The Home Depot investigating possible massive data breach: Adds Security Pressure
Mikahel Love, IIO
Summary: Reports are out that a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, with multiple banks confirming that The Home Depot stores may be the source.
Home Depot Inc. (HD)’s investigation of a suspected hacker attack is renewing pressure on retailers and credit-card providers to strengthen payment-system security. Home Depot spokesperson Paula Drake confirmed that the company is investigating. “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
The largest home-improvement chain said yesterday, 02 Sept. 2014, that it was working with banks and law enforcement on the possible incursion, following a report by KrebsOnSecurity that a “massive” batch of stolen credit- and debit-card information was posted for sale online.
There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by Brian Krebs, reporter for KrebsOnSecurity.com, all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market.
The number of customers affected by The Home Depot breaches amounts to more than one-third of the American population.
A recent Kaspersky Lab research examination of two command and control servers used by the Backoff point-of-sale malware revealed that a U.S.-based Mexican restaurant chain, a North American freight shipping company and a North American payroll association had also been breached.
The breaches prompted a warning by the U.S. Secret Service last week warning of a spree of point-of-sale attacks affecting more than 1,000 businesses. Backoff has experts concerned because it’s effective in swiping customer credit card data from businesses using a variety of exfiltration tools, including memory, or RAM scraping, techniques, keyloggers and injections into running processes.
A report from US-CERT said attackers use Backoff to steal payment card information once they’ve breached a remote desktop or administration application, one that’s using weak or default credentials that tumble in a brute-force attack.
Hackers then install Backoff on a point of sale device, injecting the code into a running process in order to scrape credit card numbers from memory before they’re encrypted on the device.
A number of banks are telling Krebs that the breach dates as far back as April and that all 2,200 Home Depot locations in the U.S. could be involved. By comparison, there are 1,795 Target locations in the U.S.. That could make a Home Depot breach even bigger than that of Target, which began in November and was reported in December.
In that breach, Target said hackers had stolen credit or debit card information from about 40 million customers. The company also said criminals had stolen other pieces of personal information, like email and mailing addresses, from about 70 million people.
The number of customers affected by The Home Depot breaches amounts to more than one-third of the American population.
A recent Kaspersky Lab research examination of two command and control servers used by the Backoff point-of-sale malware revealed that a U.S.-based Mexican restaurant chain, a North American freight shipping company and a North American payroll association had also been breached.
The breaches prompted a warning by the U.S. Secret Service last week warning of a spree of point-of-sale attacks affecting more than 1,000 businesses. Backoff has experts concerned because it’s effective in swiping customer credit card data from businesses using a variety of exfiltration tools, including memory, or RAM scraping, techniques, keyloggers and injections into running processes.
A report from US-CERT said attackers use Backoff to steal payment card information once they’ve breached a remote desktop or administration application, one that’s using weak or default credentials that tumble in a brute-force attack.
Hackers then install Backoff on a point of sale device, injecting the code into a running process in order to scrape credit card numbers from memory before they’re encrypted on the device.
“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst at Morningstar Inc. in Chicago. If the Home Depot breach is on the same scale as Target (TGT)’s incident last year, “there is obviously significant concern,” she said.
Most recently, a group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.
The Home Depot also posted a note to shoppers on its website, urging them to monitor their accounts and report any suspicious activity.
Most recently, a group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.
The Home Depot also posted a note to shoppers on its website, urging them to monitor their accounts and report any suspicious activity.
Home Depot shares fell 2 percent to $91.15 on 02 Sept. 2014, marking the largest one-day decline in almost five months, after the company said it was looking into the possible breach. It also prompted credit-card companies such as Citigroup Inc. to step up efforts to protect customers.
In a separate statement Tuesday, 02.09.14, Goodwill said its customers' credit and debit card numbers had been stolen at more than 300 stores in 19 states and Washington, D.C. rom February 2013 through Aug. 14. Goodwill blamed the security lapse on an unidentified contractor's payment processing system. Reports about fraud linked to shoppers' cards have been "very limited," Goodwill said.
The company had said in July that it was investigating the breach.
List of affected Goodwill stores: www.goodwill.org/payment-card-notice
( click image to enlarge ) |
( click image to enlarge ) |
( click image to enlarge ) |
More Home Depot BREACHES:
Theft of Home Depot laptop Puts 10,000 at Risk
Several weeks ago, a Home Depot human-resources representative in Massachusetts took a laptop computer home to do some additional work and had the PC stolen from his vehicle parked in front of his house, according to a company official. The notebook stored personal information, including names, addresses and Social Security numbers of roughly 10,000 employees, she says. The data was not encrypted, but the system was password protected, she adds.
