logo
logo
logo
logo
Mahendra Patel 2021-11-11
img

After Covid–19 most financial institutions and consumers have been moving steadily toward digitalization.

The mass adoption of online services and apps permits more people to use services that they may in any other case not have access to without in-person engagement.

However, this creates new opportunities for fraud and threats.

Due to which banking and financial institutions have been hit particularly hard by fraudsters.To fight back, financial institutions must adopt stronger threat detection and prevention measures to mitigate risk.

Below are some of the trendy strategies fraudsters are using to take advantage of digital onboarding and a few key steps financial institutions can take to protect themselves and their customers.In many ways, the modern online environment is a financial fraudster’s dream.

Plus, the explosion of ransomware attacks has flooded the dark web with extraordinary amounts of stolen client information and personally identifiable information (PII).

collect
0
Jerry Smith 2017-01-26
img

The service, which launched in late 2015, allows Amazon Prime members to add on-demand video subscriptions from premium networks like Showtime and Starz, international services like Acorn TV and DramaFever, and streaming-only offerings like AMC s Shudder and NBC s Seeso.

Amazon Channels isn t exactly a la carte nirvana—there are no live channel feeds, and no basic cable offerings like FX and Comedy Central—but it does help make streaming video less chaotic.

Each channel integrates with Amazon s existing video apps and Fire TV devices, and ties into a single billing mechanism that, unlike cable, lets users add and drop channels at will.

Amazon now offers more than 100 channels, up from 75 in November, including HBO and Cinemax, which signed on last month.

I jumped on the phone with Michael Paull, Amazon s vice president of digital video, to find out.

Although Amazon Channels removes some of streaming-video s billing headaches, and might spare you from jumping between so many separate apps, subscribing to multiple channels won t save you any money.

collect
0
Howard Marsh 2017-09-04
img

The hackers responsible for scraping the personal information from some six million Instagram accounts have now reportedly put the information up for sale.

A searchable database of the affected accounts called Doxagram has been created by the hackers allowing anything to see if they’ve been affected.

Naturally there’s a catch, a single search will cost you $10.

To prove the authenticity of information, The Daily Beast were actually able to open a dialogue with the hackers and were sent 1,000 accounts as a sample.

The site then compared the personal information which includes email addresses and phone numbers with what is already available online.

While Doxagram is currently offline, there’s no telling on whether it will be reinstated or what the hackers next steps are for the information.

collect
0
Albert Hummel 2017-12-04
img

Canadian outfit TIO acquired in Feb 'fesses up to unauthorized access

PayPal has “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.”

The good news ist that PayPal is not to blame for the likely leak.

Fault can instead be ascribed to TIO Networks, a Canadian payments outfit that PayPal paid US$233m to acquire in February 2017.

That deal closed in July 2017 and PayPal has since reviewed TIO's systems and turned up problems that saw it suspend TIO's operations on November 10th, 2017.

TIO's canned statement stated those efforts “uncovered evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers.”

collect
0
Mark Maynard 2017-09-20
img

Just as you do regular maintenance on your car, or home, and you go to the doctor just for a check-up, there are little habits you should form to keep your online life as safe and healthy as possible.

1) Check and change your passwords

Should one of your password and username combinations make it out on to the web at large, it’s going to cause you far less concern if you’ve changed your password since the leak happened—it might seem like a chore but if you focus on four or five key accounts you can make yourself significantly safer in return for a few minutes of admin every month.

If you struggle to remember password combinations then there are a trove of excellent password managers to pick from that will do the job for you—we’ve written about some of them here—and you can even get secure passwords generated for you if you prefer.

2) Check your account and device activity

Just about every online account in existence now has ways of letting you look up recent activity related to your account—for Facebook it’s here, for Twitter it’s here, for Google it’s here, and so on.

collect
0
Toby Taft 2017-10-24
img

The COPPA rule prevents kids from having their personal information hoovered up and distributed online the way adults often consent to.

Verifiable parental consent is required if that information is to be collected — but the FTC has just relaxed the rule just enough that common tasks like searches can be done for kids without risk to the operator.

The issue was that, under the current rules, any audio from a kid is considered as being “collected” — which isn’t a problem if it’s in the Sesame Street app or something, where parents will have already consented to its use.

But what at some random time a kid is saying “call 911!” or trying to turn off the music?

Should Amazon or Apple wait to get consent from the parents before carrying out these tasks?

