39 replies to this topic

[AplusWebMaster]

FYI...

Credit Card breach at Home Depot ...
- http://krebsonsecuri...-at-home-depot/
Sep 2, 2014 - "Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and law enforcement agencies to investigate reports of suspicious activity. Contacted by this reporter about information shared from several financial institutions, Home Depot spokesperson Paula Drake confirmed that the company is investigating. “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said... There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by this reporter all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market:
A massive new batch of cards labeled “American Sanctions” and “European Sanctions” went on sale Tuesday, Sept. 2, 2014
> http://krebsonsecuri...ansanctions.png
... this crime shop has named its newest batch of cards “American Sanctions.” Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labled “European Sanctions.” It is not clear at this time how many stores may be impacted, but preliminary analysis indicates the breach may extend across all 2,200 Home Depot stores in the United States. Home Depot also operates some 287 stores outside the U.S. including in Canada, Guam, Mexico, and Puerto Rico. This is likely to be a fast-moving story with several updates as more information becomes available. Stay tuned.
Update: 1:50 p.m. ET: Several banks contacted by this reporter said they believe this breach may extend back to late April or early May 2014. If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period."

- http://www.bloomberg...ata-breach.html
Sep 2, 2014
___

- http://krebsonsecuri...pot-stores-hit/
Sep 3, 2013 - "New data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly -all- of the company’s stores across the nation..."
___

- https://atlas.arbor....index#908540839
High Severity
11 Sep 2014
___

Home Depot hit by same Malware as Target
- http://krebsonsecuri...ware-as-target/
Sep 7, 2014 - "... new -variant- of the same malicious software program that stole card account data from cash registers at Target last December..."
> http://blog.trendmic...etail-accounts/
___

- http://www.reuters.c...N0H327E20140908
Sep 8, 2014 - "... Home Depot Inc confirmed on Monday that its payment security systems have been breached, which could impact customers using payment cards at its stores in the United States and Canada. Home Depot, however, said it has found no evidence that personal identification numbers (PINs) have been compromised, it said in a statement*..."
* http://phx.corporate...news&id=1964976
Sep 8, 2014

- http://blog.trendmic...ackpos-malware/
Sep 9, 2014
 

   

Edited by AplusWebMaster, 12 September 2014 - 04:21 AM.

[AplusWebMaster]

FYI...

5 million GMail accounts hacked
- http://money.cnn.com...ity/gmail-hack/
Sep 10, 2014
___

- http://www.webroot.c...s-breached-one/
Sep 10, 2014 - "... This morning, we found out that there was a breach of over 5 million Gmail accounts, all hosted in a plain text file on Russian hacker forums.  Naturally, we wanted to see what the data was like, and there it was, plain as day for everyone to see. We started to look up our various accounts, and out of my whole team, I was the only one to appear. Right in front of me, on a list with 5 million other people, was my information.... Every three months is the average for a company for changing of passwords, often not allowing you to repeat for at least 10 passwords. This may be an annoyance, but with breaches like this occurring on a daily basis, it’s a necessary step that you should be following at home as well. It’s no longer simply about someone figuring your password out, but rather the idea that any level of breach can grab your standard password and e-mail address, and attempt it across multiple channels until success is found.  Changing your password removes this ability... With cell phones being at the ready in almost all aspects of our daily lives, this is one of the most convenient and easy layers to implement. By adding this layer, the service will authenticate any login attempt through an independent channel, allowing you to know if someone is attempting unauthorized access. Below are links to the sites listed above for their steps on enabling this step.
    Gmail: https://www.google.com/landing/2step/
    Amazon: http://aws.amazon.com/iam/details/mfa/
    PayPal: https://www.paypal.c...-outside&bn_r=o
    Facebook: https://www.facebook...150172618258920
    Twitter: https://blog.twitter...in-verification
While we are still unsure how the hacker was able to get all this information, it’s clear as day that it is out there, and because of that, vigilance is key. Just as you wouldn’t leave your credit cards laying around, you shouldn’t risk your passwords being out there either.  Data is valuable, and the more private or financially focused it is, the more we need to take it seriously.  So take these simple steps, get another layer of security established, and make it a habit to change passwords so you don’t become another name on the list as I did. In the mean time, you can check and see if your e-mail is apart of the breach by following this link:
- https://isleaked.com/en.php