Once Home Depot investigated the theft and determined which employees' data was stored on the notebook, the company notified potential victims and is offering one year of credit monitoring for free, the official says.
"We have no reason to believe the data was the target of this theft," says the official, adding that the company has received no evidence of identity theft as a result of the incident.
Home Depot is continuing to work with law enforcement on an investigation into the theft.
RELATED:
Via:
Hackers stole security check info on at least 25,000 DHS employees
Homeland Security tallies damage from breach at USIS, and it's not pretty.
by Sean Gallagher - Aug 30, 2014 3:41 pm UTC
Employees at the Department of Homeland Security may be feeling a bit less secure about their personal data. |
On Aug. 2, Department of Homeland Security officials revealed that the agency's contractor for conducting security clearance background checks had been hacked, and an unknown number of DHS employees' personal data from those investigations had been stolen—potentially by a state-sponsored hacker. Now the DHS has a handle on how many records were stolen from contractor USIS: at least 25,000.
The Associated Press cites information from an unnamed DHS official, who spoke with the service under the condition of anonymity. "Homeland Security will soon begin notifying employees whose files were compromised and urge them to monitor their financial accounts," the Associated Press' Joce Sterman reported.
USIS is, as the Washington Post reported, the largest contract provider of background investigations to the federal government. The attack on USIS comes after the March revelation that the US Office of Personnel Management had been attacked by hackers based in China, potentially giving them access to the personal information of millions of government employees—though OPM offficials say that no personal data appeared to have been taken in the attack before it was detected.
The US Computer Emergency Response Team (US-CERT), which is part of DHS, is currently investigating the USIS breach, as are the FBI and other federal authorities. USIS was already under fire from Congress, and faces a federal whistleblower lawsuit over the alleged "dumping" of more than 600,000 background checks for security clearances—marking as complete checks that were only partially conducted. USIS was responsible for the background checks for Edward Snowden, and for Aron Alexis—the man responsible for the shootings at the Navy Yard in Washington, DC last year.
Continued Via
Security breach hit 25,000 federal workers
The estimate of Homeland Security workers affected by the breach at USIS may rise further. (WJLA) |
WASHINGTON (AP) - A Homeland Security Department official says a recent computer breach at a major government security clearance contracting firm may have affected the internal files of as many as 25,000 of the agency's workers.
The official says the estimate of Homeland Security workers affected by the breach at USIS may rise further. The official spoke on condition of anonymity in order to discuss details of an incident that is under active federal criminal investigation. Homeland Security will soon begin notifying employees whose files were compromised and urge them to monitor their financial accounts, the official said.
A USIS spokeswoman declined to comment. The company said earlier in a statement on its website that the cyberattack appeared to "have the markings of a state-sponsored attack."
The FBI is investigating.
And Via:
Security Affairs
The network of USIS compromised by a cyber attack
Internal network of USIS was compromised by a cyber attack which has exposed Government Employees’ Data. Investigators speculate on a state-sponsored attack
The USIS (U.S. Investigations Services), which provides background checks for the US government was recently hacked. This is the second data breach in a few months that threaten US government. The USIS recently acknowledged that its network was violated by a cyber attack and experts that are investigating on the case believe that the authors of the attack could be a state-sponsored hacking team.
“We are working closely with federal law enforcement authorities and have retailed an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network,” “Experts who have reviewed the facts gathered to date believe it has all the markings of a state-sponsored attack.” announced the USIS in a statement.
Early July, alleged Chinese hackers hacked the system of the Office of Personnel Management(OPM), for this reason the USIS is collaborating with the Bureau and the Department of Homeland Security (DHS) to track the authors of the attack and to estimate exactly the compromised data and the impact of the data breach.
Government offices and subcontractors are privileged targets for cyber criminals and state-sponsored hackers, last years according to official documents of The U.S. Department of Energy in different breaches employees’ and contractors’ personal information was exposed.
The DHS spokesman Peter Boogaard reported to The Hill that groups of hackers are targeting some agency which maintains employees’ information, for this reason the DHS is suggesting to the employees to monitor their financial accounts for suspicious activity and is alerting them on possible spear phishing attacks that could be arranged in the next months to steal further data from Government Offices.
According Boogaard data belonging to some DHS personnel may have been exposed, but at the time I‘m writing there is no news on the number of employee records exposed.
“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” “We are committed to ensuring our employees’ privacy and are taking steps to protect it.” Peter Boogaard said.
The journalists at The Washington Post exclude a linked between the cyber attack on USIS and the data breach suffered in March 2014 by OPM.
