Retailers, hotels and restaurants have all been victimized through the same Achilles' heel that cybercriminals continue to attack: the point-of-sale system, where customers' payment data is routinely processed. These digital cash registers are often the target of malware designed to steal credit card numbers in the thousands or even millions. This year, fast food vendor Wendy's, clothing retailer Eddie Bauer and Kimpton Hotels have all reported data breaches stemming from such attacks.Security experts, however, are encouraging a variety of approaches to keep businesses secure from point-of-sale-related intrusions. Here are a few to consider:To read this article in full or to leave a comment, please click here
Retailers, hotels and restaurants have all been victimized through the same Achilles' heel that cybercriminals continue to attack: the point-of-sale system, where customers' payment data is routinely processed. These digital cash registers are often the target of malware designed to steal credit card numbers in the thousands or even millions. This year, fast food vendor Wendy's, clothing retailer Eddie Bauer and Kimpton Hotels have all reported data breaches stemming from such attacks.Security experts, however, are encouraging a variety of approaches to keep businesses secure from point-of-sale-related intrusions. Here are a few to consider:To read this article in full or to leave a comment, please click here
Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw."This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.To read this article in full or to leave a comment, please click here
Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw."This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.To read this article in full or to leave a comment, please click here
An online hackers' forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday's massive internet disruption.
HackForums.net will be shutting down the "Server Stress Testing" section, the site's admin Jesse "Omniscient" LaBrocca said in a Friday posting.
"I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down," he wrote.
The section was designed to let members offer so-called stress testing services for websites as a way to check their resiliency. However, security firms claim Hack Forums was actually promoting DDoS-for-hire services that anyone can use to launch cyber attacks.To read this article in full or to leave a comment, please click here
An online hackers' forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday's massive internet disruption.
HackForums.net will be shutting down the "Server Stress Testing" section, the site's admin Jesse "Omniscient" LaBrocca said in a Friday posting.
"I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down," he wrote.
The section was designed to let members offer so-called stress testing services for websites as a way to check their resiliency. However, security firms claim Hack Forums was actually promoting DDoS-for-hire services that anyone can use to launch cyber attacks.To read this article in full or to leave a comment, please click here
The FBI has uncovered new emails related to Hillary Clinton's use of a private email server, prompting federal authorities to investigate them.
The FBI discovered the emails as part of an "unrelated case," FBI Director James Comey said in a letter to a congressional committee that was later tweeted on Friday.
These emails "appear to be pertinent" to the FBI's original investigation into Clinton's private server use, which the agency wrapped up back in July, Comey said. Clinton, now the Democratic nominee for U.S. president, used the privacy server while she served as secretary of state.To read this article in full or to leave a comment, please click here
The FBI has uncovered new emails related to Hillary Clinton's use of a private email server, prompting federal authorities to investigate them.
The FBI discovered the emails as part of an "unrelated case," FBI Director James Comey said in a letter to a congressional committee that was later tweeted on Friday.
These emails "appear to be pertinent" to the FBI's original investigation into Clinton's private server use, which the agency wrapped up back in July, Comey said. Clinton, now the Democratic nominee for U.S. president, used the privacy server while she served as secretary of state.To read this article in full or to leave a comment, please click here
It's still unclear who pulled off Friday's massive internet disruption, but the malware largely responsible for the cyber attack has since assaulted new targets -- possibly including video gamers.Since last Friday, botnets created by the Mirai malware have been launching distributed denial-of-service attacks at seemingly random targets, in short bursts, according to a security researcher who goes by the name MalwareTech.He has tracked Mirai-powered botnets and helped produce a Twitter feed that monitors their DDoS attacks. On Wednesday alone, the feed posted close to 60 attacks, many of them lasting from 30 seconds to over a minute long.To read this article in full or to leave a comment, please click here
It's still unclear who pulled off Friday's massive internet disruption, but the malware largely responsible for the cyber attack has since assaulted new targets -- possibly including video gamers.Since last Friday, botnets created by the Mirai malware have been launching distributed denial-of-service attacks at seemingly random targets, in short bursts, according to a security researcher who goes by the name MalwareTech.He has tracked Mirai-powered botnets and helped produce a Twitter feed that monitors their DDoS attacks. On Wednesday alone, the feed posted close to 60 attacks, many of them lasting from 30 seconds to over a minute long.To read this article in full or to leave a comment, please click here
