Omni Hotels & Resorts has reported that point-of-sale systems at some of its properties were hit by malware targeting payment card information.The attack on the systems of the luxury hotel chain follows similar breaches of point-of-sale systems at various hotels and retailers like Hyatt Hotels, Target, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings.Omni in Dallas, Texas, said in a statement Friday that on May 30 this year, it discovered it was hit by malware attacks on its network, affecting specific POS systems on-site at some of its properties. “The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date,” Omni said. There isn’t evidence that other customer information, such as contact information, Social Security numbers or PINs, was compromised, it added.To read this article in full or to leave a comment, please click here
Network World this past Friday afternoon launched the alpha version of our possibly regular new Facebook Live stream dubbed Bugs & Bugs, as in the software kind and actual insects.I've joined forces with our resident IT security expert, Tim Greene, who handles the software bugs side of things. I, an amateur entomologist, take charge of the insect news.Perhaps surprisingly, there is no shortage of either. Between Tim checking out the new Stuxnet documentary Zero Days and reviewing new research from New York University and others to help reduce software bugs, and me catching up on the Gypsy Moth invasiion and a cyborg locust, we had no shortage of material.To read this article in full or to leave a comment, please click here
After a person claiming to be a security researcher “declared war on the Baton Rouge police” and took credit for the data breach after the shooting death of Alton Sterling, he took aim at Amazon. 0x2Taylor
In a Twitter direct message, hacker @0x2Taylor told Mic the he and a buddy “’breached a server’ owned by Amazon that contained database files with more than 80,000 Kindle users’ information.”To read this article in full or to leave a comment, please click here
The new smash-hit game "Pokemon Go" could become bait for hackers wanting to take over your phone.Researchers at security firm Proofpoint have already found an Android version of the game containing malware. Once installed, it uses a remote access tool called DroidJack that can give a hacker full access to the phone, Proofpoint said Thursday.The company hasn’t yet seen the infected game in the wild, but it shows that hackers are already hard at work targeting it. Proofpoint discovered the software in a malicious online file repository.To read this article in full or to leave a comment, please click here
The war against cybercriminals won’t be won alone. To keep hackers at bay, security vendors are establishing more ways for their customers to cooperate and share data about the latest threats -- even as it sparks concerns about trust and competition.“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black.The company is the latest to help pool together security expertise with a new platform called the Detection eXchange.Carbon Black protects the networks of thousands of companies, and it's now opening a line of communication between them. More than a virus signature or an IP address, the exchange aims to foster the sharing of "patterns of attack," which identify behaviors and tactics employed by malicious hackers.To read this article in full or to leave a comment, please click here
The new documentary about Stuxnet, ‘Zero Days’, says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country’s infrastructure and could be used as a weapon in any future war.Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to “disrupt, degrade and destroy” that infrastructure if a war should break out with Iran.The multi-million dollar program was run from within the NSA during the same time Stuxnet was active, and was put in place should the U.S. be drawn into a war there because Israel launched an attack against Iran, according the film by academy award winning director Alex Gibney. The movie opened in U.S. theaters today.To read this article in full or to leave a comment, please click here
Many computer users don't realize it, but for most people their internet router is the most important electronic device in their home. It links most of their other devices together and to the world, so it has a highly privileged position that hackers can exploit.Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Some of these problems can't be fixed by users, but there are many actions that can be taken to at least protect these devices from large-scale, automated attacks.Don't let your router be a low-hanging fruit for hackers.To read this article in full or to leave a comment, please click here
Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how many bugs they found -- what you don't know is how many were missed, leaving success rates an open mystery.So researchers at New York University's Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing.To read this article in full or to leave a comment, please click here
The encryption methods used to secure today’s internet communications won’t be impenetrable forever. More powerful “quantum computers” on the horizon could very well crack them.That’s why Google is testing out new cryptography that computers in the future might not be able to break. The processing power offered by "hypothetical, future" quantum computers could be enough to “decrypt any internet communication that was recorded today,” wrote Matt Braithwaite, a Google software engineer in a company blog post on Thursday.This could affect the Transport Layer Security (TLS) protocol used when visiting websites. Old information, originally meant to be secured for decades, could suddenly become exposed, he added.To read this article in full or to leave a comment, please click here
A Romanian hacker's claim that he broke into Hillary Clinton's private email server in 2013 was a lie, according to the FBI. Marcel Lehel Lazar, also known as Guccifer, has boasted about the breach to various media outlets, saying in May that it had been "easy."But on Thursday, FBI director James Comey said that Lazar, who is now in U.S. custody, has admitted the claim was false."He admitted that was a lie," Comey said during a congressional hearing on Clinton's use of her own private email server.Lazar, originally from Romania, was extradited to the U.S. and is awaiting sentencing for breaking into the email and social media accounts of various U.S. officials as well as a member of the Bush family.To read this article in full or to leave a comment, please click here
