The Best Banks That Protect Your Money from Hackers and Thieves

After the massive security breaches at Target and Nieman Marcus recently, we could all stand to be more aware of the security features on our credit cards and debit cards and how banks protect our money. Some banks offer more security features than others. Let’s take a look.

First, let’s talk about what happens in the case your card is hit with a fraudulent charge (something that’s happened in the last five years to 42 percent of Americans, according to one survey). By law, everyone who uses credit cards and debit cards have some protections against fraudulent transactions. Though credit cards are generally safer than debit cards, MasterCard and Visa debit card holders are protected from fraud with a few exceptions.

Credit cards: You’re not responsible for any charges you didn’t make if a thief uses your card over the phone or online. If your card is used physically to make a purchase, however, legal website Nolo points out that you may be liable for up to $50 of the purchase (though most card issuers waive that $50 liability).

ATM and debit cards: According to the regulations, with these cards, your liability depends on how quick you are to report unauthorized charges. If you report the card lost or stolenbefore any use of the card, you’re not responsible for any charges. If you notify the bank about an unauthorized charge within two business days of receiving your statement, you’re only liable for up to $50. If you don’t notify the bank within those two days, though, you could lose up to $500— and if for some reason you don’t notify the bank within 60 days, you risk losing an unlimited amount of money.

Source:
http://lifehacker.com/the-best-banks-that-protect-your-money-from-hackers-and-1523977088

Posted in Internet, Privacy, Security | No Comments

Bogus Evernote alert leads to exploit kit

Evernote users are being actively targeted with an email spam campaign that tries to trick them into following a malicious link.

Sent from [email protected] and titled “Image has been sent”, the email pretends to be a notification from Evernote that alerts the user to an image he or she needs to check out, and which is apparently hosted on Evernote.

Unfortunately, that’s not true. It leads the user to a malicious site that is believed to host the Angler exploit kit and which, upon a successful vulnerability exploitation, saddles him or her with malware.

Dynamoo’s Blog’s Conrad Longmore believes that the spam campaign in question has been mounted by the so-called RU:8080 gang, which has a history of similar spam runs impersonating legitimate Internet services such as Pinterest, Dropbox, etc.

Source:
http://www.net-security.org/malware_news.php?id=2710

Posted in Internet, Security | No Comments

Exploit released for vulnerability targeted by Linksys router worm

Technical details about a vulnerability in Linksys routers that’s being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.

Last week, security researchers from the SANS Institute’s Internet Storm Center identified a self-replicating malware program that exploits an authentication bypass vulnerability to infect Linksys routers. The worm has been named TheMoon.

The initial report from SANS ISC said the vulnerability is located in a CGI script that’s part of the administration interface of multiple Linksys’ E-Series router models. However, the SANS researchers didn’t name the vulnerable CGI script at the time.

On Sunday, a Reddit user identified four CGI scripts that he believed were likely to be vulnerable. An exploit writer, who uses the online alias Rew, later confirmed that at least two of those scripts are vulnerable and published a proof-of-concept exploit.

“I was hoping this would stay under wraps until a firmware patch could be released, but it appears the cat is out of the bag,” Rew wrote in the exploit notes.

The exploit also contains a list of Linksys routers that Rew believes might be vulnerable based on strings extracted from the original TheMoon malware. The list includes not only models from the Linksys E-Series, but also from the Wireless-N product line.

The following models are listed: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N. However, Rew notes that the list might not be accurate or complete.

Source:
http://www.pcadvisor.co.uk/news/network-wifi/3502282/exploit-released-for-vulnerability-targeted-by-linksys-router-worm/

Posted in Hardware, Internet, Networking, Security | No Comments

Important Kickstarter Security Notice

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

Source:
https://www.kickstarter.com/blog/important-kickstarter-security-notice

Posted in Internet, Privacy, Security | No Comments

Hackers hit more than 2,000 Tesco customers

Cyber criminals used data from previous high-profile hacks to break into thousands of Tesco.com accounts.

In total, 2,239 customers are said to have been affected by the incident, which first came to light on Thursday night, as reported by the BBC when it was contacted by some of the affected customers.

Customers reported seeing store vouchers stolen from their accounts after crooks used details from other data breaches to guess the email and password combinations of their logins for the site.

Tesco said it was aware and was working with customers to try and negate the effects of the incident.

“We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this,” it said in a statement sent to theBBC. “We will issue replacement vouchers to the very small number who are affected.”

It has also disabled some accounts of those affected. V3 contacted Tesco for more information, but had received no reply at the time of publication.

It is not clear which previous hacks the criminals used to piece together information for the Tesco.com site, but this breach underlines the perils of using identical email addresses and passwords for numerous online accounts.

Source:
http://www.v3.co.uk/v3-uk/news/2328890/hackers-hit-more-than-2-000-tesco-customers

Posted in Internet, Privacy, Security | No Comments