Home » Archives by category » Headlines (Page 3)

Five security threats to watch out for this summer

It’s summertime, and that means some much-needed vacation for most of us out there. But with people out of the office and working from remote locations more often, they’re likely to let their guard down, increasing the risk of data breach incidents. From malware to hackers to malicious insiders to data thieves, there’s no shortage of security concerns. “Cybercriminal organizations don’t take summer vacations, and many employees just don’t realize the security risks they are taking,” said Usman Choudhary, chief product officer at ThreatTrack Security. “Criminals understand the seasonality of consumer…

People go to extreme lengths to protect their devices – but do not understand the threats

There are 3.2 billion people across the world with a connection to the internet, up from 2.9 billion in 2014, but many online users are not cyber savvy at all. Many users do not use the correct methods to keep them safe online. Multiple research studies and ‘Are you cyber savvy?’ quizzes carried out by cyber security company Kaspersky Lab show that not enough users are aware of the risks. Full story…… Read More

Slicing into a point-of-sale botnet

Last week, KrebsOnSecurity broke the news of an ongoing credit card breach involving CiCi’s Pizza, a restaurant chain in the United States with more than 500 locations. What follows is an exclusive look at a point-of-sale botnet that appears to have enslaved dozens of hacked payment terminals inside of CiCi’s locations that are being relieved of customer credit card data in real time. Over the weekend, I heard from a source who said that since November 2015 he’s been tracking a collection of hacked cash registers. This point-of-sale botnet currently includes…

Google Dorking: Exposing the hidden threat

Virtually everyone uses Google or other search engines, but what most people don’t know is that these search engines can perform advanced queries that are exploited to carry out successful cyberattacks. For example, earlier this year, a cyberattack by suspected Iranian hackers made headlines when they used a simple technique called Google Dorking to access the computer system that controlled a water dam in New York. Google Dorking is readily available and has been used by hackers for many years to identify vulnerabilities and sensitive information accessible on the Internet. Since its…

Botnet detection advances with use of Big Data analysis

Steven Wilson, who has lead the European Cybercrime Center at Europol since January of this year, knows cybercriminals. According to Europol, he is a 30-year veteran of Police Scotland and oversaw all cyber-related crime investigations. Europol has recently fought malicious actors with botnet detection techniques. The organization was part of the group that took down Dorkbot in December 2015, according to an official agency press release.
How Botnet Detection Affects Cybercriminals Wilson has seen how cybercriminals are adapting to the latest law enforcement efforts. At the recent International Conference on Big Data…

Now’s a great time to find out if you’re a hacking victim

Something weird is happening in the world of hacked data—a lot of it is turning up around the same time. The phenomenon has Troy Hunt, the proprietor of data-breach search service Have I Been Pwned?, scratching his head. His site lets people see if they have indeed been “pwned” (victimized, in Internet-speak) in major hacks of online services, and he’s having a very busy time right now. Last week Hunt uploaded the data from the massive LinkedIn breach (167 million victims). He’s just added data from breaches of adult-connections site Fling.com (40…

Got $90,000? A Windows 0-day could be yours

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000. So-called “zero-day” vulnerabilities are flaws in…

Myspace (which still exists) suffers major data breach

You would probably rather forget your Myspace profile. Mine included a number of prominently placed “My spoon is too big” references. But the social network is still around, and it apparently got hacked at some point, because user credentials from 360 million accounts started floating around online late last week. Whoops. Myspace said in a statement Tuesday that “[e]mail addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk.” It’s a rare opportunity for celebration among…