Most people's DNS queries – by which browsers and other software resolve domain names into IP addresses – remain unprotected while flowing over the internet.…
Comment The hacking world's summer camp has ended. The last of the Black Hat USA, BSides Las Vegas, and DEF CON attendees and organizers have now left Sin City after a week of lectures, networking, and partying.…
You’ve loved, shaped, and equipped your child to succeed in college and move in day is finally here. But there’s still one variable that can turn your child’s freshman year upside down, and that’s technology.
That’s right, that essential laptop and indispensable smartphone your child owns could also prove to be his or her biggest headache if not secured and used responsibly. College students can be targets of identity theft, malware, online scams, credit card fraud, property theft, and internet addiction.
The other part of this new equation? You, parent, are no longer in the picture. Your child is now 100% on his or her own. Equipping time is over. Weekly tech monitoring and family chats are in the rearview mirror. Will they succeed? Of course, they will. But one last parenting chat on safety sure can’t hurt. Here are a couple of reminders to share with your college-bound kids.
1. Minimize use of public computers. Campuses rely on shared computers. Because campus networks aren’t always secure, this can open you up to identity theft. If you have to log on to a public computer be it a cafe, library, or lab, be sure to change any passwords each time you return. If you are working with a study group, don’t share passwords. Public devices can be prone to hackers seeking to steal login credentials and credit card numbers. If you do use public devices, get in the habit of browsing in the privacy mode. Clear browser history, cookies, and quit all applications before logging off.
2. Beware when shopping online. Online shopping is often the easiest way for students to purchase essentials. Be sure to use a secure internet connection when hitting that “purchase” button. Reputable sites encrypt data during transactions by using SSL technologies. Look for the tiny padlock icon in the address bar or a URL that begins with “https” (the “s” stands for secure) instead of “http.” Examine the site and look for misspellings, inconsistencies. Go with your instincts if you think a website is bogus, don’t risk the purchase. Online credit card fraud is on the rise, so beware.
3. Guard your privacy. College is a tough place to learn that not all people are trustworthy — even those who appear to be friends. Sadly, many kids learn about online theft the hard way. Never share passwords, credit card numbers, or student ID numbers. Be aware of shoulder surfing which is when someone peers over your shoulder to see what’s on your computer screen. Avoid leaving computer screens open in dorm rooms or libraries where anyone can check your browsing history, use an open screen, or access financial information. Also, never lend your laptop or tablet to someone else since it houses personal information and make sure that all of your screens are password protected.
4. Beware of campus crooks. Thieves troll college campuses looking for opportunities to steal smartphones, laptops, wearables, and tablets for personal use or resale. Don’t carry your tech around uncased or leave it unguarded. Conceal it in a backpack. Even if you feel comfortable in your new community, don’t leave your phone even for a few seconds to pick up your food or coffee at a nearby counter. If you are in the library or study lab and need a bathroom break, take your laptop with you. Thieves are swift, and you don’t want to lose a semester’s worth of work in a matter of seconds.
5. Use public Wi-Fi with caution. Everyone loves to meet at the coffee shop for study sessions — and that includes hackers. Yes, it’s convenient, but use public Wi-Fi with care. Consider using VPN software, which creates a secure private network and blocks people from accessing your laptop or activity. To protect yourself, be sure to change your passwords often. This is easy if you use a free password manager like True Key.
6. Social media = productivity killer. Be aware of your online time. Mindless surfing, internet games, and excessive video gaming with roommates can have an adverse effect on your grades as well as your mental health. Use online website blockers to help protect your study time.
7. Social media = career killer. We can all agree: College is a blast. However, keep the party photos and inappropriate captions offline. Your career will thank you. Remember: Most everything you do today is being captured or recorded – even if you’re not the one with the camera. The internet is forever, and a long-forgotten photo can make it’s way back around when you least expect it.
