CVS Photo – Data Breach

Posted on September 14, 2015 by Carmelo

Credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised, and customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com and the pharmacies. Financial transactions on CVS.com and in-store are not affected.

No word on how many’s private data or credit card data was compromised.

How much Thirty Party security should be reviewed? It doesn’t seem to be enough and the hiring company always takes the reputational hit.

Posted in Security Blog | Tagged , , , , , | Comments Off on CVS Photo – Data Breach

Infographic on Data Breaches

Posted on September 13, 2015 by Carmelo

Infographic on Data Breaches by Thomson Reuters

Posted in Security Blog | Tagged , , , | Comments Off on Infographic on Data Breaches

Excellus Healthcare (Blue Cross Blue Shield) Data Breach

Posted on September 12, 2015 by Carmelo

Attackers may have gained access to Excellus clients’ names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claim information as indicators of compromise goes back to 2013.

Excellus has a client base of 10 million.

Healthcare companies are the best targets for attackers, the data contains loads of personal information. This is proven in the latest Ponemon report with Healthcare breaches being the majority of all breaches at 34%, followed by Government at 31%, and IT at 15%. (Check this infographic out)

Though there isn’t any indicators that the data was leaked, just that it was accessed, Excellus will offer any effected, identity monitoring and protection.

Posted in Security Blog | Tagged , , , , , | Comments Off on Excellus Healthcare (Blue Cross Blue Shield) Data Breach

Ashley Madison Users Don’t Know Password Security

Posted on September 12, 2015 by Carmelo

It took about 10 days to crack over 11 million passwords of Ashley Madison subscribers/users. Here are some of the worst ones…

shitty ashley madison passwords

Posted in Security Blog | Tagged , , , , | Comments Off on Ashley Madison Users Don’t Know Password Security

Hijacked Satellite (Download Links) used to Steal Data From Thousands of Computers

Posted on September 10, 2015 by Carmelo

The Turla APT group (we think), who are responsible for the Epic Turla cyber-espionage operation, pushing malware to hundreds of computers in more than 45 countries, have hijacked downstream links from satellites to hide their command and control servers.

The Turla attack campaigns used different vectors like; Phishing, SpearPhishing, and Watering hole attacks.

In order to hack a satellite, the only items needed are a place where a satellite provides Internet coverage, a satellite dish and a hardwired Internet connection. Hackers set up the satellites dishes to intercept and sniff the traffic.

satellite_Internet_eng_4

Detailed information is here.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Hijacked Satellite (Download Links) used to Steal Data From Thousands of Computers

Mars Rover Susceptible to Integer Overflow Vulnerability

Posted on September 10, 2015 by Carmelo

The Mars Rover has parts that run on VxWorks, and with that, bring some vulnerabilities. The Integer Overflow vulnerability was in the OS which allows targeting a specific part of the operating system and write to memory on the machine running.

An attacker would have to target a VxWorks device with port 111 open, and the vulnerability exploited, it would be possible to set up a backdoor account and control functions of the operating system.

Aside from the Mars Rover, there are approximately 10,000 devices on the Internet hosted in the US that run VxWorks, but it’s not easily known if those devices are running a version of the OS that has the vulnerability.

Posted in Security Blog | Tagged , , , | Comments Off on Mars Rover Susceptible to Integer Overflow Vulnerability

Vehicle Automation Susceptible to DoS Attacks

Posted on September 9, 2015 by Carmelo

Self driving cars are pretty darn cool, but so are cybersecurity attacks against them. Like stopping them in their tracks with a laser pointer. No kidding!

Security researcher, Dr. Jonathan Petit, (English version of little john… lol) points out the vulnerability with his detailed explanation here. It’s a very detailed explanation.

Jonathan wrote in a paper, which he will present at Black Hat Europe, that he recorded the pulses emitted by objects with a commercial lidar (light detection and ranging) system that self-driving cars use to detect objects.

By beaming the pulses back at a lidar on a self-driving car with a laser pointer, he could force the car into slowing down or stopping to avoid hitting phantom objects.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Vehicle Automation Susceptible to DoS Attacks

1st Half of 2015’s Data Breaches – Infographic

Posted on September 9, 2015 by Carmelo

Here are some awesomely shocking numbers related to data breaches of 2015s 1st half of the year.

BLI-2015-H1-infographic

Get the report here.

Posted in Security Blog | Tagged , , , , | Comments Off on 1st Half of 2015’s Data Breaches – Infographic

Infographic on Ethical Hacking

Posted on September 9, 2015 by Carmelo

Found on Trustwave‘s site.

newEthicalHackingHistory_Full

Posted in Security Blog | Tagged , , , , | Comments Off on Infographic on Ethical Hacking

You Won’t Believe What Makes This Beautiful Pattern Underwater!!!

Posted on September 8, 2015 by Carmelo

phishing

The image in the title was created by the pufferfish, but more importantly, this is how some people try to get you to click on links. It’s called Click-Baiting.

A cool picture, maybe some cool information you might not know, or just a link to some drive-by malware.

Next month is National CyberSecurity Awareness Month and the month Pumpkin Spice is in EVERYTHING.

I hope to have enough content to bring you some entertaining and useful information that you can share with family and friends to keep everyone safe.

themoreyouknow

Posted in Security Blog | Tagged , , | Comments Off on You Won’t Believe What Makes This Beautiful Pattern Underwater!!!