Google Two-Step authentication: https://support.goog...er/175197?hl=en
___

- http://www.theinquir...l-password-dump
Sep 11 2014 - "... Google talked about "credential dumps"*, which is described as the uploading of a lot of usernames and passwords on the web. It called them a 'recent phenomenon', adding that it regularly scans them for evidence of impact. It said that a recent leak from earlier this week, which was thought to include data from around five million Google and other provider email accounts, had a failure rate of around 98 percent, meaning that fewer than two out of every hundred credentials could be used... The firm took the opportunity to remind people that they probably use the same login credentials on a range of websites and that this is like bathing in gasoline while smoking a pipe..."
* http://googleonlines...word-dumps.html
 

Edited by AplusWebMaster, 11 September 2014 - 07:06 AM.

[AplusWebMaster]

FYI...

JPMorgan still seeks to determine extent of Attack
- http://www.nytimes.c...-of-attack.html
Sep 12, 2014 - "The headache caused by the attack on JPMorgan Chase’s computer network this summer may not go away anytime soon. Over two months, hackers gained entry to dozens of the bank’s servers, said three people with knowledge of the bank’s investigation into the episode who spoke on the condition of anonymity. This, they said, potentially gave the hackers a window into how the bank’s individual computers work. They said it might be difficult for the bank to find every last vulnerability and be sure that its systems were thoroughly secured against future attack. The hackers were able to review information about a million customer accounts and gain access to a list of the software applications installed on the bank’s computers. One person briefed said more than -90- of the bank’s servers were affected, effectively giving the hackers high-level administrative privileges in the systems. Hackers can potentially crosscheck JPMorgan programs and applications with known security weaknesses, looking for one that has not yet been patched so they can regain access. A fourth person with knowledge of the matter, also speaking on condition of anonymity, said hackers had not gained access to account holders’ financial information or Social Security numbers, and may have reviewed only names, addresses and phone numbers. The hack began in June and was not detected until late July. JPMorgan briefed financial regulators on the extent of the damage last week. Investigators say they believe that at least four other banks or financial institutions were also affected..."
 

[AplusWebMaster]

FYI...

Home Depot breach - 56 million cards ...
- http://www.reuters.c...N0HD2J420140918
Sep 18, 2014 - "Home Depot Inc Thursday said some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than last year's unprecedented breach at Target Corp. Home Depot, in providing the first clues to how much the breach would cost, said that so far it has estimated costs of $62 million. But it indicated that costs could reach much higher. It will take -months- to determine the full scope of the fraud, which affected Home Depot stores in both the United States and Canada and ran from April to September. Retailer Target incurred costs of $148 million in its second fiscal quarter related to its breach. Target hackers stole at least 40 million payment card numbers and 70 million other pieces of customer data. Home Depot said that criminals used unique, custom-built software that had not been seen in previous attacks and was designed to evade detection in its most complete account of what had happened since it first disclosed the breach on Sept. 8. The company said that the hackers’ method of entry has been closed off, the malware eliminated from its network, and that it had rolled out "enhanced encryption of payment data" to all U.S. stores... Of the estimated cost so far of $62 million, which covers such items as credit monitoring, increased call center staffing, and legal and professional services, Home Depot said it believes that $27 million of the amount will be paid for by insurers. But the company said it has not yet estimated the impact of "probable losses" related to the possible need to reimburse banks for fraud and card replacement, as well as covering costs of lawsuits and government investigations... Criminals have frequently used software that evades detection, but retailers are expected to closely monitor their networks using tools that are designed to uncover signs of a crime in progress..."
___

