Earlier this month, Home Depot confirmed its payment systems were breached and said some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than last year’s unprecedented breach at Target Corp.
The Home Depot breach has led to fraudulent transactions across the United States, draining cash from customer bank accounts. Criminals are using stolen card information to buy prepaid cards, electronics and even groceries the Wall Street Journal said.
Home Depot had said customers who shopped at its stores as far back as April were exposed, suggesting the breach extended through the busy summer season.
More from Raw Story by clicking here.
Efforts to improve the security of cyberspace have fallen short due to a general inability to grasp the economic and psychological dimensions of the problem, said White House Cybersecurity Coordinator Michael Daniel.
“The bad guys primarily get through vulnerabilities that we know about, and that we even know how to fix. From that standpoint, it ought to be relatively simple — just plug the holes,” Daniel said while delivering a keynote Tuesday at the Billington Cybersecurity Conference in Washington.
SpectorSoft recently surveyed 355 IT professionals, asking about their experience detecting and preventing insider threats – to explore how organizations are addressing this critical issue and how effective they have been.
Approximately 35 percent of respondents reported they had experienced an insider attack, but the situation is probably worse than they think. With an estimated 75 percent of all insider crimes going unnoticed, it seems likely that all organizations have experienced an insider crime, whether they know it or not.
61 percent said they couldn’t deter such attacks and 59 percent said they were unable even to detect one, leaving them vulnerable to fraud, data breaches, and IP theft.
Get theo whole report from SpectorSoft by clicking here.
Russian hackers may have attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions.
The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.
In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers.
“Companies of our size unfortunately experience cyber attacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, said in an e-mail.
More (including video) from Bloomberg News by clicking here.
Jay McAlllister from the SEI Innovation Center: “Cyber-intelligence is the acquisition and analysis of information that is used to identify and track – and predict – cyber-capabilities or intentions of people, and enhance decision-making using that intelligence.”
IT’s ALL ABOUT TRUST…
From pod-cast on
An interview with Cybersecurity guru Daniel Geer…
“If you give people fine-grained control over what their information is in public, people reveal more. They might say if you give me a lot of control, they’d reveal less — but it doesn’t work that way. People will reveal more if they have more control so to a certain extent is what he’s verifying is sort of my own feeling: If I don’t have control I don’t want to reveal it. Does the name Alessandro Acquisti mean anything to you?”
More available from the Washington Post by clicking here.
“There’s a million Snowdens of various degrees at work right now, taking data for profit.”
More from the Los Angeles Times by clicking here.
A computer security firm has found evidence that a Russian cybercrime gang has stolen some 1.2 billion Internet passwords and user names. At this point, we don’t know which sites the passwords are connected to. But given the size of the possible theft, this is something you should take time to respond to as soon as you can, by updating your passwords and making sure they are secure. Your losses on charges to a stolen credit card are limited by law to $50, and they are capped on debit cards if you report a problem promptly. But the latest case may merit more caution because losing a password to a website that holds your personal data can be much harder to recover from. So click here to learn about how to prioritize your response. This means Google, Yahoo, Facebook, Dropbox, Twitter, Apple iCloud, Twitter—any place where you communicate with people and leave valuable data.
The top U.S. telecom regulator on Thursday told communications companies to take the lead in fortifying their networks against cyberattacks, saying they can do more to bolster security short of new government regulations.
In his first major speech devoted fully to cybersecurity, Federal Communications Commission Chairman Tom Wheeler urged the private sector to “step up to assume new responsibility and market accountability for managing cyber risks” before the FCC weighs a regulatory approach to the problem.
“The private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country,” Wheeler said in a speech at the American Enterprise Institute think tank.
“We believe in a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.”
More from Reuters by clicking here.
In an interview with the news agency, Stadtwerke Ettlingen’s Eberhard Oehler said that a simulated attack on the utility had revealed how easy it would be to hack into the energy company’s network through its IT grid.
Felix Lindner, head of IT security company Recurity Labs, who conducted the cyber attack in November 2014, said he gained access to Stadtwerke Ettlingen’s control room and could have “switched off everything: power, water and gas” for the town of Ettlingen, home to 40,000 people in the south of Germany.
Mr Oehler said: ”The experiment has shown that sensitive, critical infrastructure is not sufficiently protected.”
As more components of an energy company’s infrastructure come online, including smart meters, concerns are increasing about the vulnerability of hackers tapping into customer and utility data.
Full story from Metering.com by clicking here…