The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. It’s too bad the committee has already finalized its witness list: It likely would be shocked to hear the story of Tennessee Electric Company Inc., a firm that lost $328,000 earlier this month in an account takeover that defeated multiple security measures commonly used by commercial banks to stop cyber thieves.
The Obama administration will hold a public meeting at the White House on Wednesday to discuss industry and government efforts to combat botnet activity. Among them is a pilot program to share information about botnet victims between banks and Internet service providers, according to sources familiar with the event.
A recent breach at billing and support software provider WHMCS that exposed a half million customer usernames, passwords — and in some cases credit cards — may turn out to be least of the company’s worries. According to information obtained by KrebsOnSecurity.com, for the past four months hackers have been selling an exclusive zero-day flaw that they claim lets intruders break into Web hosting firms that rely on the software.
Google plans today to begin warning Internet users if their computers show telltale signs of being infected with the DNSChanger Trojan. The company estimates that more than 500,000 systems remain infected with the malware, despite a looming deadline that threatens… Read More »
The Wikimedia Foundation last week warned that readers who are seeing ads on Wikipedia articles are likely using a Web browser that has been infected with malware. The warning points to an apparent resurgence in adware and spyware that is being delivered via cleverly disguised browser extensions and plugins that are bundled with other software or foisted in social engineering schemes.
The data breach at Atlanta-based credit and debit card processor Global Payments just keeps getting bigger. Earlier this month, I reported that Visa and MasterCard were alerting banks that the breach extended back to June 2011. Now it appears the… Read More »
Facebook is attempting to dismantle a new social networking worm that spreads via an application built to run seamlessly as a plugin across multiple browsers and operating systems. In an odd twist, the author of the program is doing little to hide his identity, and claims that his “users” actually gain a security benefit from installing his software.
At issue is a program that the author calls “LilyJade,” a browser plugin that uses Crossrider, an emerging programming framework designed to simplify the process of writing plugins that will run seamlessly across multiple browsers and operating systems, including Google Chrome, Internet Explorer, and Mozilla Firefox. The plugin spreads by posting a link to a video on a user’s Facebook wall, and friends who follow the link are told they need to accept the installation of the plugin in order to view the video. Users who accept the terms of service for LilyJade will have their accounts modified to periodically post links that help pimp the program.
A rash of recent and ongoing targeted attacks involving compromises at high-profile Web sites should serve as a sobering reminder of the need to be vigilant about applying browser updates. Hackers have hit a number of prominent foreign policy and human rights group Web sites, configuring them to serve spyware by exploiting newly patched flaws in widely used software from Adobe and Oracle.
Debit card accounts stolen in a recent hacker break-in at card processor Global Payments have been showing up in fraud incidents at retailers in Las Vegas and elsewhere, according to officials from one bank impacted by the fraud.
At the beginning of March 2012, Danbury, Conn. based Union Savings Bank began seeing an unusual pattern of fraud on a dozen or so debit cards it had issued, noting that most of the cards had recently been used at a cafe at a nearby private school. When the bank determined that the school was a customer of Global Payments, it contacted Visa to alert the card association of a possible breach at the Atlanta-based processor, according to Doug Fuller, Union Savings Bank’s chief risk officer.
The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their… Read More »