There are still many unanswered questions about the recent attack on Sony Pictures Entertainment , such as how the attackers broke in, how long they were inside Sony’s network, whether they had inside help, and how the attackers managed to steal terabytes of data without notice.
Alleged Counterfeiter “Willy Clock” Arrested
In September 2014, I wrote about receiving a package of $500 in counterfeit U.S.
Gang Hacked ATMs from Inside Banks
An organized gang of hackers from Russia and Ukraine has broken into internal networks at dozens of financial institutions and installed malicious software that allowed the gang to drain bank ATMs of cash. While none of the victim institutions were in the United States or Western Europe, experts say the stealthy methods used by the attackers in these heists would likely work across a broad range of western banks.
Staples: 6-Month Breach, 1.16 Million Cards
Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.
FBI: North Korea to Blame for Sony Hack
The FBI today said it has determined that the North Korean government is responsible for the devastating recent hack attack against Sony Pictures Entertainment . Here’s a brief look the FBI’s statement, what experts are learning about North Korea’s cyberattack capabilities, and what this incident means for other corporations going forward
Banks: Park-n-Fly Online Card Breach
Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly , an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide. In response to questions from KrebsOnSecurity, Park-n-Fly said it recently engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.
SpamHaus, CloudFlare Attacker Pleads Guilty
A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare , KrebsOnSecurity has learned.
Unencrypted Data Lets Thieves ‘Charge Anywhere’
Charge Anywhere LLC , a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014. In a statement released today, the South Plainfield, N.J.
More on Wiretapping ATM Skimmers
Last month, this blog featured a story about an innovation in ATM skimming known as wiretapping, which I said involves a “tiny” hole cut in the ATM’s front through which thieves insert devices capable of eavesdropping on and recording the ATM user’s card data.
Toward a Breach Canary for Data Brokers
When a retailer’s credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we’ll examine one idea to hold consumer data brokers more accountable.