10 total posts
Nationwide, Allied Insurance Breach Hits 1.1 Million Users
An estimated 1.1 million consumers are at risk of identity theft after thieves broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes.
The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but it waited to inform consumers directly. Earlier news accounts offered some hints at the scope of the breach, including some 30,000 victims in Florida and Ohio and 90,000 in Iowa.
"Although we are not aware of any misuse of consumers' information at this time, we have sent letters to notify those individuals whose personal information we believe was compromised, as well as certain additional individuals whose information was or may have been involved, but whom we do not believe had information compromised in the attack," the company said in a statement released Wednesday.
That personally identifiable information includes names and Social Security numbers, driver's license numbers and/or dates of birth. It also may include marital status, gender, occupations and the name and address of an employer. The company said there isn't any indication other sensitive data - such as medical information or credit card numbers -- was stolen.
Continued : https://threatpost.com/en_us/blogs/nationwide-allied-insurance-breach-hits-11-million-users-120512
1.1 million US consumers affected as insurance companies breached
Nationwide/Allied security breach highlights litigation fears
Nationwide Mutual hack affected '1.1 million Americans'
Student convicted for PayPal DDoS attacks
Christopher Weatherhead, a 22-year-old student from Northampton, has been convicted in a London court on one count of conspiracy to impair the operation of computers under the 1977 Criminal Law Act. Weatherhead was arrested in January 2011 in connection with "Operation Payback", a series of prolonged Distributed Denial of Service (DDoS) attacks that targeted PayPal and other web sites after they refused to process payments to Wikileaks. PayPal told the court that the attacks had cost it £3.5 million in damage repair and installation of defensive systems for future attacks.
Weatherhead is said to have coordinated the DDoS attacks through IRC chat rooms as the "communications manager" for a group of hackers belonging to the Anonymous collective, according to a report in The Guardian. Using the pseudonym "Nerdo", the court heard that he had organised the group and was apparently involved in picking targets for the attacks, but his defence maintained that he never took part in any DDoS actions himself. During the trial, he was portrayed as an idealist dreamer who joined Anonymous to protest against censorship on the internet. He told the court he had, at one time, dreamed of working for Amazon or Google.
Continued : http://www.h-online.com/security/news/item/Student-convicted-for-PayPal-DDoS-attacks-1764262.html
British Student Convicted Over Anonymous PayPal Hacking
Anonymous Hacker Convicted in the UK for DDOS Attacks on PayPal
U.K. hacker convicted for taking part in Anonymous attacks
Mobile Web Browsers Overlooking Security Requirements,
.. Researchers Say
Even security experts have trouble detecting a potentially dangerous Website on a mobile browser, according to a recent study at Georgia Tech.
Users on mobile browsers are vulnerable to certain types of attacks because the browsers are not implementing all the recommended security indicators in the interest of conserving screen real estate, Patrick Traynor, assistant professor in Georgia Institute of Technology's School of Computer Science, told SecurityWeek. Since the users don't have the visual cues to alert them to attacks, it is more difficult to avoid becoming victims, he said.
Mobile Web Browsers were missing certain security elements and indicators that are common in desktop Web browsers, or things weren't implemented consistently. The researchers figured that if they, as experts, had trouble figuring out what was going on in the browser, then it made sense that average users were at higher risk. The study was designed to find out whether the browsers provided enough information for even an information security expert to determine the site's safety.
"With all 10 of the leading browsers on the market today, the answer was no," Traynor said.
Continued : http://www.securityweek.com/mobile-web-browsers-overlooking-security-requirements-researchers-say
Beware of bogus Facebook account cancellation requests
Bogus "Facebook Account Cancellation Request" emails are back, and this time the malicious senders didn't opt for making users infect themselves. [Screenshot]
The "click here" link will secretly redirect victims through a number of sites and finally land them on one serving exploits for two Java Runtime Environment and a Adobe Reader and Acrobat flaw, warns Webroot.
If any of the exploits are successful, the user will be saddled with a Trojan that is currently detected by only 3 out of the 46 AV solutions used by VirusTotal.
If you receive an email like this one and are not sure whether it's legitimate or not, contact Facebook and ask them whether they have sent it before even thinking of clicking on the offered link.
PayPal phishing scams ramp up for holidays
"Internet users should not assume that because they're somewhat savvy that they are invulnerable, warns one security expert"
Tis the season to be careful. That should be no surprise. Given that the online holiday shopping season is peaking, cybercriminals would be expected to ramp up their efforts as well.
But it might be a bit surprising -- not to mention depressing for security evangelists -- that one of the oldest and typical scams aimed at online buyers is still successful: PayPal email phishing.
Paul Ducklin wrote this week on Naked Security that Australian PayPal users are being targeted. But there is also word of the same thing happening in Ontario, Canada.
