So Your Nude Selfies Were Just Hacked…

If you haven’t been following the most recent news regarding a wide swath of celebrities whose accounts were hacked and private photos shared, you must have been having a lot of fun on Labor Day and I salute you.

Probably the very first thing most of the victimized celebrities are doing now is damage control – limiting their exposure as much as possible. Yes, their names are going to be put out there. Yes, it’s horribly embarrassing, but it’s also not a time to get caught up in self-pity (or self-blame): there’s work to be done. Being cool-headed and reducing the exposure will reduce the pain overall. Some people might go down the path of making examples out of the alleged perpetrators — but beware the Barbra Streisand effect. The harder you try to hide things, the more people want to see those things — like arial photos of Ms. Streisand’s lavish house, for instance.

But these events bring up an interesting point: What would you do if you were a celebrity who had dodged the bullet, but had similar incriminating photos on their computers, cell phones, etc.? More importantly, what should you be doing right now, this very minute, to make sure that anything you have posted to the cloud and want to keep private actually remains so?

Source:
http://blog.whitehatsec.com/so-your-nude-selfies-were-just-hacked/

Posted in Internet, Mobile, Privacy, Security | No Comments

Credit Card Breach at Home Depot

Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and law enforcement agencies to investigate reports of suspicious activity.

Contacted by this reporter about information shared from several financial institutions, Home Depot spokesperson Paula Drake confirmed that the company is investigating.

“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”

There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by this reporter all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market.

Source:
http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/

Posted in Internet, Privacy, Security | No Comments

Malware steals Gmail password, online banking data

University researchers have built an Android app that secretly snatches valuable personal data from other mobile apps, such as webmail, shopping and online banking.

The app, demonstrated Friday at the USENIX Security Conference in San Diego, stole login credentials from Google Gmail, a social security number from an H&R Block app, a credit card number from a NewEgg app and a bank-check image from a Chase Bank app.

The attack developed by researchers from the University of Michigan and the University of California, Riverside, did not exploit a flaw in any of the apps.

Instead, the researchers took advantage of the operating system’s graphical user interface (GUI) design. While the malicious app was demonstrated on Android, it could theoretically work on iOS, Mac OS X and Windows, which use the same GUI design.

Because the weakness is a design problem, there is no easy fix, Zhiyun Qian, a co-author of the research, said. The GUI portion of the OS would have to be redesigned, which would cause compatibility problems for apps already in the market.

Source:
http://www.csoonline.com/article/2597982/data-protection/researchers-malware-steals-gmail-password-online-banking-data.html

Posted in Internet, Mobile, Privacy, Security | No Comments

UPS – 51 retail stores breached by malware

The UPS Store, Inc. recently received a government bulletin regarding a broad-based malware intrusion targeting retailers in the United States. The UPS Store takes seriously its responsibility to protect customer information and immediately launched an internal review, implemented system enhancements and engaged an IT security firm.

An assessment by The UPS Store and the IT security firm revealed the presence of this malware on computer systems at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States. Based on the current assessment, the earliest evidence of the presence of this malware at any location is January 20, 2014. For most The UPS Store locations, based on our current assessment, the period of exposure to this malware began after March 26, 2014. This malware was eliminated as of August 11, 2014 and customers can shop securely at The UPS Store.

We apologize for any inconvenience and impact this incident may have had on our customers. The UPS Store is offering identity protection and credit monitoring services to impacted customers.  In order to take advantage of this service, please visit https://theupsstore.allclearid.com.  In addition, customers are encouraged to closely monitor their card account activity and take other steps to help protect themselves outlined in the customer letter below.  The UPS Store representatives are available at 1-855-731-6016 for additional assistance.

The impacted center locations, along with the timeframe for potential exposure to this malware at each location, follows this statement.

Source:
http://www.theupsstore.com/security/Pages/default.aspx

Posted in Internet, Privacy, Security | No Comments

Successful strategies to avoid frequent password changes

1.2 billion passwords reportedly stolen by Russian hackers. Before that it was Heartbleed.

After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But, there’s a better way. With the right password management habits, you won’t need to change all your passwords every time you hear about an online attack.

Changing all one’s passwords won’t hurt, but it is cumbersome. Not only that, it’s a Band-Aid fix that stops short of offering a stronger and more long-term solution, says Sean Sullivan, Security Advisor at F-Secure Labs. Data breaches are the new reality, and it’s no longer a question of if it happens to you, but when. Sullivan says rather than being told to change all their passwords, consumers need practical advice worth following. So when the next breach is disclosed, they will be in control and will only need to change those passwords they know are affected.

“The dirty little secret of security experts is that when there’s a data breach and they recommend to ‘change all your passwords,’ even they don’t follow their own advice, because they don’t need to,” says Sullivan. “Unless I find out about a breach with a specific account, I don’t worry about my passwords. That’s because I use a tool to remember my passwords for me, and a few simple techniques that help to manage my accounts so as to minimize the risk.”

Source:
http://www.net-security.org/secworld.php?id=17270

Posted in Internet, Privacy, Security | No Comments