In a guidance statement issued today, the FTC said “no,” cutting out simple interactions like this from the COPPA requirements.

collect
0
Ed Furnace 2017-09-24
img

The breach of the credit monitoring firm Equifax, which exposed extensive personal data for 143 million people, is the worst corporate data breach to date.

Three weeks since the company first publicly disclosed the situation, a steady stream of gaffes and revelations paint a picture of Equifax's deeply lacking response to catastrophe.

The site also seemed slapdash, even though Equifax says it learned about the mega-breach at the end of July, and took roughly six weeks to disclose it.

"There should have been a very comprehensive set of policies and procedures for what to do to respond," says Jonathan Bernstein, the president of Bernstein Crisis Management, which works on institutional response to all sorts of disasters including data breaches.

They made the situation worse."

In the weeks since Equifax disclosed the breach, the company's official Twitter account has mistakenly tweeted a phishing link four times, instead of the company's actual breach response page.

collect
0
Jennifer Ervin 2017-07-07
img

Unprotected AWS server lets anyone get up close and personal with WWE customer data

A data leak at World Wrestling Entertainment (WWE) has left the personal data of over three million fans exposed online and at risk of theft.

Security firm Krontech has revealed that one of its researchers discovered an unprotected database that contained a plethora of customer information, including home and email addresses, dates of birth, financial earnings and genders.

According to researcher Bob Dyachenko, the unencrypted database was stored on an AWS S3 server with no password protection, meaning it was able to be accessed by anyone who knew the web address.

Speaking to Forbes, Dyachenko suggested that the server was likely misconfigured by either WWE itself or an IT partner.

He added that, although it is unclear which branch of the WWE Corporation the database belongs to, the presence of social media tracking data suggests that it probably came from one of the organisation’s marketing teams.

collect
0
Clifford Ketcham 2017-09-15
img

Beleaguered Equifax, the credit-reporting company that let criminals access Americans’ most-sensitive personal information, has turfed two high executives as a result of the data breach.

Meanwhile, it’s been revealed that the hackers used a vulnerability that Equifax knew about or should have known about before the breach occurred.

On Sept. 15, the company announced that chief information officer David Webb was retiring, with Mark Rohrwasser appointed as interim CIO.

Get tech news in your inbox weekday mornings.

Sign up for the free Good Morning Silicon Valley newsletter.

The shakeup followed the revelation Sept. 7 that personal information for up to 143 million Americans had been accessed by criminal hackers, with exposed data including names, Social Security numbers, birth dates and addresses — enough for identity thieves to loot bank accounts and take credit out in other people’s names, experts have said.

collect
0
Manuel Scarborough 2017-08-31
img

Care requirements database held details of 3,000 service users on passwordless portal

A UK council has been fined £70,000 for leaving vulnerable people's personal information exposed online for five years.

Nottinghamshire County Council posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory that was left accessible to world+dog.

No usernames, passwords or any other access controls limited access to the sensitive information.

Although the service users' names were not included, a determined person would have been able to identify them.

The screw-up was only discovered when a member of the public inadvertently stumbled on the data using nothing more sophisticated than a search engine query.

collect
0
Charles Pete 2018-08-02
img

Reddit knew of ‘security incident’ since 19 June but only alerted users more than a month later

More than a month since it happened, Reddit has this week confirmed that it has suffered what it is calling a ‘security incident’.

It said that a “hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.”

But the social news site has not disclosed the scale of the compromise and how many people have been affected.

“On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers,” it said.

It should be noted that this is not the first time that the social news site has suffered a cyber attack.

collect
0
Brad Patterson 2018-04-23
img

The personal data of people who have ordered food delivery is readily available for sale via several channels, investigative reporting by The Beijing News has discovered (in Chinese).

Data on offer includes information such as name, phone number, address of thousands of orderers per day, including for orders going to hospitals and even to specific seats in internet cafes.

The data is being sold for as little as RMB 0.10 per person.

By infiltrating telephone sales companies who buy up the profiles for cold calling, The Beijing News journalists learned that the suppliers are using software to scrape data from order systems and that even take away delivery drivers have been found to be selling the info.

The data does not show the date of the order, but he promises it is from within the last two to three days.

The journalist agrees, Chen sends a QR code for payment and within 15 minutes the journalist gets the file.

collect
0
Carlos Marier 2017-10-26
img

Months before the historic data breach of credit-reporting titan Equifax that saw criminal hackers steal private personal data of nearly half the U.S. population, the company was warned it was open to such an attack, according to a new report.

It had taken just three hours for a security researcher probing Equifax’s systems to find a vulnerability that exposed the personal data of millions of Americans and the credit card numbers of more than 200,000, according to the report.

