β Prisoners allegedly posed as underage girls in $560K sextortion scam β
π Read
via "Naked Security".
They allegedly victimized 442 military men by sending nude photos and then calling, pretending to be irate fathers or police.π Read
via "Naked Security".
Naked Security
Prisoners allegedly posed as underage girls in $560K sextortion scam
They allegedly victimized 442 military men by sending nude photos and then calling, pretending to be irate fathers or police.
β Busted! DOJ exposes huge ad-fraud operation, eight charged β
π Read
via "Naked Security".
The US Department of Justice has charged eight men with running a vast ad-fraud scheme.π Read
via "Naked Security".
Naked Security
Busted! DOJ exposes huge ad-fraud operation, eight charged
The US Department of Justice has charged eight men with running a vast ad-fraud scheme.
β 2014 Marriott Data Breach Exposed, 500M Guests Impacted β
π Read
via "Threatpost | The first stop for security news".
The hackers had access to the impacted database since 2014.π Read
via "Threatpost | The first stop for security news".
Threat Post
Marriott Hotel Data Breach: Ongoing Since 2014
The hackers had access to the impacted database since 2014.
π What is a man-in-the-disk attack? π
π Read
via "Security on TechRepublic".
Android users should beware of this dangerous attack that targets their mobile device's storage.π Read
via "Security on TechRepublic".
π΄ New Report Details Rise, Spread of Email-based Attacks π΄
π Read
via "Dark Reading: ".
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Man-in-the-disk attacks: A cheat sheet π
π Read
via "Security on TechRepublic".
A flaw in Android external storage opens up legitimate apps to being hacked and gives illegitimate ones a window to exploit. Learn more about man-in-the-disk attacks, including how to avoid them.π Read
via "Security on TechRepublic".
TechRepublic
Man-in-the-disk attacks: A cheat sheet
A flaw in Android external storage opens up legitimate apps to being hacked and gives illegitimate ones a window to exploit. Learn more about man-in-the-disk attacks, including how to avoid them.
<b>⌨ Marriott: Data on 500 Million Guests Stolen in 4-Year Breach ⌨</b>
<code>Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.</code><code>Media</code><code>Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the companyβs networks since 2014.</code><code>Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the companyβs network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.</code><code>βFor approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,β Marriott said in a statement released early Friday morning.</code><code>Marriott added that customer payment card data was protected by encryption technology, but that the company couldnβt rule out the possibility the attackers had also made off with the encryption keys needed to decrypt the data.</code><code>The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but itβs worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwoodβs disclosure at the time, that earlier breach stretched back at least one year β to November 2014.</code><code>Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.</code><code>However, this would hardly be the first time a breach at a major hotel chain ballooned from one limited to restaurants and gift shops into a full-blown intrusion involving guest reservation data. In Dec. 2016, KrebsOnSecurity broke the news that banks were detecting a pattern of fraudulent transactions on credit cards that had one thing in common: Theyβd all been used during a short window of time at InterContinental Hotels Group (IHG) properties, including Holiday Inns and other popular chains across the United States.</code><code>It took IHG more than a month to confirm that finding, but the company said in a statement at the time it believed the intrusion was limited to malware installed at point of sale systems at restaurants and bars of 12 IHG-managed properties between August and December 2016.</code><code>In April 2017, IHG acknowledged that its investigation showed cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data β including those used at front desks in certain IHG properties.</code><code>Marriott says its own network does not appear to have been affected by this four-year data breach, and that the investigation only identified unauthorized access to the separate Starwood network.</code><code>Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le MΓ©ridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) prograβ¦
<code>Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.</code><code>Media</code><code>Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the companyβs networks since 2014.</code><code>Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the companyβs network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.</code><code>βFor approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,β Marriott said in a statement released early Friday morning.</code><code>Marriott added that customer payment card data was protected by encryption technology, but that the company couldnβt rule out the possibility the attackers had also made off with the encryption keys needed to decrypt the data.</code><code>The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but itβs worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwoodβs disclosure at the time, that earlier breach stretched back at least one year β to November 2014.</code><code>Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.</code><code>However, this would hardly be the first time a breach at a major hotel chain ballooned from one limited to restaurants and gift shops into a full-blown intrusion involving guest reservation data. In Dec. 2016, KrebsOnSecurity broke the news that banks were detecting a pattern of fraudulent transactions on credit cards that had one thing in common: Theyβd all been used during a short window of time at InterContinental Hotels Group (IHG) properties, including Holiday Inns and other popular chains across the United States.</code><code>It took IHG more than a month to confirm that finding, but the company said in a statement at the time it believed the intrusion was limited to malware installed at point of sale systems at restaurants and bars of 12 IHG-managed properties between August and December 2016.</code><code>In April 2017, IHG acknowledged that its investigation showed cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data β including those used at front desks in certain IHG properties.</code><code>Marriott says its own network does not appear to have been affected by this four-year data breach, and that the investigation only identified unauthorized access to the separate Starwood network.</code><code>Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le MΓ©ridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) prograβ¦
β Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs β
π Read
via "Threatpost | The first stop for security news".
