User-provided password retrieval hints in Windows 7 and 8 operating systems are vulnerable to being retrieved and decoded by attackers.
That finding was made by two security researchers who’ve been studying ways to increase the reliability of tools designed to extract Windows registry information.
via Windows Password Clues Easy To Crack – Security – End user/client security – Informationweek.
The Google Wallet app now stores your payment cards on highly secure Google servers, instead of in the secure storage area on your phone.
via Google Wallet’s Huge Upgrade Adds Support For All Credit/Debit Cards, Remote Disable Feature | TechCrunch.
Beware financial malware that’s trying to harvest usernames and passwords from a major newspaper’s website.
That unusual warning comes by way of security firm ESET, which said it’s observed financial malware known variously as Gataka and Tatanga being used in four recent attack campaigns.
via Banking Trojan Harvests Newspaper Readers’ Credentials – Security – Vulnerabilities and threats – Informationweek.
Hotel chain slammed for poor information security practices, leading to attackers obtaining 600,000 credit card numbers and committing millions of dollars in fraud.
via FTC Sues Wyndham Hotels Over Data Security Failures – Security – Privacy – Informationweek.
The US Department of Homeland Security DHS has implemented authentication-as-a-service AaaS across more than 100 applications, according Richard Spires, the department’s chief information officer
via Infosecurity – DHS implements authentication-as-a-service across 100 apps.
In April 16, 2011, meanwhile, the indictment said that Miller chatted with the undercover agent and said hed accessed two nersc.gov supercomputers owned by the National Energy Research Scientific Computer Center NERSC, which provides computer resources for the U.S. Department of Energy. In July 2011, authorities said that for $50,000, he offered to sell the undercover agent “login credentials to a series of computer networks that would enable remote access to the domain nersc.gov.”
via Feds Bust Hacker For Selling Government Supercomputer Access – Security – Attacks/breaches – Informationweek.
Improved online bank security has driven cybercriminals to start using a type of Trojan tool that automates money theft from compromised accounts in ways that are invisible to account holders, Trend Micro has discovered
via New generation of bank Trojans can make invisible transfers.
Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsoft’s Windows Update mechanism.
Their findings answer a key question: How could Flame infect fully patched Windows 7 machines?
via Experts show how ‘Flame’ malware fakes Windows.
many businesses see security as “an expensive add-on” and end up not paying sufficient attention to it. “So they’ll dual-hat their IT director and say he’s also doing IT security. And in some organizations–I call it the pile-on–they also pile the chief privacy officer (CPO) responsibilities onto the CIO or CISO role
via LinkedIn Defends Security Practices, Leadership – Security – Attacks/breaches – Informationweek.
Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs
via CSIS: Say hello to Tinba: World’s smallest trojan-banker.