Tesco Shares Fall After Cyber Attack at its Online Banking
Group Hits 40,000 Customers
… "Tesco Bank
can confirm that, over the weekend, some of its customers' current accounts
have been subject to online criminal activity, in some cases resulting in money
being withdrawn fraudulently," Tesco Bank CEO Benny Higgins said in a
statement.
Wholly-owned Tesco Bank, which has 136,000 current
accounts, has frozen all online banking transactions from current accounts and
said it would refund those which had money stolen. Customers will be allowed to use cards to
withdraw cash and to make payments, Higgins said.
Undue reliance on emails?
How would you prevent this from happening at your organization?
Charles Lussier reports:
The top business manager for the
East Baton Rouge Parish school system fell for an unsophisticated con, wiring
$46,500 to someone who claimed via email to be Superintendent Warren Drake, even though the man himself was working in an office
next door.
The school system on Thursday
disclosed the fraud known as “phishing,” which occurred twice in May. The details are outlined in a special audit,
received late Thursday from the auditing firm Postlethwaite & Netterville,
that examines what happened and suggests ways to prevent it from happening
again.
Read more on The
Advocate.
(Related) Perhaps
another procedure needs questioning?
It sounds like such a simple question that should have an
obvious “yes” answer, but you might be surprised to see what happens when
hackers taunt social media teams about hacks. It’s an issue I’ve mentioned before:
NullCrew revealed that they had
access to Bell’s server for months, and had disclosed that to them in a chat
with Bell Support weeks ago. A screenshot
of the chat between NullCrew and Bell Support employee “Derek” shows that
NullCrew was informing Bell that they were in possession of users’ information
— DataBreaches.net,
February 2, 2014.
If your business has a Twitter
account, do those responsible for it know how to respond to tweets informing
them of a data security breach? — DataBreaches.net,
August 24, 2015.
Last night, it happened again: a well-intentioned social
media team on Twitter did not appear to understand that they were being told
they had been hacked. USAA’s Twitter
team’s responses left people variously laughing at them, mocking them, or
if they were a customer, worried for the security of their information.
Here was how the exchange began:
[Read the
whole sorry mess. Bob]
For my Smartphone using students. Hackers have a great grasp of the
obvious.
Via
The New York Times, hundreds of fake shopping apps have been hitting
the App Store in the last few weeks, stealing recognizable brand names and
logos, in an attempt to confuse App Store customers to download their
counterfeit apps instead of the real thing. The fraudsters are attempting to
capitalize on the holiday shopping season.
… App
Review fails to recognize most cases of trademark infringement (or it
simply doesn’t look for such issues at all) which allows fake apps like these
ones to appear in the App Store.
The fraudsters can then capitalize on their victims
by encouraging customers to buy the ‘real’ branded products with credit cards,
thereby stealing their financial information. (Apps that sell physical goods are allowed to
request users to provide payment details, bypassing the usual protections and safeguards of Apple’s
sanctioned In-App Purchase system.)
“It’s a lightbulb!
We don’t need to secure it!”
Hackers hijack Philips Hue lights with a drone
Surprise! The Internet of Things is a security
nightmare. Anyone who was online a
few weeks ago can attest to that. The
massive internet blackout was caused by
connected devices, and new research from white-hat hackers expounds upon
those types of vulnerabilities. The
target? Philips Hue smart lightbulbs. While they've been hacked
in the past, Philips was quick to point out that it happening in a
real-world situation would be pretty difficult. Digital intruders would need to already be on
your home network with a computer of their own -- the company claimed that
directly attacking the lightbulbs wasn't exactly feasible. But this
new attack doesn't require that sort of access.
In fact, all it takes is tricking the bulbs into accepting
a nefarious firmware update. By
exploiting a weakness in the Touchlink aspect of the ZigBee Light Link system (again!),
the hackers were able to bypass the built-in safeguards against remote access. From there, they "extracted the global
AES-CCM key" that the manufacturer uses to encrypt and authenticate new
firmware, the researchers write
(PDF).
"The malicious firmware can disable additional downloads,
and thus any effect caused by the worm, blackout, constant flickering, etc.)
will be permanent." What's more,
the attack is a worm, and can jump from connected device to connected device
through the air. It could potentially
knock out an entire city with just one infected bulb at the root "within
minutes."
At least it won’t be in your pocket when it blows.