The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.π Read
via "Threatpost | The first stop for security news".
Threat Post
Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs
The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.
π Marriott reveals data breach affecting 500 million hotel guests π
π Read
via "Security on TechRepublic".
Hackers have had access to the Starwood guest reservation database since 2014.π Read
via "Security on TechRepublic".
TechRepublic
Marriott reveals data breach affecting 500 million hotel guests
Hackers have had access to the Starwood guest reservation database since 2014.
π΄ Threat Hunting: Improving Bot Detection in Enterprise SD-WANs π΄
π Read
via "Dark Reading: ".
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.π Read
via "Dark Reading: ".
Darkreading
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
π΄ 39 Arrested in Tech Support Scam Crackdown: Microsoft π΄
π Read
via "Dark Reading: ".
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.π Read
via "Dark Reading: ".
Darkreading
39 Arrested in Tech Support Scam Crackdown: Microsoft
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
β Huge Marriott breach puts 500 million victims at risk β
π Read
via "Naked Security".
The Marriott hotel empire's Starwood guest reservation database has been subject to unauthorised access since 2014.π Read
via "Naked Security".
Naked Security
Marriottβs massive data breach β hereβs what you need to know
The Marriott hotel empireβs Starwood reservation database has been subject to unauthorised access since 2014, exposing 500 million guests.
π Top 4 security threats businesses should expect in 2019 π
π Read
via "Security on TechRepublic".
Cybercriminals are developing more sophisticated attacks, while individuals and enterprises need to be more proactive in security practices.π Read
via "Security on TechRepublic".
TechRepublic
Top 4 security threats businesses should expect in 2019
Cybercriminals are developing more sophisticated attacks, while individuals and enterprises need to be more proactive in security practices.
π΄ Massive Starwood Hotels Breach Hits 500 Million Guests π΄
π Read
via "Dark Reading: ".
Starwood parent Marriott International disclosed the breach today with an announcement that provided some details but left many questions unanswered.π Read
via "Dark Reading: ".
Darkreading
Massive Starwood Hotels Breach Hits 500 Million Guests
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
π Marriott faces massive data breach expenses even with cybersecurity insurance π
π Read
via "Security on TechRepublic".
Marriott's total tab for a data breach affecting as many as 500 million consumers is going to cost billions of dollars over the next few years, based on the average cost of megabreaches.π Read
via "Security on TechRepublic".
TechRepublic
Marriott faces massive data breach expenses even with cybersecurity insurance
Marriott's total tab for a data breach affecting as many as 500 million consumers is going to cost billions of dollars over the next few years, based on the average cost of megabreaches.
β Bing Warns VLC Media Player Site is βSuspiciousβ in Likely False-Positive Gaff β
π Read
via "Threatpost | The first stop for security news".
After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error.π Read
via "Threatpost | The first stop for security news".
Threat Post
Bing Warns VLC Media Player Site is βSuspiciousβ in Likely False-Positive Gaff
After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error.
π΄ Retailers Make Big Strides In Offering Clear Unsubscribe Links π΄
π Read
via "Dark Reading: ".
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.π Read
via "Dark Reading: ".
Dark Reading
Retailers Make Big Strides In Offering Clear Unsubscribe Links - Dark Reading
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.
π΄ Retailers Make Big Strides In Offering Clear Unsubscribe Links π΄
π Read
via "Dark Reading: ".
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.π Read
via "Dark Reading: ".
Dark Reading
Retailers Make Big Strides In Offering Clear Unsubscribe Links - Dark Reading
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.
β Podcast: Breaking Down the Magecart Threat (Part Two) β
π Read
via "Threatpost | The first stop for security news".
In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years.π Read
via "Threatpost | The first stop for security news".
Threat Post
Podcast: Breaking Down the Magecart Threat (Part Two)
In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years.
π΄ Holiday Hacks: 6 Cyberthreats to Watch Right Now π΄
π Read
via "Dark Reading: ".
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.π Read
via "Dark Reading: ".
