Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Fresh Target Breach Cards Hitting Black Market

A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:32:37 AM
Re: Not Only Credit Cards
The Microsoft scam support call is amusing to think about, someone actually thinks that by making such calls and investing time and money consumers are going to fall prey to the scam. The scary bit is that they are still operational, which means that they are people falling for the scam -- generating revenue. Otherwise they would not be attempting such a scam. The idea that a company will provide a high level of customer support is appealing to customers, but from the article we can see that when support and protection requires investment then firms choose the wait-and-see approach (risk management).
asksqn
50%
50%
asksqn,
User Rank: Ninja
3/1/2014 | 7:10:12 PM
Target Breach: the gift that keeps giving
The really galling thing about this latest breach is that this kind of theft can be nixed if the credit card industry (and those biz that accept plastic) would simply upgrade its current PCI DSS to the same standard Europe uses. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
3/1/2014 | 1:57:03 PM
Re: Not Only Credit Cards

This is scary. The level of "service" that Valid Shop is offering is a bit disturbing. I guess that even illegal marketplaces need to serve their customers well, or else people will not pay them. 

This is another unfortunate example of people using bitcoin for nefarious purposes. Bitcoin has many positive aspects, but its pseudononymous nature is causing it to be used as a tool for criminality. 

Mathew
50%
50%
Mathew,
User Rank: Apprentice
2/28/2014 | 6:47:04 PM
Re: Bottom line advice?
Yes. If I'd shopped at Target during the breach window -- which I didn't -- and used a credit/debit card, I'd call the card issuer and demand a new card number. Failing that, I'd threaten to cancel the account, or change banks.

However long that new-card process takes, it's a good bet it will equal a lot less time than dealing with the mess caused by any resulting ID theft.
Jim Donahue
50%
50%
Jim Donahue,
User Rank: Apprentice
2/28/2014 | 2:31:14 PM
Targeted
I got my first direct communication from Target about this situation only this week! That is remarkably bad.


Given I used only my Target card at the store during the affected time frame--not a general credit card--I can pretty easly keep tabs on how the card is being used, so I'm not terribly concerned. But I am surprised Target hasn't canceled its cards and issued new ones.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
2/28/2014 | 2:29:33 PM
Bottom line advice?
So the bottom line, Mat, is if you shopped at Target during the timeframe in question, you should insist now on a new card?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
2/28/2014 | 1:04:31 PM
Not Only Credit Cards
In the past week, I received a call about my "Microsoft Windows software" and another from "XYZ Bank's collection agency." Both, of course, were scams. I laughed at the first guy but was a bit concerned for a couple of minutes by the voicemail from the second until commonsense kicked in.
<<   <   Page 2 / 2
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...