilles’ heel of most botnets. By exploiting the flaw, Symantec managed to detach over half a million computers from ZeroAccess in July 2013 and launched an effort to clean them up in cooperation with ISPs and CERTs. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail