Like many breach victims, Sonic did not detect
their own breach.
Fast-food
chain Sonic notified of unusual credit card activity
Sonic Corp said Tuesday that its credit card
processor notified the company of unusual credit card activity at its
drive-in restaurants.
The chain was informed that the activity could
have affected a number of its payment systems, according to Reuters.
The news was first reported by security blog,
KrebsonSecurity,
who also claimed that the activity could have led to massive amounts
of stolen credit and debit card numbers.
Sonic has more than 3,600 locations in 45 states
across America, but there is no word yet on how many people may have
possibly been affected.
Crime is becoming automated and therefore easier.
Europol
Warns Banks ATM Cyber Attacks on the Rise
… Previously
criminals used physical 'skimming' devices or USB sticks or CDs to
install malware
within ATMs but since 2015 "a new and unnerving trend... has
been picking up speed," Europol said in a 40-page report
on the latest ATM crime trends.
"The criminals have realised that not only
can ATMs be physically attacked, but it is also very possible for
these machines to be accessed through the (bank's) network," the
report said, which was published in conjunction with the Trend Micro
security software company.
One of the tricks used by hackers is to send a
so-called phishing email to bank employees which once opened,
contains software to penetrate the bank's internal computer network.
Once the ATM has been targeted and told to
dispense the money "standby money
'mules' will pick up the cash and go."
We need an App. We’ll worry about security when
and if it bites us?
Top stock-trading mobile apps have security
problems that are easy to uncover and exploit, to the point that they
could be used to hijack accounts or profile victims for other types
of crime, according to new research.
Alejandro Hernandez at IOActive looked at 21 top
trading apps, including TD Ameritrade, Charles Schwab, E-Trade,
Fidelity and others.
“It’s certainly worse than I was expecting,”
he told The Hill.
Twelve of the 21 apps did not validate the
security certificate for, making it possible for an attacker to
eavesdrop or even alter logins or transactions.
Two did not use encryption at all.
All but one of the apps would operate on a phone
that had been “rooted,” meaning that core permissions for who
could have full access to the phone. Banking apps commonly will not
operate on rooted phones.
Many apps saved passwords and account data in
unencrypted text on the phone, placed data that should be kept secret
into the source code in ways attackers could find it or contained
other security flaws.
Should you assume this is happening in all Chinese
(and other) Apps?
Android App
Siphons Data on 200 Million Users
A
popular Android keyboard application with over 200 million downloads
was found gathering user information sending the data a remote
server, Adguard reveals.
The
offending application, GO
Keyboard,
has two versions available in Google Play, namely GO
Keyboard - Emoji keyboard, Swipe input, GIFs and
GO Keyboard - Emoticon keyboard, Free Theme, GIF,
each with over 100 million downloads to date.
The
keyboard is developed by Chinese firm GOMO, which has numerous
applications in the mobile app store, under two developer accounts,
namely GOMO
Dev Team and GOMO
Apps.
According
to Adguard security researchers, the applications were designed to
siphon a large amount of user data, including Google account
emails, device language, IMSI, location, network type, screen size,
Android version and build, and device model.
The
data is gathered and sent to a remote server without explicit user
consent, the researchers reveal. Furthermore, the practice also
contradicts the application’s privacy policy, which claims that the
software will never collect user personal information.
I suppose this will help them find terrorists who
talk a lot about being a terrorist, but what about those who don’t?
The Department of Homeland Security has moved to
collect social media information on all immigrants, including
permanent residents and naturalized citizens.
A new
rule published in the Federal Register last week calls to include
"social media handles and aliases, associated identifiable
information and search results" in the department's immigrant
files.
BuzzFeed
News first reported the new rule on Monday. It is set to go into
effect on Oct. 18 after a public comment period.
Will this mean fewer, but more understandable
Tweets from President Trump? Somehow, I doubt it.
Twitter
just doubled the character limit for tweets to 280
… Twitter said
today that it has started testing 280-character tweets, doubling
the previous character limit, in an effort to help users be more
expressive. “Our research shows us that the character limit is a
major cause of frustration for people tweeting in English,” the
company said in a blog post. “When people don’t have to cram
their thoughts into 140 characters and actually have some to spare,
we see more people Tweeting — which is awesome!”
(Related).
How to
tweet with 280 characters right now
Strange and interesting.
The Coming
Software Apocalypse
A small group of programmers
wants to change how we code—before catastrophe strikes.
There were six hours during the night of April 10,
2014, when the entire population of Washington State had no 911
service. People who called for help got a busy signal. One Seattle
woman dialed 911 at least 37 times while a stranger was trying to
break into her house. When he finally crawled into her living room
through a window, she picked up a kitchen knife. The man fled.
The 911 outage, at the time the largest ever
reported, was traced to software running on a server in Englewood,
Colorado. Operated by a systems provider named Intrado, the
server kept a running counter of how many calls it had routed to 911
dispatchers around the country. Intrado programmers had set a
threshold for how high the counter could go. They picked a number in
the millions.
Shortly before midnight on April 10, the counter
exceeded that number, resulting in chaos. Because the counter was
used to generating a unique identifier for each call, new calls were
rejected. And because the programmers hadn’t anticipated the
problem, they hadn’t created alarms to call attention to it.
… software becomes unruly because the media
for describing what software should do—conversations,
prose descriptions, drawings on a sheet of paper—are too different
from the media describing what software does do, namely,
code itself. Too much is lost going from one to the other.
For the student toolkit.
Do you need to digitize any printed text so you
can maintain a soft copy of it? After all, there are a lot of
advantages
to going paperless. If so, all you need is an optical character
recognition (OCR) tool.
We’ve covered several online
OCR tools in the past, but nothing really beats the convenience
of being able to digitize documents right from your Android phone.
No comments:
Post a Comment