8. Don’t get too comfortable too fast. Until you understand who you can trust in your new community, consider locking your social media accounts. Disable GPS on mobile apps for security, don’t share home and dorm addresses, email, or phone numbers. While it may be the farthest thing from your mind right now — campus stalking case are real.
The post College Bound? 7 Important Technology Habits for Students appeared first on McAfee Blogs.
Roundup It's time for another rapid roundup of computer security news beyond what we've already reported.…
This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security!
Full Show Notes: https://wiki.securityweekly.com/Episode571
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Updated If you were at BSides Manchester in England this week, you hopefully caught James Williams' presentation on the shortcomings of some commercial antivirus tools.…
Black Hat If you want to avoid the cops, or watch deliveries and call-outs by trucks and another vehicles in real-time, well, there's potentially not a lot stopping you.…
On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries.
The FBI put out its alert on Friday, Aug. 10. The criminals who hacked into Pune, India-based Cosmos Bank executed their two-pronged heist the following day, sending co-conspirators to fan out and withdraw a total of about $11.5 million from ATMs in 28 countries.
The FBI warned it had intelligence indicating that criminals had breached an unknown payment provider’s network with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.
Organized cybercrime gangs that coordinate these so-called “unlimited attacks” typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum withdrawal amounts and any limits on the number of customer ATM transactions daily.
The perpetrators alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.
My story about the FBI alert was breaking news on Sunday, but it was just a day short of useful to financial institutions impacted by the breach and associated ATM cashout blitz.
But according to Indian news outlet Dailypionneer.com, there was a second attack carried out on August 13, when the Cosmos Bank hackers transferred nearly $2 million to the account of ALM Trading Limited at Hang Seng Bank in Hong Kong.
“The bank came to know about the malware attack on its debit card payment system on August 11, when it was observed that unusually repeated transactions were taking place through ATM VISA and Rupay Card for nearly two hours,” writes TN Raghunatha for the Daily Pioneer.
Cosmos Bank was quick to point out that the attackers did not access systems tied to customer accounts, and that the money taken was from the bank’s operating accounts. The 112-year-old bank blamed the attack on “a switch which is operative for the payment gateway of VISA/Rupay Debit card and not on the core banking system of the bank, the customers’ accounts and the balances are not at all affected.”
Visa issued a statement saying it was aware of the compromise affecting a client financial institution in India.
“Our systems were able to identify the issue quickly, enabling the financial institution to take appropriate action,” the company said. “Visa is working closely with the client in supporting their ongoing investigations on the matter.”
The FBI said these types of ATM cashouts are most common at smaller financial institutions that may not have sufficient resources dedicated to staying up to date with the latest security measures for handling payment card data.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert read. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
In July 2018, KrebsOnSecurity broke the news of two separate cyber break-ins at tiny National Bank of Blacksburg in Virginia in a span of just eight months that led to ATM cashouts netting thieves more than $2.4 million. The Blacksburg bank is now suing its insurance provider for refusing to fully cover the loss.
As reported by Reuters, Cosmos Bank said in a press statement that its main banking software receives debit card payment requests via a “switching system” that was bypassed in the attack. “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” the bank said.
Translation: If a financial institution is not fully encrypting its payment processing network, this can allow intruders with access to the network to divert and/or alter the response that gets sent when an ATM transaction is requested. In one such scenario, the network might say a given transaction should be declined, but thieves could still switch the signal for that ATM transaction from “declined” to “approved.”
One final note: Several news outlets have confused the attack that hit Cosmos Bank with another ATM crime called “jackpotting,” which requires thieves to have physical access to the inside of the cash machine and the ability to install malicious software that makes the ATM spit out large chunks of cash at once. Like ATM cashouts/unlimited operations, jackpotting attacks do not directly affect customer accounts but instead drain ATMs of currency.
Update, 8:10 p.m. ET: An earlier version of this story incorrectly stated that there were only 25 ATMs used in the cashout against Cosmos. The figure was meant to represent the number of countries with ATMs that were used in the heist, not ATMs, and that number is 28 at last count.