Beware financial malware that’s trying to harvest usernames and passwords from a major newspaper’s website.
That unusual warning comes by way of security firm ESET, which said it’s observed financial malware known variously as Gataka and Tatanga being used in four recent attack campaigns.
via Banking Trojan Harvests Newspaper Readers’ Credentials – Security – Vulnerabilities and threats – Informationweek.
Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
via FTC Sues Wyndham Hotels Over Data Security Failures – Security – Privacy – Informationweek.
The US Department of Homeland Security DHS has implemented authentication-as-a-service AaaS across more than 100 applications, according Richard Spires, the department’s chief information officer
via Infosecurity – DHS implements authentication-as-a-service across 100 apps.
In April 16, 2011, meanwhile, the indictment said that Miller chatted with the undercover agent and said hed accessed two nersc.gov supercomputers owned by the National Energy Research Scientific Computer Center NERSC, which provides computer resources for the U.S. Department of Energy. In July 2011, authorities said that for $50,000, he offered to sell the undercover agent “login credentials to a series of computer networks that would enable remote access to the domain nersc.gov.”
via Feds Bust Hacker For Selling Government Supercomputer Access – Security – Attacks/breaches – Informationweek.
Improved online bank security has driven cybercriminals to start using a type of Trojan tool that automates money theft from compromised accounts in ways that are invisible to account holders, Trend Micro has discovered
via New generation of bank Trojans can make invisible transfers.
Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsoft’s Windows Update mechanism.
Their findings answer a key question: How could Flame infect fully patched Windows 7 machines?
via Experts show how ‘Flame’ malware fakes Windows.
A hitherto unknown hacking group claimed responsibility for a hacking attack on a county school system in Tennessee that may have exposed the names, Social Security Numbers and other personal data belonging to about 110,000 people
via Hackers claim to steal 110,000 SSNs from Tenn. school system.
many businesses see security as “an expensive add-on” and end up not paying sufficient attention to it. “So they’ll dual-hat their IT director and say he’s also doing IT security. And in some organizations–I call it the pile-on–they also pile the chief privacy officer (CPO) responsibilities onto the CIO or CISO role
via LinkedIn Defends Security Practices, Leadership – Security – Attacks/breaches – Informationweek.
Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs
via CSIS: Say hello to Tinba: World’s smallest trojan-banker.
The New Jersey legislature, for instance, this week passed a bill (A-1238) that says copy machines and scanners should have their hard drives erased or otherwise modified to make sure records stored digitally on them are no longer viewable after the owner gets rid of the machines.
via New Jersey lawmakers want copier hard drives wiped to prevent ID theft.