- http://www.reuters.c...N0IQ2L120141107
Nov 6, 2014 - "... Criminals used a third-party vendor's user name and password to enter the perimeter of its network, Home Depot said in a statement on Thursday. The hackers then acquired "elevated rights" that allowed them to navigate parts of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada, according to the company. Home Depot said the stolen credentials did not alone provide direct access to the company's point-of-sale devices. Since September, the company has implemented enhanced encryption of payment data in all U.S. stores and said the rollout to Canadian stores will be completed by early 2015. This, however, was "really lipstick on a pig" and the proper solution was to add chip and PIN, or EMV technology, to U.S. credit cards, said David Campbell, chief security officer at SendGrid, a cloud-based email delivery service. Home Depot said it was already rolling out the EMV technology*..."
* https://en.wikipedia.org/wiki/EMV
 

Edited by AplusWebMaster, 07 November 2014 - 08:42 AM.

[AplusWebMaster]

FYI...

JPMorgan hack exposed data of 83 million ...
- http://www.reuters.c...N0RX3K620141002
Oct 2, 2014 - "Names, addresses, phone numbers and email addresses of the holders of some 83 million households and small business accounts were exposed when computer systems at JPMorgan Chase & Co were recently compromised by hackers, making it one of the biggest data breaches in history. The bank revealed the scope of the previously disclosed breach on Thursday, saying that there was no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen. It added that it has not seen "unusual customer fraud" related to the attack which exposed contact information for 76 million households and 7 million small businesses. The people affected are mostly account holders, but may also include former account holders and others who entered their contact information at the bank’s online and mobile sites, according to a bank spokeswoman. Security experts outside of the bank warned that the breach could result in an increase in crime as scammers will likely attempt to use the stolen information to engage in various types of fraud. The bank's customers should be on heightened alert for fraud, said Mark Rasch, a former federal cyber crimes prosecutor... At the end of August, JPMorgan said it was working with U.S. law enforcement authorities to investigate a possible cyber attack. As with home break-ins, it can take victims of data attacks months to discover what, if anything, is missing..."

* http://www.sec.gov/A.../d799478d8k.htm
Oct 2, 2014
___

States probe JPMorgan Chase as hack seen fueling fraud
- http://www.reuters.c...N0HS1ST20141003
Oct 3, 2014 - "Two U.S. states are investigating the theft of 83 million customer records from JPMorgan Chase in a massive cyber attack uncovered over the summer, and more may soon join... Illinois Attorney General Lisa Madigan said she has launched a probe into the hack on the No. 1 U.S. bank by assets. Connecticut is also investigating, said a person familiar with the matter who was not authorized to publicly discuss the probe... Special Assistant Attorney General William Brauch, director of the Iowa Department of Justice’s Consumer Protection Division, told Reuters that other states attorneys general are discussing the matter and could launch a joint investigation... News of the actions by the states emerged a day after the bank said in a regulatory filing* that customer names, addresses, phone numbers and email addresses were taken in the attack that the bank said surfaced in August. It added that it was continuing to investigate the matter and that customers would -not- be liable for any unauthorized transactions that were promptly reported to the bank... cybercrime experts warned that the hack could fuel years of fraud, as criminals use the stolen data to "phish" for customer passwords and ferret out other consumer accounts..."
___

- http://atlas.arbor.n...index#364889606
Elevated Severity
9 Oct 2014

- http://www.computerw...ase-breach.html
Oct 11, 2014 - "... That chase.com does not support Perfect Forward Secrecy* is more disgraceful than their getting hacked. There are no bad guys here, it is totally under their control. Chase CEO James Dimon recently announced that the bank will double the amount of money they spend on computer security. Hopefully this will be on their shopping list..."

chase.com
- https://www.ssllabs....&s=159.53.42.11
Oct 13 2014 - "... The server does -not- support Forward Secrecy with the reference browsers...
Signature algorithm - SHA1withRSA - WEAK ...
Protocol Details:
Secure Client-Initiated Renegotiation - Supported - DoS DANGER ..."

Forward secrecy
* https://en.wikipedia...Forward_secrecy
 

Edited by AplusWebMaster, 13 October 2014 - 10:52 AM.

[AplusWebMaster]

FYI...

