NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.
They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.
TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.
TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards.read more
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).
But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.read more
Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.read more
I found more interesting articles for this week’s List, some of them guaranteed to make you think twice!
Whatever happened to positively identifying your target?
I’m not sure where to start with this article, but I’ll boil it down to this: Just because an alarm goes off doesn’t mean there’s a threat, and blindly firing through a closed door without first ascertaining an actual threat is irresponsible in the extreme.
Speaking of stupid self defense tricks…
It’s been my observation that only a very small percentage of gun owners think deeply about this business of shooting another person. By that, I mean beyond the aspects of sight picture and trigger press.
What brought this to mind were the reactions of people to a recent story out of Oklahoma.
A landowner’s tale
It seems the owner of a vacant home had tired of people breaking into his empty house and developed the habit of frequently checking …
The post “Justifiable” isn’t the same thing as “desirable”. appeared first on www.GrantCunningham.com.read more
Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.
This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a “confusingly worded typed letter with occasional Chinese characters.”read more
Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.
The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.
The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security.read more
I haven’t let this heat wave stop me from gathering more great self defense and preparedness articles for you! (Now, where did that iced tea go…)
The gun shouldn’t be the first thing you grab
“I don’t need to identify my target, because I can tell my girlfriend’s steps from an intruder in the dark”. Someone actually told me that, in explanation for not having a flashlight with his home defense gun. I offer this article as counterpoint, …
Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its cybersecurity insurance provider for refusing to fully cover the losses.read more
The great physicist Werner Heisenberg is responsible for describing a very interesting phenomenon in quantum physics: our observations effect the behavior of quanta (quantum particles). In other words, by simply observing an experiment, it’s possible that we inadvertently change the outcome.
Quantum physics gets really weird after that, but this is as far we need to go. For now.
Doing it means you won’t need to do it
Heisenberg described something similar to what I’ve observed over the years …
The post Self defense, quantum physics, and negative outcomes appeared first on www.GrantCunningham.com.read more