“The intrusion is not believed to be related to a March incident in which the OPM’s databases were hacked, said officials, some of whom spoke on the condition of anonymity because they were not authorized to speak on the record.” states the Washington Post
It’s clear that such attacks represent a serious threat for the US Government, stolen information could be used by bad actors to organize dangerous attacks to critical infrastructure of the country.
Sen. Tom Carper, chairman of the Homeland Security and Governmental Affairs Committee, declared in a statement that this kind of incidents demonstrates the importance of cyber security in Homeland security.
“This latest report of a cyber attack on the major government contractor USIS is deeply troubling and underscores the scary reality of how much of a target our sensitive information has become in cyberspace,” “It also shows how urgent it is that we reform our laws to better combat attacks from malicious actors.” he said.The USIS breach “is very troubling news,” “Americans’ personal information should always be secure, particularly when our national security is involved. An incident like this is simply unacceptable.” added said Sen. Jon Tester (D-Mont.), a Homeland Security Committee member.
It is necessary to improve security of high sensitive networks and maximize the information sharing between private companies and government entities to promptly identify cyber threats and adopt the necessary mitigation strategy.
China's Hack of 4.5 Million U.S. Medical Records? This Chart Will Make You Sick
Aug 21, 2014 7:26 PM ET
The Chinese hacking group that stole 4.5 million patient records from a Tennessee hospital chain may have gained some bragging rights from the heist, but they haven't come close to entering the ranks of the biggest breaches of all time. In fact, they haven't even cracked the top 10.
The attack has gained notoriety for its methods, rather than its size — the hacking group has been prolific in attacking U.S. medical-device companies and drug makers. The chart below shows how the Chinese breach compares with others.
\
The ranking provides little solace if you're one of the people whose personal information was stolen and used for identity theft. Yet, with security-software maker Symantec calling this the era of the "mega-breach" and some attacks hitting the nine digits, it's worth remembering that hackers have many, many other ways to obtain personal information.
MORE:
Who will be the NEXT Target? Those of Poverty?
Mikahel Love, IIO
Inside a warehouse of a thriving non-profit business that uses the poor for business |
It seems that businesses such as Home Depot, Target, Albertson's, Target, Michaels, Neiman Marcus, Sally Beauty, P.F. Chang’s China Bistro and SuperValu, as well as, some preferred banks appear to the targets, there resides a mountain of personal data including Social Security numbers, bank account info and even drivers license details held in insecure and vulnerable so-called non-profits: Food Banks and Food Pantries.
These so-called non-profit businesses have been collecting personal details for some time now. With investigating into how secure those of poverty details are, we found that security seemed to be brushed off and/or at most, bare security features were being used.
Although, one wouldn't think that a person who must go to a Food Bank and/or Food Pantry for what to eat would have huge amounts of money and/or assets on hand to steal, there are a multitude of other reasons why identity theft takes place: elections; travel; committing a crime to implicate another ...
It appears there exist hardly any security safe-guards in place to protect identity theft of those who MUST surrender personal details to eat: The abused and/or those of poverty in the U.S..
Not one food pantry expressed any law in place that commanded them to make clients surrender their personal details as they would when applying for a loan, government assistance, etc.
Could it be that Food Pantries and Food Banks are a cloaked arm of government?
DO NOT rely upon governments and/or others to safe-guard your personal details. YOU must be vigilant. |
More:
500
you shouldn't be using:
Mikhael Love, IIO
While it's not entirely sure how the recent theft of several celebrities’ private photos was carried out, the leading theory places the blame on a vulnerability in iCloud, Apple’s Internet storage system.
Specifically, one such theory goes, the hacker (or hackers) was able to nail down the iCloud passwords of the celeb victims and root around in their Apple storage lockers after gaining access. The responsible party may have used a tool called iBrute, according to The Daily Dot, which exploited a (since-fixed) iCloud bug that allowed a forced digital entry by guessing several common passwords until the correct one unlocked the front door.
It hasn’t been confirmed that iBrute was used; the tool’s creator sees no evidence that it was, but concedes that it’s possible. iBrute used 500 of the most common passwords that were leaked from a service called RockYou, which leaked out 32 million usernames and passwords way back in 2009; the tool’s creators posted those passwords in a long list on the developer site GitHub.
Listed below are 500 common passwords below. The passwords that iBrute worked with included one capital letter and one number, so old standbys like “password” and “iloveyou” do not appear here.
Even though these passwords are from 2009, the Great Celebrity Hack of 2014 serves as another reminder that if you use any of the following 500 passwords on any service, it’s way past time for a change.
Oh yes, and while you’re at it, you should make sure that you have two-factor authentication enabled on any account that offers it, and make sure you’re using as strong a password as possible. And remember, "Think SMART when developing a PASSWORD!
( click image to enlarge ) |
|
|
No comments:
Post a Comment