Darkreading
Holiday Hacks: 6 Cyberthreats to Watch Right Now
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
<b>⌨ What the Marriott Breach Says About Security ⌨</b>
<code>We donβt yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.</code><code>TO COMPANIES</code><code>For companies, this principle means accepting the notion that it is no longer possible to keep the bad guys out of your networks entirely. This doesnβt mean abandoning all tenets of traditional defense, such as quickly applying software patches and using technologies to block or at least detect malware infections.</code><code>It means accepting that despite how many resources you expend trying to keep malware and miscreants out, all of this can be undone in a flash when users click on malicious links or fall for phishing attacks. Or a previously unknown security flaw gets exploited before it can be patched. Or any one of a myriad other ways attackers can win just by being right once, when defenders need to be right 100 percent of the time.</code><code>The companies run by leaders and corporate board members with advanced security maturity are investing in ways to attract and retain more cybersecurity talent, and arranging those defenders in a posture that assumes the bad guys will get in.</code><code>This involves not only focusing on breach prevention, but at least equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when an adversary gains an initial foothold is like allowing a tiny cancer cell to metastasize into a much bigger illness that β left undetected for days, months or years β can cost the entire organism dearly.</code><code>The companies with the most clueful leaders are paying threat hunters to look for signs of new intrusions. Theyβre reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer β anyone but the Chief Technology Officer.</code><code>Theyβre constantly testing their own networks and employees for weaknesses, and regularly drilling their breach response preparedness (much like a fire drill). And, apropos of the Marriott breach, they are finding creative ways to cut down on the volume of sensitive data that they need to store and protect.</code><code>Media</code><code>TO INDIVIDUALS</code><code>Likewise for individuals, it pays to accept two unfortunate and harsh realities:</code><code>Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless arenβt, including your credit card information, Social Security number, motherβs maiden name, date of birth, address, previous addresses, phone number, and yes β even your credit file.</code><code>Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold β usually through no fault of your own. And if youβre an American, it means (at least for the time being) your recourse to do anything about that when it does happen is limited or nil.</code><code>Marriott is offering affected consumers a yearβs worth of service from a company owned by security firm Kroll that advertises the ability to scour cybercrime underground markets for your data. Should you take them up on this offer? It probably canβt hurt as long as youβre not expecting it to prevent some kind of bad outcome. But once youβve accepted Realities #1 and #2 above it becomes clear there is nothing such services could tell you that you donβt already know.</code><code>Once youβve owned both of these realities, you realize that expecting another company to safeguard your security is a foolβs errandβ¦
<code>We donβt yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.</code><code>TO COMPANIES</code><code>For companies, this principle means accepting the notion that it is no longer possible to keep the bad guys out of your networks entirely. This doesnβt mean abandoning all tenets of traditional defense, such as quickly applying software patches and using technologies to block or at least detect malware infections.</code><code>It means accepting that despite how many resources you expend trying to keep malware and miscreants out, all of this can be undone in a flash when users click on malicious links or fall for phishing attacks. Or a previously unknown security flaw gets exploited before it can be patched. Or any one of a myriad other ways attackers can win just by being right once, when defenders need to be right 100 percent of the time.</code><code>The companies run by leaders and corporate board members with advanced security maturity are investing in ways to attract and retain more cybersecurity talent, and arranging those defenders in a posture that assumes the bad guys will get in.</code><code>This involves not only focusing on breach prevention, but at least equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when an adversary gains an initial foothold is like allowing a tiny cancer cell to metastasize into a much bigger illness that β left undetected for days, months or years β can cost the entire organism dearly.</code><code>The companies with the most clueful leaders are paying threat hunters to look for signs of new intrusions. Theyβre reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer β anyone but the Chief Technology Officer.</code><code>Theyβre constantly testing their own networks and employees for weaknesses, and regularly drilling their breach response preparedness (much like a fire drill). And, apropos of the Marriott breach, they are finding creative ways to cut down on the volume of sensitive data that they need to store and protect.</code><code>Media</code><code>TO INDIVIDUALS</code><code>Likewise for individuals, it pays to accept two unfortunate and harsh realities:</code><code>Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless arenβt, including your credit card information, Social Security number, motherβs maiden name, date of birth, address, previous addresses, phone number, and yes β even your credit file.</code><code>Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold β usually through no fault of your own. And if youβre an American, it means (at least for the time being) your recourse to do anything about that when it does happen is limited or nil.</code><code>Marriott is offering affected consumers a yearβs worth of service from a company owned by security firm Kroll that advertises the ability to scour cybercrime underground markets for your data. Should you take them up on this offer? It probably canβt hurt as long as youβre not expecting it to prevent some kind of bad outcome. But once youβve accepted Realities #1 and #2 above it becomes clear there is nothing such services could tell you that you donβt already know.</code><code>Once youβve owned both of these realities, you realize that expecting another company to safeguard your security is a foolβs errandβ¦