One basic tenet of computer security is this: If you can’t vouch for a networked thing’s physical security, you also cannot vouch for its cybersecurity. That’s because in most cases, networked things really aren’t designed to foil a skilled and determined attacker who can freely connect his own devices. So you can imagine my shock and horror seeing a Cisco switch and wireless antenna sitting exposed atop of an ATM out in front of a bustling grocery store in my hometown of Northern Virginia.
Kimpton Hotels, a boutique hotel brand that includes 62 properties across the United States, said today it is investigating reports of a credit card breach at multiple locations.
Donald J. Trump has repeatedly bashed Sen. Hillary Clinton for handling classified documents on her private email server, even going so far as to suggest that anyone who is so lax with email security isn’t fit to become president. But a closer look at the Web sites for each candidate shows that in contrast to hillaryclinton.com, donaldjtrump.com has failed to take full advantage of a free and open email security technology designed to stymie email spoofing and phishing attacks.
Far too many otherwise intelligent and talented software developers these days apparently think they can get away with writing, selling and supporting malicious software and then couching their commerce as a purely legitimate enterprise. Here’s the story of how I learned the real-life identity of Canadian man who’s laboring under that same illusion as proprietor of one of the most popular and affordable tools for hacking into someone else’s computer.
Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used siphon card data from Cici’s customers in real-time.
Among the more plunderous cybercrime gangs is a group known as “Carbanak,” Eastern European hackers blamed for stealing more than a billion dollars from banks. Today we’ll examine some compelling clues that point to a connection between the Carbanak gang’s staging grounds and a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity.
In a notable sign of the times, cybercrime has now surpassed all other forms of crime in the United Kingdom, the nation’s National Crime Agency (NCA) warned in a new report. It remains unclear how closely the rest of the world tracks the U.K.’s experience, but the report reminds readers that the problem is likely far worse than the numbers suggest, noting that cybercrime is vastly under-reported by victims.
Most organizations only grow in security maturity the hard way — that is, from the intense learning that takes place in the wake of a costly data breach. That may be because so few company leaders really grasp the centrality of computer and network security to the organization’s overall goals and productivity, and fewer still have taken an honest inventory of what may be at stake in the event that these assets are compromised.
Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software.
Mir Islam, a 21-year-old Brooklyn man who pleaded guilty to an impressive array of cybercrimes including cyberstalking, “doxing” and “swatting” celebrities and public officials (as well as this author), was sentenced in federal court today to two years in prison. Unfortunately, thanks to time served in this and other cases, Islam will only see a year of jail time in connection with some fairly heinous assaults that are becoming all too common.