August 23rd, 2019 by hankshelp
“On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United States.”
Posted in Identity Theft, Newsletters, Security Breeches | No Comments »
July 26th, 2019 by hankshelp
“Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.”
Posted in Malware, Newsletters, Security Breeches | No Comments »
July 22nd, 2019 by hankshelp
The keylogger, packaged with the Conexant HD Audio Driver Package in version 1.0.0.46 and earlier, has been discovered by researchers. With this audio driver comes a file, MicTray64.exe (or MicTray.exe for non-64-bit users), which has a Scheduled Task to run each time the user logs-on to their machine. Essentially, each time a key on the keyboard is pressed, it records it. The keystrokes are then stored in a plaintext file – definitely not a secure way of storing every key pressed on a machine.
The keystroke log is stored at C:\users\public\MicTray.log.
Posted in Malware, Security Breeches | No Comments »
July 20th, 2019 by hankshelp
“Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.”
Posted in Malware, Security Breeches | No Comments »
June 28th, 2019 by hankshelp
“A digital intrusion at PCM Inc., a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned.”
Posted in Newsletters, Security Breeches | No Comments »
June 4th, 2019 by hankshelp
Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.
The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.
Posted in Security Breeches | No Comments »
May 25th, 2019 by hankshelp
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
“The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.”
Posted in Security Breeches | No Comments »
April 14th, 2019 by hankshelp
“Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this year. The software giant discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.”
Posted in Identity Theft, Security Breeches | No Comments »
March 30th, 2019 by hankshelp
Once more a malware installed on Point of Sale terminals…
Posted in Identity Theft, Malware, Security Breeches | No Comments »
March 16th, 2019 by hankshelp
“Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor authentication (MFA) according to an analysis by Proofpoint.
This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.”
Posted in Security Breeches | No Comments »