Home · Security

FBI Warns Tech Companies of State-Sponsored China Hackers

Hackers affiliated with the Chinese government have heavily targeted makers of microchips, computer networking equipment and data storage services to steal company secrets, the Federal Bureau of Investigation said.

The FBI sent a warning to companies yesterday, telling them that “these state-sponsored hackers are exceedingly stealthy and agile” and have used customized malicious code that was undetected by security researchers and law enforcement. More...

10-17-2014 15:39

JPMorgan Password Leads Hackers to 76 Million Households

Hackers exploited an employee password to crack a JPMorgan Chase & Co. (JPM) server and ultimately pull off one of the largest cyber-attacks ever, accessing data on 76 million households and 7 million small businesses.

JPMorgan, the largest U.S. bank, outlined the scope of the previously disclosed breach yesterday, reassuring clients there’s still no evidence account numbers and passwords were compromised, even as names and contact data were exposed. People who logged on to certain websites or mobile apps had contact information stolen, the New York-based company said.

The bank has been struggling to head off damage since the incident, first reported by Bloomberg News in August. New details on how attackers accomplished the feat over months, including their initial entry, were provided by two people briefed on the investigation, who requested anonymity because it’s private. JPMorgan said the threat now is phishing, in which criminals try to trick people into handing over more valuable data, such as user IDs and passwords. More...

10-03-2014 17:22

Home Depot breach a near certainty, yet Backoff remains a question

Home Depot has not yet confirmed that a slew of fraudulent transactions came from a breach of its systems, yet an increasing body of evidence is mounting that points to a massive compromise linked to the home-supply retail chain. Financial institutions first detected the suspected breach when a wave of fraudulent transactions on cards had been used at Home Depot. On Wednesday, journalist and blogger Brian Krebs, who originally broke the story, analyzed the zip codes of a recent batch of stolen cards offered for sale on the underground and found a 99 percent match with the locations of Home Depot's stores.

Such a correlation is a "smoking gun," Lucas Zaichkowsky, enterprise defense architect at AccessData, a digital forensics and security services firm, said in an e-mail interview. Whether Home Depot has been breached is no longer a question, he said.

"The bigger question is why Home Depot didn’t detect the attackers as they maneuvered from their initial entry point past multiple layers of defense, performing internal reconnaissance and escalating privileges in the process," Zaichkowsky said. More...

09-05-2014 05:40