For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code. It was far from the only store hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here
For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code. It was far from the only store hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here
Foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, but the fact that security controls at the bureau were “insufficient” even for common cybercrime threats only helped the “state-sponsored cyber adversaries.”After Australia’s Bureau of Meteorology systems was hacked, unnamed government officials immediately blamed China and China immediately denied the “groundless accusations.” When the hack hit the news in December 2015, the Bureau of Meteorology (BOM) would not confirm if its systems had been compromised. In April, Australian’s Prime Minister did confirm there had been a “significant cyber intrusion” at the Bureau.To read this article in full or to leave a comment, please click here
Foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, but the fact that security controls at the bureau were “insufficient” even for common cybercrime threats only helped the “state-sponsored cyber adversaries.”After Australia’s Bureau of Meteorology systems was hacked, unnamed government officials immediately blamed China and China immediately denied the “groundless accusations.” When the hack hit the news in December 2015, the Bureau of Meteorology (BOM) would not confirm if its systems had been compromised. In April, Australian’s Prime Minister did confirm there had been a “significant cyber intrusion” at the Bureau.To read this article in full or to leave a comment, please click here
It is the first month for Microsoft’s new patching model. Older Windows OSes will be treated like Windows 10, with the patches all rolled into a big bundle meant to fix security and non-security issues. However, there will also be a monthly security update that is supposed to resolve that month’s issues without the previous month's fixes as well. On the third Tuesday of the month, the week after Patch Tuesday, Microsoft will release a preview of the upcoming patches so the non-security fixes can be tested to make sure the big rolled-up patch doesn’t blow anything up on some systems.To read this article in full or to leave a comment, please click here
It is the first month for Microsoft’s new patching model. Older Windows OSes will be treated like Windows 10, with the patches all rolled into a big bundle meant to fix security and non-security issues. However, there will also be a monthly security update that is supposed to resolve that month’s issues without the previous month's fixes as well. On the third Tuesday of the month, the week after Patch Tuesday, Microsoft will release a preview of the upcoming patches so the non-security fixes can be tested to make sure the big rolled-up patch doesn’t blow anything up on some systems.To read this article in full or to leave a comment, please click here
To observe Hate Crime Awareness Week, the UK’s Crown Prosecution Service (CPS) is cracking down on internet bullies and trolls. Actions like posting humiliating photoshopped images of people on social media platforms, creating derogatory hashtags and doxing can get cyber bullies prosecuted.CPS published new social media guidelines to help prosecutors determine which online actions are illegal. The guidelines take aim at doxing, inciting virtual mobbing – encouraging others to participate in online harassment – and fake social media profiles used for online abuse to name but a few.Retweeting something the CPS considers “grossly offensive, indecent, obscene or false” can also land a person in legal hot water. Yet Alison Saunders, CPS director of public prosecutions, stressed to the BCC that prosecutors can’t use the guidelines to “stifle free speech.” People in the UK better check out what actions are now illegal since saying you didn’t know it was illegal just won’t cut it.To read this article in full or to leave a comment, please click here
To observe Hate Crime Awareness Week, the UK’s Crown Prosecution Service (CPS) is cracking down on internet bullies and trolls. Actions like posting humiliating photoshopped images of people on social media platforms, creating derogatory hashtags and doxing can get cyber bullies prosecuted.CPS published new social media guidelines to help prosecutors determine which online actions are illegal. The guidelines take aim at doxing, inciting virtual mobbing – encouraging others to participate in online harassment – and fake social media profiles used for online abuse to name but a few.Retweeting something the CPS considers “grossly offensive, indecent, obscene or false” can also land a person in legal hot water. Yet Alison Saunders, CPS director of public prosecutions, stressed to the BCC that prosecutors can’t use the guidelines to “stifle free speech.” People in the UK better check out what actions are now illegal since saying you didn’t know it was illegal just won’t cut it.To read this article in full or to leave a comment, please click here
Replacement Galaxy Note 7 phones may not be any safer than the Note 7 devices which caught fire and caused a recall, based on three replacement Note 7 devices catching fire in the past week.Samsung is reportedly investigating the fire fiascos, claiming that the company takes every Galaxy Note 7 fire report “seriously.” Yet after a company official goofed and mistakenly sent a text message meant for a colleague to one of the melted phone owners, the company’s concern for customers hardly seems sincere.Replacement Galaxy Note 7 catches fire, fills bedroom with smokeMichael Klering of Kentucky had his replacement Galaxy Note 7 for a little more than a week. On Tuesday, October 4, he was “scared to death” when he and his wife awoke to a bedroom full of smoke.To read this article in full or to leave a comment, please click here
Replacement Galaxy Note 7 phones may not be any safer than the Note 7 devices which caught fire and caused a recall, based on three replacement Note 7 devices catching fire in the past week.Samsung is reportedly investigating the fire fiascos, claiming that the company takes every Galaxy Note 7 fire report “seriously.” Yet after a company official goofed and mistakenly sent a text message meant for a colleague to one of the melted phone owners, the company’s concern for customers hardly seems sincere.Replacement Galaxy Note 7 catches fire, fills bedroom with smokeMichael Klering of Kentucky had his replacement Galaxy Note 7 for a little more than a week. On Tuesday, October 4, he was “scared to death” when he and his wife awoke to a bedroom full of smoke.To read this article in full or to leave a comment, please click here
It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that the New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here