Friday's massive internet disruption came from hackers using an estimated 100,000 devices, many of which have been infected with a notorious malware that can take over cameras and DVRs, said DNS provider Dyn."We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets," Dyn said in a Wednesday blog post.The malware known as Mirai had already been blamed for causing at least part of Friday's distributed denial-of-service attack, which targeted Dyn and slowed access to many popular sites in the U.S.To read this article in full or to leave a comment, please click here
Friday's massive internet disruption came from hackers using an estimated 100,000 devices, many of which have been infected with a notorious malware that can take over cameras and DVRs, said DNS provider Dyn."We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets," Dyn said in a Wednesday blog post.The malware known as Mirai had already been blamed for causing at least part of Friday's distributed denial-of-service attack, which targeted Dyn and slowed access to many popular sites in the U.S.To read this article in full or to leave a comment, please click here
Following Friday's massive internet disruption in the U.S., a Singapore-based broadband provider reports it faced two distributed denial-of-service attacks, forcing users offline.The attacks, which occurred Saturday and then on Monday, targeted Singapore's StarHub, briefly cutting internet access for the company's home broadband subscribers before services were restored."These two recent attacks that we experienced were unprecedented in scale, nature and complexity," StarHub said in a Facebook posting on Wednesday.In addition, the company has reportedly said that malware-infected broadband routers and webcams were involved in the two attacks, producing a spike in internet traffic that overwhelmed the company's services.To read this article in full or to leave a comment, please click here
Following Friday's massive internet disruption in the U.S., a Singapore-based broadband provider reports it faced two distributed denial-of-service attacks, forcing users offline.The attacks, which occurred Saturday and then on Monday, targeted Singapore's StarHub, briefly cutting internet access for the company's home broadband subscribers before services were restored."These two recent attacks that we experienced were unprecedented in scale, nature and complexity," StarHub said in a Facebook posting on Wednesday.In addition, the company has reportedly said that malware-infected broadband routers and webcams were involved in the two attacks, producing a spike in internet traffic that overwhelmed the company's services.To read this article in full or to leave a comment, please click here
Giving up an old cell phone number for a new one may seem harmless. But for Lyft customers, it can potentially expose their accounts to complete strangers.That's what happened to Lara Miller, a media relations specialist living in California. Earlier this month, she discovered two credit card charges made in Las Vegas, over 400 miles away."I thought it was legit fraud on my debit card," Miller said. But in reality, another woman had accidentally taken over her old Lyft account. It happened because the phone company had recycled the cell phone number Miller had canceled back in April -- opening the door to the hack.The problem involves Lyft's login process. The ride-hailing app does away with the hassle of usernames and passwords, and instead signs up customers with their smartphone's cell number.To read this article in full or to leave a comment, please click here
Giving up an old cell phone number for a new one may seem harmless. But for Lyft customers, it can potentially expose their accounts to complete strangers.That's what happened to Lara Miller, a media relations specialist living in California. Earlier this month, she discovered two credit card charges made in Las Vegas, over 400 miles away."I thought it was legit fraud on my debit card," Miller said. But in reality, another woman had accidentally taken over her old Lyft account. It happened because the phone company had recycled the cell phone number Miller had canceled back in April -- opening the door to the hack.The problem involves Lyft's login process. The ride-hailing app does away with the hassle of usernames and passwords, and instead signs up customers with their smartphone's cell number.To read this article in full or to leave a comment, please click here
A Chinese electronics component maker is recalling 4.3 million internet-connected camera products from the U.S. market amid claims they may have played a role in Friday's massive internet disruption.On Monday, Hangzhou Xiongmai Technology said it was recalling earlier models of four kinds of cameras due to a security vulnerability that can make them easy to hack."The main security problem is that users aren't changing the device's default passwords," Xiongmai said in a Chinese-language statement posted online.To read this article in full or to leave a comment, please click here
A Chinese electronics component maker is recalling 4.3 million internet-connected camera products from the U.S. market amid claims they may have played a role in Friday's massive internet disruption.On Monday, Hangzhou Xiongmai Technology said it was recalling earlier models of four kinds of cameras due to a security vulnerability that can make them easy to hack."The main security problem is that users aren't changing the device's default passwords," Xiongmai said in a Chinese-language statement posted online.To read this article in full or to leave a comment, please click here
A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.To read this article in full or to leave a comment, please click here
A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.To read this article in full or to leave a comment, please click here
Michael Kan