Kmart stores hit by data breach
- http://www.reuters.c...N0HZ2BW20141011
Oct 10, 2014 - "Sears said it was the victim of a cyberattack that likely resulted in the theft of some customer payment cards at its Kmart stores, the latest in a series of computer security breaches to hit U.S. companies and dealing a fresh blow to the struggling U.S. retailer. The U.S. Secret Service confirmed it was investigating the breach, which occurred in September and compromised the systems of Kmart, which has about 1,200 stores across the United States. The breach did not affect the Sears department store chain. A Sears spokesman said he could not say how many credit and debit card numbers had been taken. He added that the personal information, debit card PIN numbers, email addresses and Social Security numbers of its customers remained safe. Security professionals said they were not surprised to learn that yet another major retailer was reporting a breach, adding they believe many big merchants do not have adequate systems for detecting cyberattacks, which means they still remain easy prey... hackers are able to get into networks because they are “so broad and vast” that attackers will always find a way in. Retailers need to do a better job of quickly detecting them before they begin to steal data... Sears said that the attackers used malicious software that was undetectible using anti-virus software, highlighting the challenge of keeping up with the evolving techniques of computer hackers. Company spokesman Chris Brathwaite said Sears had been upgrading its systems even before the recent spate of incidents involving retailers, which included a massive breach of the systems of Target Corp... Kmart apologized to its customers on Friday and said it was working with federal authorities, banking partners and security firms in the probe..."
- http://www.kmart.com...l=hpnewsrelease

- https://s3.amazonaws...nnouncement.pdf
___

Dairy Queen customer data hacked in 46 states
- http://www.reuters.c...N0HZ1TM20141010
Oct 10, 2014 - "Ice cream and fast-food restaurant chain Dairy Queen has confirmed a security breach that may have compromised the payment card information of customers at several hundred locations across 46 U.S. states. Computers at Dairy Queen locations, and one Orange Julius smoothie stores, were infected by the malicious software, Backoff, which has been targeting retailers since it first surfaced a year ago, International Dairy Queen said late on Thursday. The Edina, Minnesota-based company is a subsidiary of Berkshire Hathaway Inc... The malware infected computers at 395 of its more than 4,500 U.S. locations, exposing the names, numbers and expiration dates of customer payment cards, the statement said. There is no indication that other personal information, including card PINs, social security numbers or email addresses were stolen, it said. International Dairy Queen said it is offering free identity repair services for one year to customers in the United States who made purchases at any of the effected restaurants. Stores in four states, Rhode Island, Vermont, Hawaii and Louisiana, did not appear to be impacted by the breach, the company said. The U.S. government has released reports on several types of malicious software that cyber criminals have used to steal payment cards in the wake of last year's breach on Target Corp, which resulted in the theft of some 40 million card numbers. Backoff, first identified in October 2013, is capable of scraping computer memory for track data and logging keystrokes, the U.S. Department Of Homeland Security warned retailers in July."
- http://www.dairyquee...localechange=1
Oct 9, 2014
 

Edited by AplusWebMaster, 11 October 2014 - 09:38 AM.

[AplusWebMaster]

FYI...

Dropbox passwords leaked
- http://www.reuters.c...N0I309Z20141014
Oct 14, 2014 - "Hundreds of alleged usernames and passwords for online document-sharing site Dropbox were published on Monday on Pastebin, an anonymous information-sharing website. The anonymous user, who claims to have hacked close to 7 million accounts, is calling for Bitcoin donations to fund the operation... Dropbox, however, said it has -not- been hacked. "These usernames and passwords were unfortunately -stolen- from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well," a Dropbox spokesman said in an email to Reuters. Dropbox is a Silicon Valley startup that has proved a hit with consumers and boasts more than 200 million users six years after it was started..."

- http://www.theinquir...rds-leak-online
Oct 14 2014 - "... The company said* that, if any leak has occurred, it came from a third-party app and if anyone does happen to be using the same password across services, it is still likely to be very out of date as the company now uses a token API rather than a text-in-the-clear system. At present, the hackers are dripfeeding the user names and passwords they claim to have harvested into Pastebin documents and are appealing for bitcoin donations to reveal more..."

