Info From 40 Million Credit Cards Stolen From Target

For a store that’s logo is a giant bulls-eye, Target recently found itself in the crosshairs of  some credit card thieves. And, if you shopped at a physical Target location in the United States between November 27th and December 15th and used a credit or a debit card, your financial information may have been stolen as well. At the end of the day, Target fears that the information from up to 40 million debit and credit cards were stolen during that few week period. It doesn’t matter where in the United States you shopped as Target is seeing signs of fraud all over the country. This is definitely not the kind of publicity Target was looking for during the 2013 Christmas season.
This news is not something for shoppers to take lightly. If you are one of the approximately 40 million people who used their credit or debit card at Target between those dates, Target is encouraging you to keep a close on all of the activity with your card(s). If you see anything suspicious, you should definitely alert your financial institution immediately. They are also recommending that you look at your credit report every so often.

Just What Can The Thieves Do With Your Information?
According to Techland, the thieves can use the magnetic stripe information from your card to make fake cards which they can then use. If they were able to retrieve your PIN number from a debit transaction, they would also (in theory) be able to take out cash from ATM’s. What Target knows for sure the thieves obtained were the names, credit card numbers, expiration dates, and the CVV from the back of the cards.
What’s even more interesting with this large security breach is that it appears there was some tampering with Target’s credit card machines themselves. Obviously, Target has no idea how this happened and is investigating with help from the Secret Service.
Target has offered affected customers discounts and free credit monitoring. Was your account one of the 40 million that were stolen?

Source : Techland , TechBeat News

Read More

Torrent Uploader Fined $652,000 For Uploading 1 Movie

In spite of the heat on torrent sites, as well as uploaders and downloaders, it seems that people are not really deterred from carrying on. Even The Pirate Bay, the world’s most resilient torrent site, continues to operate. Of course, we don’t know how much longer they can resist with pressure coming from all sides. Still, people who torrent do not seem all that concerned.
But, did you know that people actually get caught and are punished for torrenting?

Take this guy from Sweden. According to Torrent Freak:

A moderator and uploader of one of Sweden’s oldest but now defunct private torrent sites has been hit with a huge damages award. For uploading a single pre-release movie the 28-year-old is now required to pay $652,000, the equivalent amount the studio would have charged for a license to distribute the movie for free. For sharing more than 500 others he received a suspended jail sentence plus 160 hours community service.

It’s rather notable that the fine – more than half a million dollars – is only for ONE movie. For the other movies he had shared, his punishment is “merely” community service.
Now, if you’re thinking that you have not done anything of this sort for years, you probably should not sit back and relax just yet. The unlucky guy is facing the consequences of his actions many years back. He used to be a moderator and uploader from April 2008 and November 2011. Many years later, he has been dubbed “Sweden’s “worst ever” individual movie pirate”. And the law has caught up with him.
It does seem that this case is being highlighted as an example. There are obviously many other individuals who have done the same thing, whether on a smaller or larger scale, it doesn’t matter.
So what do you think of this? Does it make you wary about torrenting activities?

Source : TechBeat News
Image via appszoom

Read More

Pony Botnet Steals 2 M Yahoo, Facebook, Google Passwords

According to researchers at Spiderlabs, criminals have scooped up more than 2 million passwords for sites such as Facebook, Yahoo and search engine giant Google, but it appears that the data was stolen via malware-infected machines rather than a direct hack of their systems.
Trustwave‘s SpiderLabs delved into source code from the Pony botnet and made some staggering discoveries.  The botnet managed to steal credentials for; 1.58 million websites, 320,000 email accounts, 41,000 FTP accounts, 3,000 remote desktops and 3,000 secure shell accounts.
Further research into the domains from which those passwords were stolen, Facebook was the most popular; it accounted 57 percent or 318,121. Yahoo came in second with approximately 60,000, followed by Google Accounts (54,437), Twitter (21,708) and Google.com (16,095). And professionals were also made unsecure, as also on the list was LinkedIn with 8,490 passwords stolen.

Worryingly, payroll provider ADP also had 7,978 passwords stolen, which Trustwave said was surprising.  “Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions,” the firm wrote in a blog post.
The Pony Botnet used a reverse proxy to avoid being detected and it continued the scam as long as possible.  Trustwave said, “Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down…While this behaviour is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any.”
Trustwave also didn’t have more details about how passwords were obtained but the data however revealed, that many people need to create better and more complex passwords. Almost 16,000 accounts used “123456″ as their passwords, and 2,212 used the word “password” and 1,991 used the word “admin.” Trustwave says overall, only 5 percent of the 2 million passwords are what they consider to be excellent (passwords that use all four character types and are longer than 8 characters).
With organised criminal activities on the rise and the use and misuse of social media such as Facebook and Twitter becoming so prevalent in today’s world, it does make good sense to use excellent passwords to secure your data, doesn’t it?