A data breach that hit Wendy's fast food restaurants was more than three times bigger than originally disclosed and exposed customer credit card data.The company said Thursday that malware installed in point-of-sale systems was discovered at over 1,000 of its franchised U.S. restaurants -- a big jump from the "fewer than 300 stores" it said in May had been affected.Hackers gained access to the machines using remote access credentials of a third-party service provider, Wendy’s said.The breach began in fall 2015 and wasn't discovered until early this year. As part of its investigation, the company discovered a second malware variant had infected its systems.To read this article in full or to leave a comment, please click here
The Federal Trade Commission issued a warning today about a scam that sounds ridiculous but is nonetheless surprisingly common: Con artists are convincing victims that they’re from the IRS and will accept outstanding payments in the form of iTunes cards.From an FTC blog post:
People have told the FTC about scammers who called and demanded iTunes cards as “payment.” Bogus “IRS agents” told people they owed back taxes and would be arrested soon, unless they bought an iTunes card and gave the code to the “agent.” Phony “government grant” officers called and promised a big payout, after the person bought an iTunes card and read the code to the “grant officer.” Other fraudsters told people their grandkids were in jail and the only way to help was — you guessed it — to buy an iTunes card and read the code over the phone. All the stories were false.To read this article in full or to leave a comment, please click here
Firewall devices are only as good as the hundreds, or even thousands, rules that govern them. Misconfigurations, unused rules and conflicting rules can cause firewalls to fail in their crucial missions. Firewall security management products can help security managers monitor compliance, orchestrate device policies, optimize rules and manage firewall changes.
According to the IT Central Station user community, the most important criteria to consider when choosing firewall security management software are visibility for network devices, scalability, and ensured security and compliance.To read this article in full or to leave a comment, please click here(Insider Story)
Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities.The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT’s Lincoln Laboratory and Northeastern University.They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities. “The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA,” says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU’s Tandon School of Engineering.To read this article in full or to leave a comment, please click here
Windows 10 wants you to enter your password all the time. You can remove your password, or reduce how often you have to enter one, but there are security risks to doing so.
The following email subject lines appeared in my inbox on Wednesday just a couple of hours apart:* Walmart Pay Now Available in all Walmart Stores Nationwide (from Walmart PR)* Map of Walmart store closings (from a market research firm making a larger point about rapid changes in retail and consumer packaged goods markets) My first thought, upon noticing the juxtaposition, was well, having 154 fewer stores in the US this year probably made it easier for Walmart to roll out its mobile payment app nationwide.MORE: 7 reasons mobile payments still aren't mainstreamTo read this article in full or to leave a comment, please click here
Kitten videos are harmless, right? Except when they take over your phone.
Researchers have found something new to worry about on the internet. It turns out that a muffled voice hidden in an innocuous YouTube video could issue commands to a nearby smartphone without you even knowing it.
The researchers describe the threat in a research paper to be presented next month at the USENIX Security Symposium in Austin, Texas. They also demonstrate it in this video.
Voice recognition has taken off quickly on phones, thanks to services like Google Now and Apple's Siri, but voice software can also make it easier to hack devices, warned Micah Sherr, a Georgetown University professor and one of the paper’s authors.To read this article in full or to leave a comment, please click here
Thieves armed with laptops are hacking into electronic ignitions of late-model cars to steal the vehicles. Police and insurers sounded the warning to raise awareness about the latest car-theft trend.The Houston Police Department pointed at surveillance footage that shows two suspects, one of whom used a laptop, before stealing a 2010 Jeep Wrangler Unlimited. The first suspect opened the Jeep’s hood to reportedly cut the alarm. The footage below took place about 10 minutes later when a second suspect jimmied the door open, climbed inside and then did something with a laptop before stealing the Jeep.
“If you are going to hot-wire a car, you don’t bring along a laptop,” Houston Police Department Officer James Woods told the Wall Street Journal. “We don’t know what he is exactly doing with the laptop, but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”To read this article in full or to leave a comment, please click here
Researchers have identified a new Mac backdoor program that's designed to steal credentials stored in the OS-encrypted keychain and give attackers control over the system.
Dubbed OSX/Keydnap by researchers from antivirus vendor ESET, this is the second backdoor program targeting Macs found by antivirus firms in the past few days.
It's not clear how Keydnap is distributed, but it arrives on computers in the form of a zip archive. Inside there's an executable file with an apparently benign extension such as .txt or .jpg that actually has a space character at the end. The file also has an icon indicating an image or text file.To read this article in full or to leave a comment, please click here
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products.The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app.The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system.To read this article in full or to leave a comment, please click here