Who’s In Your Online Shopping Cart?

Credit to Author: BrianKrebs| Date: Sun, 04 Nov 2018 19:10:06 +0000

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that is obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain.

Read more

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Credit to Author: BrianKrebs| Date: Fri, 03 Aug 2018 15:48:53 +0000

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards.

Read more

LifeLock Bug Exposed Millions of Customer Email Addresses

Credit to Author: BrianKrebs| Date: Wed, 25 Jul 2018 22:20:46 +0000

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security.

Read more

Bad .Men at .Work. Please Don’t .Click

Credit to Author: BrianKrebs| Date: Mon, 11 Jun 2018 14:42:39 +0000

Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren’t a whole mess of nasty .com, .net and .biz domains out there, but relative to their size (i.e. overall number of domains) these newer TLDs are far dicier to visit than most online destinations.

Read more

Think You’ve Got Your Credit Freezes Covered? Think Again.

Credit to Author: BrianKrebs| Date: Wed, 09 May 2018 13:36:04 +0000

I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus. Here’s a look at what may be going on, and how you can protect yourself.

Read more

Think You’ve Got Your Credit Freezes Covered? Think Again.

Credit to Author: BrianKrebs| Date: Wed, 09 May 2018 13:36:04 +0000

I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new lines of credit for things like mobile phones on people who have already frozen their credit files with the big-three credit bureaus. Here’s a look at what may be going on, and how you can protect yourself.

Read more

OSX.Proton spreading through fake Symantec blog

Credit to Author: Thomas Reed| Date: Mon, 20 Nov 2017 18:29:16 +0000

A new variant of the OSX.Proton malware is being promoted via a fake Symantec blog site.

Categories:

Tags:

(Read more…)

The post OSX.Proton spreading through fake Symantec blog appeared first on Malwarebytes Labs.

Read more