More unofficial details about the late 2013 Target hack that exposed up to 40 million credit and debit cards and personal data for up to 70 million customers have started to surface, Krebs on Security reports, revealing that a piece of malware that’s “nearly identical” to a 207kb malicious program sold on the black market with prices starting at $1,800 may have been responsible for the massive card data breach. More →
Target was not the only retail chain under attack during the 2013 Black Friday hack, with Neiman Marcus and other unnamed retailers confirmed to have been hit in a similar fashion. Target has recently confirmed that hackers managed to steal personal data belonging to 70 million people during the attack, after initially saying they stole credit and debit card data belonging to up to 40 million customers, including encrypted keys.
Hackers in Europe managed to target several cash machines from an unnamed bank earlier last year by infecting them with malware from USB drives, BBC News reports. The researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. According to their report, the ATM thefts were discovered in July after a bank noticed how its machines were emptied of cash even though the cash should have been protected inside safes. The bank then discovered how criminals were cutting holes into ATMs in order to transfer malware from the USB to the ATM. Once the data transfer was complete, the holes would be patched up to conceal the attack. More →
Andrew “bunnie” Huang and Sean “xobs” Cross have discovered a way to hack even the small microSD cards that go inside current smartphones and tablets to increase their storage, as well as other flash-based memory solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog post on bunnie:studios, Huang explained how the hack works, and why many flash cards are susceptible to being hacked and used for malicious purposes by people who are aware of this particular potentially serious security vulnerability. More →
Target on Friday confirmed that hackers managed to steal encrypted data including encrypted PINs, as reported by Reuters earlier this week, but added that the PIN numbers are still safe and hackers shouldn’t be able to use the information to compromise debit cards. According to the retailer, the PIN information is encrypted at the keypad and it remains encrypted within the system until it is decrypted only by the external payment processing company. The PINs were encrypted with Triple DES, “a highly secure encryption standard used broadly throughout the U.S.” More →
The hackers who managed to steal data for up to 40 million credit cards used in Target stores on Black Friday and in following weeks have reportedly accessed the associated encrypted personal identification numbers (PINs) as well, which could be cracked and used to make fraudulent withdrawals. Reuters revealed the news in a recent report, which cited “a senior payments executive familiar with the situation.” However, Target says that unencrypted PINs were not accessed during the “sophisticated” digital heist and that there was no evidence that PINs were compromised, even if encrypted data that may have or may have not contained encrypted PINs was stolen. More →
Nearly every action you take while online is monitored by advertisers, from the products you buy to the links that you click. Ads are tailor-made for each and every user, like a more accurate Pandora, but without the music. Despite all of this, people are still more concerned about hackers accessing their private information than they are about advertisers paying for it. More →
UPDATE: Target on Thursday confirmed that 40 million credit and debit cards were breached between November 27 and December 15, ZDNet reports, with hackers stealing personal data including customer name, credit/debit card number, expiration date and the three-digit security code.
Millions of Black Friday Target shoppers may be at risk, multiple reports reveal, as hackers may have targeted the giant retail chain’ stores during one of the busiest shopping days of the year, potentially walking away with important credit card and debit card data. Krebs on Security says that the data breach extends to “nearly all Target locations nationwide,” and occurred from Thanksgiving 2013 to December 6, although it could have been extended up to December 15. More →
Dozens of reports of cyber-attacks on U.S. companies originating in China have emerged over the past few years. But as these attacks were taking place, hackers in the U.S. were allegedly targeting at least two websites belonging to China’s military. China officials claim U.S. hackers targeted the Defense Ministry’s website and a site belonging to its newspaper, the People’s Liberation Army Daily, an average of 144,000 times per month in 2012, The Associated Press reported. Defense Ministry spokesman Geng Yansheng issued the accusation, and said that the Chinese military has never supported any hacking activity targeting the U.S. “Like other countries, China faces a serious threat from hacking and is one of the primary victims of hacking in the world,” Geng told reporters. “Numbers of attacks have been on the rise in recent years.”
Twitter users are reporting everywhere that their accounts have been compromised, reports TechCrunch. The tech blog says many users have received emails telling them to change their passwords because their accounts might have been hacked. Although the source of the widespread account hacks is unknown, NPR reports that “several China-based foreign journalists and analysts are reporting an attempted hacking of their Twitter accounts, as China’s Communist Party begins a sensitive meeting that will set in motion a once-a-decade leadership transition.” While it might be a stretch to make a connection to China’s political transition, Twitter hasn’t provided any formal statement as to what caused the widespread Twitter breaches. As a safety precaution, it may be wise to change your Twitter account password. More →
Two more months and Sony (SNE) would have made it through the entire year without any drama involving hackers trying to crack its console security or bring down its PlayStation Network. According to Eurogamer, the PlayStation 3’s security has been breached by a hacker group called “The Three Tuskateers.” The hackers reportedly discovered the console’s “LV0″ firmware decryption keys and were forced to leak it out for free after another Chinese hacking crew called the “BlueDiskCFW” planned to profit off their work. In layman’s terms, the LV0 keys allow hackers to easily decrypt any PS3 firmware, meaning any patches Sony adds could easily be circumvented.
Anonymous isn’t all about Guy Fawkes masks and news casts with creepy automated voices; sometimes it’s about helping others. As Network World’s Paul McNamara reports, some Anonymous hackers have gone to bat for the Red Sky Film & Television charity that’s aimed at eradicating hunger among New Zealand’s children. Apparently, a lone wolf hacker who was trying to impress Anonymous hacked into the Red Sky site and severely vandalized it, thus sparking a campaign on Facebook to find the perpetrator. More →
A user at password-hacking forum Inside Pro earlier this month published a half-gigabyte file that contained as many as 11 million passwords collected from users at the popular German gaming site Gamigo, Forbes reports. Even though the file containing the passwords has been removed from the forum, Forbes says the damage may have already been done since the file was available for weeks before being taken down. More →