The largest cyber security blog
Adobe has shipped a new version of its Flash Player browser plugin to close at least 19 security holes in the program, including one that is already being exploited in active attacks. The new Flash version, v. 20.0.0.267 for most Mac and Windows users, includes a fix for a vulnerability (CVE-2015-8651) that Adobe says is … Читать далее
Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores. Banking sources say they’ve been trying to figure out why so many … Читать далее
Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. Hyatt’s notice to customers has very few details about the investigation, such as how long the breach lasted or how many consumers may have had their card data … Читать далее
Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it. New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to … Читать далее
With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here’s what you need to know going into January to protect … Читать далее
The U.S. Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers about security. LifeLock agreed to pay $100 million for violating a 2010 promise to cease deceptive advertising practices. Oracle’s legal troubles with the FTC stem from … Читать далее
Digital gift card retailer Gyft has forced a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. Mountain View, Calif. based Gyft lets customers buy and use gift cards entirely from their mobile devices. Acting on a tip from a trusted source … Читать далее
Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, and Morton’s. Update, 2:57 p.m. ET: Landry’s has acknowledged an investigation. Their press release … Читать далее
The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users. Perhaps more interestingly, the guy who found and reported the breach doesn’t even … Читать далее
On any given day, there are thousands of gift cards from top retailers for sale online that can be had for a fraction of their face value. Some of these are exactly what they appear to be: legitimate gift cards sold through third-party sites that specialize in reselling used or unwanted cards. But many of the more steeply discounted … Читать далее