Home Depot data breach triggers fraudulent transactions around the U.S.

Earlier this month, Home Depot confirmed its payment systems were breached and said some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than last year’s unprecedented breach at Target Corp.

The Home Depot breach has led to fraudulent transactions across the United States, draining cash from customer bank accounts.  Criminals are using stolen card information to buy prepaid cards, electronics and even groceries the Wall Street Journal said.

Home Depot had said customers who shopped at its stores as far back as April were exposed, suggesting the breach extended through the busy summer season.

More from Raw Story by clicking here.

The White House: “Cybersecurity in need of new approach”

Efforts to improve the security of cyberspace have fallen short due to a general inability to grasp the economic and psychological dimensions of the problem, said White House Cybersecurity Coordinator Michael Daniel.

“The bad guys primarily get through vulnerabilities that we know about, and that we even know MichaelDanielhow to fix. From that standpoint, it ought to be relatively simple — just plug the holes,” Daniel said while delivering a keynote Tuesday at the Billington Cybersecurity Conference in Washington.

“We haven’t fully confronted cybersecurity as a human behavior and motivation problem, as opposed to a technical problem,” he continued. “Until we understand the human factors … we will continue to fail at solving this problem.”

A real-time overview of the insider threat landscape

SpectorSoft recently surveyed 355 IT professionals, asking about their experience detecting and preventing insider threats – to explore how organizations are addressing this critical issue and how effective they have been.

Approximately 35 percent of respondents reported they had experienced an insider attack, but the situation is probably worse than they think. With an estimated 75 percent of all insider crimes going unnoticed, it seems likely that all organizations have experienced an insider crime, whether they know it or not.

61 percent said they couldn’t deter such attacks and 59 percent said they were unable even to detect one, leaving them vulnerable to fraud, data breaches, and IP theft.

Get theo whole report from SpectorSoft by clicking here.

 

Russia Tied to JPMorgan Hacking ?

Russian hackers may have attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.

In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers.

“Companies of our size unfortunately experience cyber attacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, said in an e-mail.

More (including video) from Bloomberg News by clicking here.

Cyber-intelligence defined…

Jay McAlllister from the SEI Innovation Center: “Cyber-intelligence is the acquisition and analysis of information that is used to identify and track – and predicMacalistert – cyber-capabilities or intentions of people, and enhance decision-making using that intelligence.”

IT’s ALL ABOUT TRUST…

From pod-cast on

Cyber Intelligence Tradecraft Project: Summary of Key Findings

Why one of cybersecurity’s thought leaders uses a pager instead of a smart phone

DanAn interview with Cybersecurity guru Daniel Geer…

“If you give people fine-grained control over what their information is in public, people reveal more. They might say if you give me a lot of control, they’d reveal less — but it doesn’t work that way. People will reveal more if they have more control so to a certain extent is what he’s verifying is sort of my own feeling: If I don’t have control I don’t want to reveal it.  Does the name Alessandro Acquisti mean anything to you?”

More available from the Washington Post by clicking here.

 

Snowden leaks prompt firms to focus cyber security on insider threats

“There’s a million Snowdens of various degrees at work right now, taking data for profit.

snowden

More from the Los Angeles Times by clicking here.

A Billion Passwords Have Been Stolen. Here’s What You should Do

A computer security firm has found evidence that a Russian cybercrime gang has stolen some 1.2 billion Internet passwords and user names. At this point, we don’t know which sites the passwords are connected to. But given the size of the possible theft, this is something you should take time to respond to as soon as you can, by updating your passwords and making sure they are secure. Your losses on charges to a stolen credit card are limited by law to $50, and they are capped on debit cards if you report a problem promptly. But the latest case may merit more caution because losing a password to a website that holds your personal data can be much harder to recover from. So click here to learn about how to prioritize your response. This means Google, Yahoo, Facebook, Dropbox, Twitter, Apple iCloud, Twitter—any place where you communicate with people and leave valuable data.

U.S. telecom chief tells industry to lead on cybersecurity

The top U.S. telecom regulator on Thursday told communications companies to take the lead in fortifying their networks against cyberattacks, saying they can do more to bolster security short of new government regulations.

In his first major speech devoted fully to cybersecurity, Federal Communications Commission Chairman Tom Wheeler urged the private sector to “step up to assume new responsibility and market accountability for managing cyber risks” before the FCC weighs a regulatory approach to the problem.

“The private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country,” Wheeler said in a speech at the American Enterprise Institute think tank.

“We believe in a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.”

More from Reuters by clicking here.

German utility says don’t underestimate threat of cyber attacks

In an interview with the news agency, Stadtwerke Ettlingen’s Eberhard Oehler said that a simulated attack on the utility had revealed how easy it would be to hack into the energy company’s network through its IT grid.

Felix Lindner, head of IT security company Recurity Labs, who conducted the cyber attack in November 2014, said he gained access to Stadtwerke Ettlingen’s control room and could have “switched off everything: power, water and gas” for the town of Ettlingen, home to 40,000 people in the south of Germany.

Mr Oehler said: ”The experiment has shown that sensitive, critical infrastructure is not sufficiently protected.”

As more components of an energy company’s infrastructure come online, including smart meters, concerns are increasing about the vulnerability of hackers tapping into customer and utility data.

Full story from Metering.com by clicking here…