It won't stop there. Chester Wisniewski, a senior security adviser at Sophos, noted that PayPal is used worldwide."It is a global phenomenon. These guys are equal opportunity exploiters," he said.
Even though the scam is common, Wisniewski said it remains successful. He said nobody but the criminals know just how successful they are, however. "Scams that aren't working die quickly, so we can assume that these must work quite well considering the frequency that we see them," he said.
Continued : http://www.csoonline.com/article/723379/paypal-phishing-scams-ramp-up-for-holidays
Related: Fake PayPal Emails: Windows 8 and Vintage Photo Collections
ZeuS Hackers Spoof Top US Banks to Infect New Victims
Dell SecureWorks' Counter Threat Unit (CTU) has discovered that the hackers behind the Gameover ZeuS banking Trojan (the largest botnet targeting financial institutions) is in the midst of launching several malicious spam campaigns using the Cutwail botnet (the largest spam botnet currently on the underground market ) to lure new computer victims in order to steal their banking credentials and credit card numbers.
Forgoing any holiday related scams, the ZeuS gang is sending out millions of bogus messages made to look like they are coming from many of the top US banks and read: "You have received a new encrypted message or a secure message from [XYZ] Bank". The message states that the bank is concerned about your privacy and has come up with a system so their customers can securely exchange emails containing personal information. They ask the recipient to download the attachment and register if you are a first time user. [Screenshot]
In actuality, when the attachment is clicked on, the user is executing the Pony downloader, which in turn installs the infamous Gameover ZeuS banking Trojan. Previous work I did has shown that the Cutwail botnet only needs to employ approximately 10,000 bots per spam campaign to send out hundreds of millions of malicious spam messages to computer users all over the world (https://iseclab.org/papers/cutwail-LEET11.pdf).
Continued : http://www.secureworks.com/cyber-threat-intelligence/blog/trojans/zeus-hackers-spoof-top-us-banks-infect-victims/
Unexpected reboot: Necurs
From Microsoft's Malware Protection Center:
Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012.
Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole.
So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
• Download additional malware
• Hide its components
• Stop security applications from functioning
In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs family write-up for the full details.
Continued : http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
New Accounting System Hack Could Cause 'Mayhem'
Attacks against massive and proprietary enterprise accounting systems, in particular financial software such as SAP and Oracle, have been few and far between. That changed at this week's Black Hat Abu Dhabi conference where a pair of researchers presented proof-of-concept code that could change the dynamic of the financially motivated attack landscape.
The attack, dubbed Project Mayhem, could enable an attacker to divert funds from a company's accounting and financial systems without immediate detection. In addition to code, the attacker would be relying on the fact that midsized companies in particular, do not have complete control or visibility into financial processes or individual transactions, and are likely to miss fraud at first glance.
"Getting caught depends on the skills and resources available and whether an audit is performed or not," wrote Tom Eston and Brett Kimmel of SecureState in a white paper explaining Project Mayhem in detail.
Eston and Kimmel's presentation at Black Hat focused on Microsoft Dynamics Great Plains software, in particular targeting Dynamics' SQL database, SQL server, or hijacking an account via a process injection attack. Microsoft Dynamics is used primarily in midsized companies. The duo said their motivation in developing this attack was to help penetration testers efforts in examining the defenses of these systems. SecureState is a consultancy provide security services such as pen-testing.
Continued : https://threatpost.com/en_us/blogs/new-accounting-system-hack-could-cause-mayhem-120712
How to report a computer crime: Fake anti-virus
Do you know how to report a computer crime? Or even who you would report it to?
So far, we have looked at phishing and SQL injection attacks, trolling, unauthorised email account access and malware in our series of articles on how to report a computer crime. In this article, we'll look at fake anti-virus.
We'll look at what offences are committed in different countries when a crime like this happens, how you should report the crime, and what evidence you can preserve that might help in the subsequent investigation.
Take this scenario:
'Peter is browsing the internet at home using his PC and lands on an adult content web portal. He sees a hyperlink offering to download an X-rated movie. Peter downloads the file.
Peter has the option "Hide extensions for known file types" selected in the folder option of his user account settings, so he is not aware of the fact that the file he has downloaded is in fact an executable file and not the AVI file it is masquerading as.
Peter runs the file and nothing appears to happen. He attempts to access Windows Task Manager but he finds he is unable to. After about two minutes, the icons on Peter's desktop disappear and he is presented with a scrolling window that appears to be scanning the contents of his hard drive. Once the scan has finished, Peter is told that his computer is infected with over twenty pieces of malware. ........ '
Continued : http://nakedsecurity.sophos.com/2012/12/07/how-to-report-fake-anti-virus/