If you own a Samsung washing machine, then be afraid, be
very afraid. Samsung is being forced to
recall 2.8 million of its washing machines due to the possibility of them
shaking themselves apart. Or, to put it
another way, exploding. Sound familiar?
Let’s not bury the lede here. Samsung is recalling 2.8 million washing machines in the
United States. The voluntary recall,
made in cooperation with the Consumer Product Safety Commission (CPSC), affects
“certain top-load washers manufactured between March 2011 and current
production dates”.
Model or anti-model? What can we learn?
China Adopts Cybersecurity Law Despite Foreign Opposition
… The Cyber
Security Law was passed by the Standing Committee of the National People’s
Congress, China’s top legislature, and will take effect in June, government
officials said Monday. Among other
things, it requires internet operators to cooperate with investigations
involving crime and national security, and imposes mandatory testing and certification of computer equipment. [No exploding
phones in China? Bob] Companies must also give government
investigators full access to their data if wrong-doing is suspected
… The fear among
foreign companies is that requirements to store data locally and employ only
technology deemed “secure” means local firms gain yet another edge over foreign
rivals from Microsoft Corp. to Cisco System Inc.
I pass these on to all my students in the hope that they
get filthy rich and remember who gave them the idea…
These guys built a $273 million startup from discarded
computers and an almost secret source of seed money
Founded in 2010 by CEO Mohit Lad and CTO Ricardo
Oliveira from their grad school work at UCLA, ThousandEyes helps ensure that
when bits of the internet go down, companies can avoid being taken down
too — even if the problem is on the internet and out of their control.
… And it all began
with a bunch of computer servers that the founders scrounged out of big
corporate electronics recycling bins and from a second-hand computer store in
Sunnyvale known as Weird Stuff.
… "We could
go to Sand Hill road and spend months trying to raise money, or we could try to
build a product and really get it off the ground and get customers. We chose the latter route and in hindsight it
was one of the best decisions we made," Lad said.
Instead, they applied for a grant from the National
Science Foundation. That's such
an unusual way to raise funds in the Valley that
Lad wrote a blog post explaining it.
"If
you have an idea which is high risk, that has a lot of R&D, the NSF tends
to like it," Lad told us.
Suspiciouser and suspiciouser. Note that “We haven’t changed our mind” is in
some papers being reported as “Clinton exonerated!” And I’ll wager that most of the emails had to
do with preparing to campaign for president.
James
Comey: FBI has 'not changed its conclusions' on Clinton's email server since
July decision
… A senior law
enforcement official told NBC News that the FBI's review of the thousands of
emails on the Anthony Weiner laptop concluded that nearly all were duplicates
of emails previously seen by FBI agents investigating the email server.
Jumping the gun on “the election was rigged?” There seems to be no hard evidence to support
the headline. But, did anyone not
working for Trump actually look?
Election Fraud in Broward County: Officials Caught Ballot
Stuffing, Destroying Ballots
According to multiple sources and witnesses, Broward
County Supervisor of Elections Brenda Snipes and employees are engaging in mass
voter fraud in multiple forms
… It has been
widely reported that black turnout in the state–and in other battleground
states such as North Carolina and Ohio–is way down from 2012 levels. In the past few days, the Clinton campaign and
their Democratic surrogates have been touting “a surge” in turnout among black
voters in Broward County, which is overseen by Snipes. [Are
ballots in Florida marked “Black Voter?”
How else would they know? Bob]
… Sources confirm Snipes
was breaking the law and opened more than 153,000 ballots cast
by mail in private, claiming employees were tearing up and disposing of
those that were votes in support of Donald J. Trump. The law prohibits the opening of ballots
without the supervision of a canvassing board appointed to oversee and certify
elections precisely because of this possibility.
Free is good! Several, actually.
Visio may be the industry standard in the corporate world,
but it comes with a huge drawback: it’s expensive ($299 for the standard
version as of this writing). Can’t
afford that? Then you’ll be happy to
know that several open source alternatives exist for the low, low price of
FREE.
Perhaps you could have the Billy Bass sing it for
you? (See yesterday’s blog)
Have you ever wanted to arrive home to a personal welcome?
With a Raspberry Pi and a few simple
components, you can! In this simple
project we’ll use a reed switch to trigger a theme tune when a door is opened. We shall be using a Raspberry Pi as the
controller here, though you could use almost any other microcontroller for this project using the same
circuit.
A Donald Trump inspired drone?
No comments:
Post a Comment