Phishing Anthem

Posted on February 14, 2015 by Carmelo

Since my original posting about the Anthem Health Insurance Breach

Investigators believe the cyber crooks compromised the logins from 5 different tech workers, possibly through a phishing scheme that could have tricked them into unknowingly revealing a password or downloading malicious software.
http://www.insurancejournal.com/news/national/2015/02/10/357051.htm

What’s worse, other (or the same) cyber crooks are targeting fresh information and kicking those who are already down, by sending more phishing emails that look like they are coming from Anthem or Empire to verify details of their information. It is advised that people should not clink on any links, reply to e-mails or open any attachments from Anthem or Empire. Legitimate contact will only be sent directly through the US Postal Service to both current and former members.
http://www.examiner.com/article/anthem-insurance-breach-affects-more-than-4-5-new-yorkers

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Phishing Anthem

HSBC Breach In November Reveals…

Posted on February 9, 2015 by Carmelo

HSBC Holdings plc, a British multinational banking and financial services company head-quartered in London, United Kingdom is the world’s second largest bank. Last November, they were breached. HSBC claimed that it “stopped the cyber-attack”, but not before attackers accessed payment card numbers and linked account numbers, along with card expiry dates and card holder names of customers.

It was not disclosed the number of records exposed or possible number of customers affected in the breach, some reports say the number may total 2.7 million customers.

According to The Guardian, the breach has helped reveal that HSBC provides exceptional customer service by helping some of their clients with tax avoidance and tax evasion services. Despite that bankers are prohibited from doing so.

HSBC says it won’t comment on many of the specific allegations because of ongoing criminal investigations and because of Swiss bank secrecy laws.

Posted in Security Blog | Tagged , , , , , , | Comments Off on HSBC Breach In November Reveals…

Convenience Traded for Privacy: Samsung Televisions

Posted on February 9, 2015 by Carmelo

Cool new technologies like the Samsung voice controlled television, are a great convenience. They are also a huge window for the Samsung company to get into your homes. When you enable voice control, all noises are transmitted to Samsung and third parties they are affiliated with, to process to see if it is a command or not.

There are similar concerns with using Siri on the iPhone and the OK Google command on the Android phones.

Many don’t realize that their devices are configured to spy on them, but the information is buried within the gargantuan user agreements.

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on Convenience Traded for Privacy: Samsung Televisions

Intuit’s Turbo Tax

Posted on February 9, 2015 by Carmelo

Was shut down to investigate if there was a breach as many had logged in to find that their refunds were already claimed. It was found that no breach occurred. According to Brian Krebs, both Turbo Tax and H&RBlock credentials go for about $0.04 on the underground market.

The tax refunds that were falsely claimed are most likely to be the result of malware on PCs that harvest user-names and passwords for websites; easy passwords; and/or phishing emails that look like they came from real tax preparation services.

Posted in Security Blog | Tagged , , , , , | Comments Off on Intuit’s Turbo Tax

Renaissance Festival 2015

Posted on February 7, 2015 by Carmelo

SAM_1381

SAM_1388

SAM_1389

SAM_1393

Eek! A toothless dragon!
SAM_1400

The dragon has wings!
SAM_1406

SAM_1412

SAM_1453

SAM_1463

SAM_1465

SAM_1503

SAM_1512

SAM_1525

Posted in life | Comments Off on Renaissance Festival 2015

Anthem Health Insurance Breach

Posted on February 5, 2015 by Carmelo

Anthem was the target of a very sophisticated external cyber attack. Based on what they know at this time, there is no evidence that credit card or medical information were targeted or compromised, just the other information that makes it possible to steal one’s identity.

It’s unknown how many records were stolen, but nearly 69 million people served by its affiliated companies including more than 37 million enrolled in its family of health plans, Anthem is one of the nation’s leading health benefits companies.

Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, to evaluate our systems and identify solutions based on the evolving landscape.

Read more here.

Posted in Security Blog | Tagged , , , | Comments Off on Anthem Health Insurance Breach

From Russia with Love Letters

Posted on February 4, 2015 by Carmelo

A Russian team allegedly breached the Sony entertainment company’s network by sending spear phishing emails containing a remote access Trojan (RAT) to Sony employees in India, Russia and other Asian countries. Once they had access to the computers of these employees, the attackers leveraged advanced pivoting techniques to make their way to Sony’s network in Culver City, California.

Read the report here.

They may still have access to the breached network. It’s not known for sure.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on From Russia with Love Letters

Sony Remediation Cost Totals $35 Million

Posted on February 4, 2015 by Carmelo

While Sony Pictures Entertainment said in an earnings report that the hack would cost $15 million “in investigation and remediation costs” for the quarter to Dec. 31, senior general manager Kazuhiko Takeda said Wednesday that the figure would be $35 million for the full fiscal year through March 31.

Read more here

Posted in Security Blog | Tagged , , , | Comments Off on Sony Remediation Cost Totals $35 Million

US Army Releases Cyber-Forensic Dshell Code

Posted on February 3, 2015 by Carmelo

Available here on github, The Army Research Labs has publicly released a tool to help with network forensic analysis.

Posted in Security Blog | Tagged , , , , , , | Comments Off on US Army Releases Cyber-Forensic Dshell Code

Hacking Too Much Time!!!

Posted on February 1, 2015 by Carmelo

This re-donk-ulously awesome movie needs to happen.

Post by NERD RAGE.
Posted in Security Blog | Tagged , | Comments Off on Hacking Too Much Time!!!