This was reportedly months before the data breach in which the most private and highly valued personal data — including names, Social Security numbers, addresses and dates of birth — of more than 145 million Americans was stolen.

Get tech news in your inbox weekday mornings.

Sign up for the free Good Morning Silicon Valley newsletter.

The researcher accessed the data through an Equifax website that was “completely exposed to anyone on the internet,” according to the report.

collect
0
Steven Jones 2017-07-04
img

Facebook will be forced to make technical changes if found guilty of antitrust charges

Facebook has been targeted by the German authorities for allegedly using over-complicated small print to trick users into handing over personal information.

The vast amount of personal information Facebook collects on its two billion members is used to generate billions in advertising revenue, but is at the centre of the latest high-profile European antitrust investigation to be carried out against a major technology company.

This one is being headed up by Germany’s Federal Cartel Office, essentially looking into whether Facebook uses language that users may not understand to trick them into agreeing to terms and conditions.

The practice, the agency claims, is “extorting” personal data from users.

“Whoever doesn’t agree to the data use, gets locked out of the social network community,” said German lawyer Frederik Wiemer.

collect
0
John Larsen 2017-09-08
img

The Equifax hack is big and bad.

The recently announced Equifax hack was one of the worst in recent memory, for its size and the scope of personal data made vulnerable.

Because of that, Equifax itself and other organizations are looking to help people mitigate any damage done.

First, though, you need to find out if you were affected or not.

The best way to find out if you were affected by the hack is to use Equifax’s “Potential Impact” tool.

Step 1 – Go to the Potential Impact tool page and click the “Check Potential Impact” button.

collect
0
Jeff Smith 2017-08-30
img

Essential, a tiny 100-person smartphone company from the founder of Android, just screwed up in a particularly embarassing way.

Last night, it accidentally shared personally identifying information -- including driver's licenses -- with some other customers, seemingly as part of an attempt to verify some would-be phone buyer's identities ahead of shipment.

At first, some customers (at the XDA-developers forum and r/Essential subreddit) assumed it was a ploy -- a phishing scam created to prey on buyers anxiously awaiting their new Essential Phone, so the data could later be used for identity theft.

But in a just-released blog post on Essential's site, founder and CEO Andy Rubin admits it was the company's error.

"Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers.

We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future," he writes.

collect
0
Mahendra Patel 2021-11-11
img

After Covid–19 most financial institutions and consumers have been moving steadily toward digitalization.

The mass adoption of online services and apps permits more people to use services that they may in any other case not have access to without in-person engagement.

However, this creates new opportunities for fraud and threats.

Due to which banking and financial institutions have been hit particularly hard by fraudsters.To fight back, financial institutions must adopt stronger threat detection and prevention measures to mitigate risk.

Below are some of the trendy strategies fraudsters are using to take advantage of digital onboarding and a few key steps financial institutions can take to protect themselves and their customers.In many ways, the modern online environment is a financial fraudster’s dream.

Plus, the explosion of ransomware attacks has flooded the dark web with extraordinary amounts of stolen client information and personally identifiable information (PII).

Howard Marsh 2017-09-04
img

The hackers responsible for scraping the personal information from some six million Instagram accounts have now reportedly put the information up for sale.

A searchable database of the affected accounts called Doxagram has been created by the hackers allowing anything to see if they’ve been affected.

Naturally there’s a catch, a single search will cost you $10.

To prove the authenticity of information, The Daily Beast were actually able to open a dialogue with the hackers and were sent 1,000 accounts as a sample.

The site then compared the personal information which includes email addresses and phone numbers with what is already available online.

While Doxagram is currently offline, there’s no telling on whether it will be reinstated or what the hackers next steps are for the information.

Mark Maynard 2017-09-20
img

Just as you do regular maintenance on your car, or home, and you go to the doctor just for a check-up, there are little habits you should form to keep your online life as safe and healthy as possible.

1) Check and change your passwords

Should one of your password and username combinations make it out on to the web at large, it’s going to cause you far less concern if you’ve changed your password since the leak happened—it might seem like a chore but if you focus on four or five key accounts you can make yourself significantly safer in return for a few minutes of admin every month.

If you struggle to remember password combinations then there are a trove of excellent password managers to pick from that will do the job for you—we’ve written about some of them here—and you can even get secure passwords generated for you if you prefer.

2) Check your account and device activity

Just about every online account in existence now has ways of letting you look up recent activity related to your account—for Facebook it’s here, for Twitter it’s here, for Google it’s here, and so on.

