April 3rd, 2020 by hankshelp
“A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.”
Posted in Phishing, Security Breeches | No Comments »
March 12th, 2020 by hankshelp
“Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site’s source code”
Posted in Newsletters, Security Breeches | No Comments »
January 30th, 2020 by hankshelp
“Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.”
Posted in Network, Security Breeches | No Comments »
November 19th, 2019 by hankshelp
“The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites.”
Posted in Malware, Security Breeches | No Comments »
November 2nd, 2019 by hankshelp
“What Happened?
On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.
Upon discovery of this unauthorized access, the company immediately began working with an independent cybersecurity firm to conduct a comprehensive investigation to determine the scope of the incident, including the specific data impacted. We have also reported the intrusion to federal authorities and are notifying affected customers.
Safeguarding our customer’s information is core to our mission. We are committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity. We will continue to do so as we incorporate the key learnings of this incident to further strengthen our cyber defenses.”
Posted in Identity Theft, Security Breeches | No Comments »
October 31st, 2019 by hankshelp
“On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.
Upon discovery of this unauthorized access, the company immediately began working with an independent cybersecurity firm to conduct a comprehensive investigation to determine the scope of the incident, including the specific data impacted. We have also reported the intrusion to federal authorities and are notifying affected customers.
Safeguarding our customer’s information is core to our mission. We are committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity. We will continue to do so as we incorporate the key learnings of this incident to further strengthen our cyber defenses.”
Posted in Newsletters, Security Breeches | No Comments »
October 28th, 2019 by hankshelp
“An open cloud database sets the stage for phishing attacks for users of the subscription service.”
Posted in Identity Theft, Phishing, Security Breeches | No Comments »
October 23rd, 2019 by hankshelp
“Hackers breached a server used by popular virtual network provider NordVPN and stole encryption keys that could be used to mount decryption attacks on segments of its customer base.
A log of the commands used in the attack suggests that the hackers had root access, meaning they had almost unfettered control over the server and could read or modify just about any data stored on it. One of three private keys leaked was used to secure a digital certificate that provided HTTPS encryption for nordvpn.com. The key wasn’t set to expire until October 2018, some seven months after the March 2018 breach. Attackers could have used the compromised certificate to impersonate the nordvpn.com website or mount man-in-the-middle attacks on people visiting the real one. Details of the breach have been circulating online since at least May 2018.”
Posted in Security Breeches | No Comments »
October 17th, 2019 by hankshelp
A thriving online bazaar selling stolen payment card data has been hacked in a heist that leaked the records for more than 26 million cards, KrebsOnSecurity reported on Tuesday.
Posted in Identity Theft, Security Breeches | No Comments »
October 5th, 2019 by hankshelp
“According to the disclosure, Comodo said the hackers stole usernames, names and email addresses, as well as the user’s last IP address used to access the forum. Some social media handles were also stolen in the breach.
Comodo said it has about 245,000 registered forum users.
It’s not the most damaging breach on record, but it’s a bruising security lapse for a company that claims to be half-decent at this stuff.
This is Comodo’s second security snafu this year following another breach involving an exposed password, which allowed a security researcher access to the company’s intranet — and access to internal files and documents.”
Posted in Security Breeches | No Comments »