* https://blog.dropbox...x-wasnt-hacked/
Oct 13, 2014 - "Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens. Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Update: 10/14/2014 12:30am PT
A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts."
 

Edited by AplusWebMaster, 14 October 2014 - 06:17 AM.

[AplusWebMaster]

FYI...

2 hacks plead guilty to $15 million scheme
- http://www.reuters.c...N0ID2IM20141024
Oct 24, 2014 - "A Massachusetts man was sentenced to 21 months in prison on Friday for his role in a cybercrime scheme that hacked accounts at banks, brokerage firms and government agencies in an attempt to steal more than $15 million, U.S. prosecutors said. Robert Dubuc, 41, pleaded guilty to wire fraud conspiracy, conspiracy to commit access device fraud and identity theft in federal court in New Jersey in April. U.S. District Judge Peter Sheridan in Trenton imposed the sentence on Friday. A co-defendant, Oleg Pidtergerya, pleaded guilty to the same charges and is scheduled for sentencing in December. Prosecutors said the two men were members of an international cybercrime ring led by Oleksiy Sharapka and Leonid Yanovitsky of Kiev, Ukraine, who have also been indicted but remain at large. The group hacked into accounts in 2012 and 2013 at global banks and other institutions, including Citigroup Inc, JPMorgan Chase & Co, the U.S. Department of Defense, PayPal and others, and diverted funds into accounts and debit cards they controlled, prosecutors said. The group then used “cash out” crews to tap the stolen funds by withdrawing cash from ATMS and making fraudulent purchases, according to prosecutors. Dubuc operated a crew out of Massachusetts, while Pidtergerya led a crew in New York, the government said. Eight individuals have been charged in the case."
- http://www.justice.g...ws Release.html
 

[AplusWebMaster]

FYI...

U.S.P.S. hacked ...
- http://www.reuters.c...N0IU1P420141110
Nov 10, 2014 - "The U.S. Postal Service reported a data breach on Monday that may have compromised personal information about its 800,000 employees as well as data on customers who contacted its call center from January through mid-August. The employee information possibly accessed includes names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information... The service said the intrusion compromised data from people who contacted the Postal Service Customer Care Center by telephone or email from January until Aug. 16. That includes names addresses, phone numbers and email addresses. The breach did not affect credit card data from retail or online services including Click-N-Ship, the Postal Store, PostalOne! or change of address services, it said. "The FBI is working with the United States Postal Service to determine the nature and scope of this incident," the FBI said in a statement..."
 

 

Edited by AplusWebMaster, 10 November 2014 - 04:19 PM.

[AplusWebMaster]

FYI...

FBI warns of 'destructive' malware in wake of Sony attack
- http://www.reuters.c...N0JF3FE20141202
Dec 1, 2014 - "The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch a destructive cyberattack in the United States, following a devastating breach last week at Sony Pictures Entertainment. Cybersecurity experts said the malicious software described in the alert appeared to describe the one that affected Sony, which would mark first major destructive cyber attack waged against a company on U.S. soil. Such attacks have been launched in Asia and the Middle East, but none have been reported in the United States. The FBI report did not say how many companies had been victims of destructive attacks... The five-page, confidential "flash" FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware. The report said the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up... The FBI released the document in the wake of last Monday's unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films... The FBI said it is investigating the attack with help from the Department of Homeland Security. Sony has hired FireEye's Mandiant incident response team to help clean up after the attack, a move that experts say indicates the severity of the breach. While the FBI report did not name the victim of the destructive attack in its bulletin, two cybersecurity experts who reviewed the document said it was clearly referring to the breach at the California-based unit of Sony Corp... Hacks used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers. Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran. Security experts said that repairing the computers requires technicians to manually either replace the hard drives on each computer, or re-image them, a time-consuming and expensive process..."

- http://www.latimes.c...1201-story.html
Dec 1, 2014
 

 

Edited by AplusWebMaster, 02 December 2014 - 05:58 AM.