Ed Furnace 2017-09-24
img

The breach of the credit monitoring firm Equifax, which exposed extensive personal data for 143 million people, is the worst corporate data breach to date.

Three weeks since the company first publicly disclosed the situation, a steady stream of gaffes and revelations paint a picture of Equifax's deeply lacking response to catastrophe.

The site also seemed slapdash, even though Equifax says it learned about the mega-breach at the end of July, and took roughly six weeks to disclose it.

"There should have been a very comprehensive set of policies and procedures for what to do to respond," says Jonathan Bernstein, the president of Bernstein Crisis Management, which works on institutional response to all sorts of disasters including data breaches.

They made the situation worse."

In the weeks since Equifax disclosed the breach, the company's official Twitter account has mistakenly tweeted a phishing link four times, instead of the company's actual breach response page.

Clifford Ketcham 2017-09-15
img

Beleaguered Equifax, the credit-reporting company that let criminals access Americans’ most-sensitive personal information, has turfed two high executives as a result of the data breach.

Meanwhile, it’s been revealed that the hackers used a vulnerability that Equifax knew about or should have known about before the breach occurred.

On Sept. 15, the company announced that chief information officer David Webb was retiring, with Mark Rohrwasser appointed as interim CIO.

Get tech news in your inbox weekday mornings.

Sign up for the free Good Morning Silicon Valley newsletter.

The shakeup followed the revelation Sept. 7 that personal information for up to 143 million Americans had been accessed by criminal hackers, with exposed data including names, Social Security numbers, birth dates and addresses — enough for identity thieves to loot bank accounts and take credit out in other people’s names, experts have said.

Charles Pete 2018-08-02
img

Reddit knew of ‘security incident’ since 19 June but only alerted users more than a month later

More than a month since it happened, Reddit has this week confirmed that it has suffered what it is calling a ‘security incident’.

It said that a “hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.”

But the social news site has not disclosed the scale of the compromise and how many people have been affected.

“On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers,” it said.

It should be noted that this is not the first time that the social news site has suffered a cyber attack.

Carlos Marier 2017-10-26
img

Months before the historic data breach of credit-reporting titan Equifax that saw criminal hackers steal private personal data of nearly half the U.S. population, the company was warned it was open to such an attack, according to a new report.

It had taken just three hours for a security researcher probing Equifax’s systems to find a vulnerability that exposed the personal data of millions of Americans and the credit card numbers of more than 200,000, according to the report.

This was reportedly months before the data breach in which the most private and highly valued personal data — including names, Social Security numbers, addresses and dates of birth — of more than 145 million Americans was stolen.

Get tech news in your inbox weekday mornings.

Sign up for the free Good Morning Silicon Valley newsletter.

The researcher accessed the data through an Equifax website that was “completely exposed to anyone on the internet,” according to the report.

John Larsen 2017-09-08
img

The Equifax hack is big and bad.

The recently announced Equifax hack was one of the worst in recent memory, for its size and the scope of personal data made vulnerable.

Because of that, Equifax itself and other organizations are looking to help people mitigate any damage done.

First, though, you need to find out if you were affected or not.

The best way to find out if you were affected by the hack is to use Equifax’s “Potential Impact” tool.

Step 1 – Go to the Potential Impact tool page and click the “Check Potential Impact” button.

Jerry Smith 2017-01-26
img

The service, which launched in late 2015, allows Amazon Prime members to add on-demand video subscriptions from premium networks like Showtime and Starz, international services like Acorn TV and DramaFever, and streaming-only offerings like AMC s Shudder and NBC s Seeso.

Amazon Channels isn t exactly a la carte nirvana—there are no live channel feeds, and no basic cable offerings like FX and Comedy Central—but it does help make streaming video less chaotic.

Each channel integrates with Amazon s existing video apps and Fire TV devices, and ties into a single billing mechanism that, unlike cable, lets users add and drop channels at will.

Amazon now offers more than 100 channels, up from 75 in November, including HBO and Cinemax, which signed on last month.

I jumped on the phone with Michael Paull, Amazon s vice president of digital video, to find out.

Although Amazon Channels removes some of streaming-video s billing headaches, and might spare you from jumping between so many separate apps, subscribing to multiple channels won t save you any money.

Albert Hummel 2017-12-04
img

Canadian outfit TIO acquired in Feb 'fesses up to unauthorized access

PayPal has “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.”

The good news ist that PayPal is not to blame for the likely leak.

Fault can instead be ascribed to TIO Networks, a Canadian payments outfit that PayPal paid US$233m to acquire in February 2017.

