Other – Page 13 – Computer Security Articles

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

May 18, 2017 admin avivah litan, Equifax, Gartner Inc., ICSI, Identity Theft, International Computer Science Institute, knowledge-based authentication, Nicholas A. Oldham, Nicholas Weaver, Other, TALX, tax refund fraud, two-factor authentication

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Independent Krebs

Breach at DocuSign Led to Targeted Email Malware Campaign

May 15, 2017 admin DocuSign breach, DocuSign phishing, macro exploit, Microsoft Word, Other

Credit to Author: BrianKrebs| Date: Tue, 16 May 2017 03:34:58 +0000

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign.

Independent Krebs

Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

May 13, 2017 admin bitcoin, Other, Redsocks, San Diego, Stefan Savage, University of California, Wana ransomware

Credit to Author: BrianKrebs| Date: Sat, 13 May 2017 20:10:43 +0000

As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.

Independent Krebs

Microsoft Issues WanaCrypt Patch for Windows 8, XP

May 13, 2017 admin microsoft, Other, Phillip Misner, Wana Decryptor, Wanna Decryptor, Wanna.Cry ransomware, Windows XP

Credit to Author: BrianKrebs| Date: Sat, 13 May 2017 13:00:06 +0000

Microsoft Corp. today took the unusual step of issuing security updates to address flaws in older, unsupported versions of Windows — including Windows XP and Windows 8. The move is a bid to slow the spread of the WanaCrypt ransomware strain that infected tens of thousands of Windows computers virtually overnight this week.

Independent Krebs

U.K. Hospitals Hit in Widespread Ransomware Attack

May 12, 2017 admin AVAST!, Bleeping Computer, Jakub Kroustek, Lawrence Abrams, National Health Service, Other, Telefonica, Wanna Decryptor, WannaCry

Credit to Author: BrianKrebs| Date: Fri, 12 May 2017 16:54:01 +0000

At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them. It remains unclear exactly how this ransomware strain is being disseminated and why it appears to have spread so quickly, but there are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft.

Independent Krebs

Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday

May 9, 2017 admin Adobe Flash Player update, Flash Player 25.0.0.171, google, Microsoft Patch Tuesday May 2017, Other, tavis ormandy

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 18:14:25 +0000

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually issued an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs. Last week, Google security researcher Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned.

Independent Krebs

Website Flaw Let True Health Diagnostics Users View All Medical Records

May 8, 2017 admin alex holden, Data Breach Investigations Report, DBIR, Hold Security, Other, Troy Mursch, True Health CEO Chris Grottenthaler, True Health Diagnostics, Verizon

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 03:13:04 +0000

Over the past two weeks readers have pointed KrebsOnSecurity to no fewer than three different healthcare providers that failed to provide the most basic care to protect their patients’ records online. Only one of the three companies — the subject of today’s story — required users to be logged in order to view all patient records. A week ago I heard from Troy Mursch, an IT consultant based in Las Vegas. A big fan of proactive medical testing, Mursch said he’s been getting his various lab results reviewed annually for the past two years with the help of a company based in Frisco, Texas called True Health Diagnostics.