Chinese MalWare Attacks Tracked to Individual March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, LuckyCat, mark consulting group, PCI DSS, security
add a comment
According to a report on Foxnews today, TrendMicro has traced a MalWare attack aimed at Tibetan activists in Japan and India to a Chinese graduate of Sichuan University. The LuckyCat campaign has been active for about a year and compromised over 230 computers in 90 separate attacks. You can read the TrendMicro report here. According to TrendMicro: “The Luckycat campaigns targets include the aerospace, military, energy, shipping and engineering industries, as well as Tibetan activists and organizations. Given its technical similarities, Luckycat is believe to be a continuation of ShadowNet, also known as GhostNet, a Chinese cybercrime campaign that has been targeting Tibetan activists as well as the Indian government since 2009, Trend Micro said.”
Wall Street Journal Reporting- Global Payments is Breached March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: credit card theft, cybersecurity, data breach, data compromise, Global Payments, InfoSec, mark consulting group, mastercard, PCI DSS, visa
1 comment so far
Updating my last story, the Wall Street Journal is now reporting that the “massive” data breach referenced earlier was Global Payments, Inc. USA Today is also reporting on the issue. According to sources, Dominican street gangs may be involved. Gartner’s Avivah Litan stated: “are seeing signs of this breach mushrooming. From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud.”
Visa Issued a statement: “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards. … Every business that handles payment card information is expected to protect the security and privacy of their customers’ financial information by adhering to the highest data protection standards. “
MasterCard is: “concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information. If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.”
2012 – Another “Massive” Credit Card Breach March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, data breach, fraud, InfoSec, mastercard, PCI DSS, security, visa
add a comment
According to Krebsonsecurity, the payment card industry has been wracked by yet another massive data breach. The story says that Visa and MasterCard are alerting companies to a US processor that was breached. This, according to reports, is a breach of Track1 and Track2 data. For those unfamiliar with credit cards, track1 and track 2 data is what is known as “magnetic stripe data” and is used to counterfeit cards as it contains the sensitive authentication data necessary for retail (card present) transactions. This is the most dangerous and valuable data to criminals.
As stated on the site: “In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012.”
Risk 101 and my new $500 Million Fortune- Goodbye Work! March 29, 2012
Posted by Chris Mark in Risk & Risk Management.Tags: Chris Mark, jackpot, lottery, mega millions, risk, risk management, security
add a comment
I have written a number of posts on risk and probability in the past. You can read them here. As I was on the phone with a good friend last night talking about buying our Mega Millions lottery tickets for the very first time, I was struck by how amusing the whole situation was. My wife and I were talking with our friends about a strategy to buy lottery tickets. I was talking about buying lottery tickets for the very first time! First, they don’t sell MegaMillions in Utah, and I have never played the lottery. Why? I recognize that the chances of winning are infinitesimally small. (~1 in 176 million) So what changed last night?
The MegaMillions lottery approached $500 million for the jackpot! Can you believe it? I am going to be $500 million richer in the next few days! I just feel it. I have the winning numbers! Odds be damned! Goodbye GlobalRiskInfo.com and hello life of luxury on my new super yacht Risky Business! (I even have it picked out and named) (more…)
BitDefender: “Anonymous is ‘good’ for security” – REALLY?! March 28, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: bitdefender, Chris Mark, cybersecurity, mark consulting group, PCI DSS, security, slutwalk
add a comment
A March 14th, 2012 article on ZDNetAsia sums up one of the major problems with security. Specifically, it is the victims that are consistently blamed for the crime and the belief (very arrogant, I might add) that companies simply don’t care about security and this is why they are victimized. According to the article:
“Alexandu Catalin Cosoi, chief security researcher at BitDefender, for one, said that hacktivist group Anonymous has been “good” for security. This is because even though it had disclosed people’s personal information publicly online, the security breaches it organized had a positive impact, he added. Now, more companies are willing to secure their networks and private data, which is good news, he stated.” (more…)