According to researchers, scammers have scooped up more than 2 million passwords for sites like Facebook, Google, and Yahoo, but it appears that the data was stolen via malware-infected machines rather than a hack of those companies' systems.
Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for: 1.58 million websites; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts.
Looking at the domains from which those passwords were stolen, Facebook was most popular, accounting for 318,121, or 57 percent. Yahoo came in second with about 60,000, followed by Google Accounts (54,437), Twitter (21,708), and Google.com (16,095). Also on the list was LinkedIn (8,490 passwords) and payroll provider ADP (7,978), which Trustwave said was surprising. "Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," the firm wrote in a blog post.
The presence of Russian social networks vk.com and odnoklassniki.ru on the list, meanwhile, "probably indicates that a decent portion of the victims comprised were Russian speakers," Trustwave said.
The Pony Botnet used a reverse proxy to avoid detection and continue the scam as long as possible. "Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down," Trustwave said. "While this behavior is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any."
Trustwave also didn't have more details about how passwords were obtained; it's possible the malware logged keystrokes. The data did reveal, however, that many of you need to step up your password game. Almost 16,000 accounts used "123456" as their passwords, while 2,212 used "password" and 1,991 used "admin."
Overall, only 5 percent of the 2 million passwords are what Trustwave considers to be excellent - passwords that use all four character types and are longer than 8 characters. Another 17 percent are good, 44 percent are medium, 28 percent are bad, and 6 percent are terrible.

Source : TechBeat News, PCMag

Read More

US agrees to pay $50m after 'piracy' of software

 

The US government has agreed to pay $50m (£31m) after it was said to have pirated "thousands" of copies of military software.

Apptricity, based in Texas, has provided logistics programs to the army since 2004.
The company said it had discovered last year the software had been installed on many more machines than had been licensed.
The Department of Justice has not commented on the settlement.
The Dallas Morning News reported a DoJ spokeswoman had confirmed the agreement, but would not give more details.
Apptricity's software allows the military to track the movements of soldiers as well as key supplies.
It has also been used during relief efforts, most notably in Haiti following the 2010 earthquake.
According to court documents filed in 2012, the deal with the military meant up to 500 named users could access the software.
Presentation revelation Apptricity later estimated that 9,000 users were accessing the program, in addition to the 500 that had been paid for.
The unauthorised copying only came to light after a US Army official mentioned "thousands" of devices running the software during a presentation on technology.
Apptricity called for $224m (£137m) to be paid to cover costs.
The settlement of $50m falls some way short - but in a statement the company said Apptricity would spend the sum on expanding the company.
"Apptricity is now incredibly energised to use the settlement resolution as a catalyst for aggressive investment in our team, our solutions and our untapped market opportunities," said Randy Lieberman, Apptricity's chief financial officer.
In recent years, the US government has stepped up efforts to combat piracy, announcing a wide-ranging strategy for clamping down in 2010.
"Piracy is theft, clean and simple," remarked vice-president Joe Biden at the time.

Source : BBC News

Read More

Akamai to Acquire DDoS Security Firm Prolexic for $370M

Akamai Technologies on Monday announced it has agreed to buy Prolexic Technologies for about $370 million in cash to bolster its cyber-security offerings.
Hollywood, Fla.-based Prolexic offers cloud-based security solutions for protecting data centers and enterprise IP applications from distributed denial of service (DDoS) attacks, which leverage large numbers of compromised PCs to flood a website with traffic and knock it offline. Akamai said the acquisition will allow it to offer a complete portfolio of enterprise security solutions for defending against application, network, and data center attacks delivered over the Internet.
Akamai CEO Tom Leighton said that all companies on the Web today are facing an ever-evolving threat landscape, including attacks aimed at disrupting operations, defacing the brand, or attempting to steal sensitive data.
"By joining forces with Prolexic, we intend to combine Akamai's leading security and performance platform with Prolexic's highly regarded DDoS mitigation solutions for data center and enterprise applications protection," Leighton said. "We believe that Prolexic's solutions and team will help us achieve our goal of making the Internet fast, reliable, and secure."
Akamai said it offers solutions for defending websites and Web applications against even the largest and most sophisticated DDoS and application-layer attacks. The firm combines DDoS mitigation solutions with security operations expertise to protect data centers and enterprise IP applications.
"Today, business is defined by the availability, security and latency of Internet-facing applications, data and infrastructure," Prolexic CEO Scott Hammack said in a statement. "Being able to rely on one provider for Internet performance and security greatly simplifies resolution of network availability issues and offers clients clear lines of accountability. We believe that, together, we will be able to deliver an unprecedented level of network visibility and protection."
The transaction is subject to customary closing conditions, including regulatory approvals. It deal is expected to close in the first half of 2014.
Prolexic earlier this year reported that the first quarter of 2013 was a "landmark quarter" for DDoS attacks.

Source : PCMag

Read More