It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that The New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here
Rapid7 and Johnson & Johnson disclosed three vulnerabilities in the Animas OneTouch Ping insulin pump system, flaws which could be remotely exploited. However, the attack is sophisticated and both say the risk of exploitation is “relatively low.”OneTouch Ping is a medical device which comes with a wireless remote control that patients can use to deliver insulin instead of accessing the device under their clothes. The Johnson & Johnson Animas device is described as a “two-part system;” the pump and a meter remote which communicates wirelessly via RF communication “to deliver insulin from the pump.”To read this article in full or to leave a comment, please click here
When shopping online and paying with a credit or debit card, you have to enter the three-digit CVV (card verification value) from the back. These are card-not-present transactions and entering the security code is supposed to help verify that you physically have the card. But cyber thugs have plenty of ways to get hold of your CVV and burn through your money until you happen to notice the purchases and cancel your card. In fact, card-not-present transactions made up 65 percent of all card fraud.A French digital payment security company called Oberthur Technologies (OT) thinks it can do away such fraud by changing static CVVs to dynamic CVVs which change every hour. If a crook gets hold of your card number, his or her shopping spree could last no more than an hour; after the security code changes, the card number would be useless.To read this article in full or to leave a comment, please click here
When shopping online and paying with a credit card or debit card, you have to enter the three-digit CVV (card verification value) from the back. These are card-not-present transactions, and entering the security code is supposed to help verify that you physically have the card. But cyber thugs have plenty of ways to get hold of your CVV and burn through your money until you happen to notice the purchases and cancel your card. In fact, card-not-present transactions made up 65 percent of all card fraud.A French digital payment security company called Oberthur Technologies (OT) thinks it can do away such fraud by changing static CVVs to dynamic CVVs, which change every hour. If a crook gets hold of your card number, his or her shopping spree could last no more than an hour; after the security code changes, the card number would be useless.To read this article in full or to leave a comment, please click here
The hacking group trying to auction off NSA-linked Equation Group hacking tools is unhappy because no one has coughed up the big bucks yet to buy the exploits.On Saturday, the Shadow Brokers took to Medium to release the group’s third message. The hackers sound hurt that people don’t trust them and – if cursing is any indication – the hackers are angry that the Equation Group cyber weapons auction has flopped so far.The Shadow Brokers want $1 million dollars and sound irritated that interested parties want the stolen hacking tools for free. “Peoples is having interest in free files. But people is no interest in #EQGRP_Auction.”To read this article in full or to leave a comment, please click here
The hacking group trying to auction off NSA-linked Equation Group hacking tools is unhappy because no one has coughed up the big bucks yet to buy the exploits.On Saturday, the Shadow Brokers took to Medium to release the group’s third message. The hackers sound hurt that people don’t trust them and – if cursing is any indication – the hackers are angry that the Equation Group cyber weapons auction has flopped so far.The Shadow Brokers want $1 million dollars and sound irritated that interested parties want the stolen hacking tools for free. “Peoples is having interest in free files. But people is no interest in #EQGRP_Auction.”To read this article in full or to leave a comment, please click here
If you are going to be dressing up in a costume for Halloween, then you might want to avoid dressing like a creepy clown, considering the sinister clown hysteria sweeping the nation. You don’t want to wear a clown costume in Kentucky where a sheriff contacted the FBI and Homeland Security over the “creepy clown” threat. In fact, in Gallatin County, Kentucky, the sheriff warned that people behind “clown threats” might face charges of “inducing panic and terroristic threatening.”Pennywise from Stephen King’s It really ruined clowns for a lot of people, changing their opinion of clowns from funny or cute to scary and creepy as can be. When the evil clown craze first started cranking up, some people suggested the clown sightings were pranks tied to some sort of promotion for the upcoming film It. Others suggested the clown sightings were inspired by Rob Zombie’s film 31, which includes kidnapped hostages trying to survive a violent game against a gang of sadistic clowns.To read this article in full or to leave a comment, please click here
If you are going to be dressing up in a costume for Halloween, you might want to avoid dressing like a creepy clown, considering the sinister clown hysteria sweeping the nation. You don’t want to wear a clown costume in Kentucky where a sheriff contacted the FBI and Homeland Security over the “creepy clown” threat. In fact, in Gallatin County, Kentucky, the sheriff warned that people behind “clown threats” might face charges of “inducing panic and terroristic threatening.”Pennywise from Stephen King’s It really ruined clowns for a lot of people, changing their opinion of clowns from funny or cute to scary and creepy as can be. When the evil clown craze first started cranking up, some people suggested the clown sightings were pranks tied to some sort of promotion for the upcoming film It. Others suggested the clown sightings were inspired by Rob Zombie’s film 31, which includes kidnapped hostages trying to survive a violent game against a gang of sadistic clowns.To read this article in full or to leave a comment, please click here
Security researchers have discovered more ransomware under development, namely one paying homage to Voldemort and another featuring Donald Trump, as well as one variant currently targeting servers and yet a different ransomware hitting government agencies and education institutions. Let’s start with the ransomware that has moved past development into actively locking up computers.DXXD ransomware targeting serversOn Bleeping Computer forums, there were reports of servers being hit with DXXD ransomware; after a file has been encrypted, “dxxd” is added to the end of a filename such as myimportantfile.jpgdxxd.To read this article in full or to leave a comment, please click here
Ms. Smith