That deal closed in July 2017 and PayPal has since reviewed TIO's systems and turned up problems that saw it suspend TIO's operations on November 10th, 2017.

TIO's canned statement stated those efforts “uncovered evidence of unauthorized access to TIO’s network, including locations that stored personal information of some of TIO’s customers and customers of TIO billers.”

Toby Taft 2017-10-24
img

The COPPA rule prevents kids from having their personal information hoovered up and distributed online the way adults often consent to.

Verifiable parental consent is required if that information is to be collected — but the FTC has just relaxed the rule just enough that common tasks like searches can be done for kids without risk to the operator.

The issue was that, under the current rules, any audio from a kid is considered as being “collected” — which isn’t a problem if it’s in the Sesame Street app or something, where parents will have already consented to its use.

But what at some random time a kid is saying “call 911!” or trying to turn off the music?

Should Amazon or Apple wait to get consent from the parents before carrying out these tasks?

In a guidance statement issued today, the FTC said “no,” cutting out simple interactions like this from the COPPA requirements.

Jennifer Ervin 2017-07-07
img

Unprotected AWS server lets anyone get up close and personal with WWE customer data

A data leak at World Wrestling Entertainment (WWE) has left the personal data of over three million fans exposed online and at risk of theft.

Security firm Krontech has revealed that one of its researchers discovered an unprotected database that contained a plethora of customer information, including home and email addresses, dates of birth, financial earnings and genders.

According to researcher Bob Dyachenko, the unencrypted database was stored on an AWS S3 server with no password protection, meaning it was able to be accessed by anyone who knew the web address.

Speaking to Forbes, Dyachenko suggested that the server was likely misconfigured by either WWE itself or an IT partner.

He added that, although it is unclear which branch of the WWE Corporation the database belongs to, the presence of social media tracking data suggests that it probably came from one of the organisation’s marketing teams.

Manuel Scarborough 2017-08-31
img

Care requirements database held details of 3,000 service users on passwordless portal

A UK council has been fined £70,000 for leaving vulnerable people's personal information exposed online for five years.

Nottinghamshire County Council posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory that was left accessible to world+dog.

No usernames, passwords or any other access controls limited access to the sensitive information.

Although the service users' names were not included, a determined person would have been able to identify them.

The screw-up was only discovered when a member of the public inadvertently stumbled on the data using nothing more sophisticated than a search engine query.

Brad Patterson 2018-04-23
img

The personal data of people who have ordered food delivery is readily available for sale via several channels, investigative reporting by The Beijing News has discovered (in Chinese).

Data on offer includes information such as name, phone number, address of thousands of orderers per day, including for orders going to hospitals and even to specific seats in internet cafes.

The data is being sold for as little as RMB 0.10 per person.

By infiltrating telephone sales companies who buy up the profiles for cold calling, The Beijing News journalists learned that the suppliers are using software to scrape data from order systems and that even take away delivery drivers have been found to be selling the info.

The data does not show the date of the order, but he promises it is from within the last two to three days.

The journalist agrees, Chen sends a QR code for payment and within 15 minutes the journalist gets the file.

Steven Jones 2017-07-04
img

Facebook will be forced to make technical changes if found guilty of antitrust charges

Facebook has been targeted by the German authorities for allegedly using over-complicated small print to trick users into handing over personal information.

The vast amount of personal information Facebook collects on its two billion members is used to generate billions in advertising revenue, but is at the centre of the latest high-profile European antitrust investigation to be carried out against a major technology company.

This one is being headed up by Germany’s Federal Cartel Office, essentially looking into whether Facebook uses language that users may not understand to trick them into agreeing to terms and conditions.

The practice, the agency claims, is “extorting” personal data from users.

“Whoever doesn’t agree to the data use, gets locked out of the social network community,” said German lawyer Frederik Wiemer.

Jeff Smith 2017-08-30
img

Essential, a tiny 100-person smartphone company from the founder of Android, just screwed up in a particularly embarassing way.

Last night, it accidentally shared personally identifying information -- including driver's licenses -- with some other customers, seemingly as part of an attempt to verify some would-be phone buyer's identities ahead of shipment.

At first, some customers (at the XDA-developers forum and r/Essential subreddit) assumed it was a ploy -- a phishing scam created to prey on buyers anxiously awaiting their new Essential Phone, so the data could later be used for identity theft.

But in a just-released blog post on Essential's site, founder and CEO Andy Rubin admits it was the company's error.

"Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers.

We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future," he writes.