Computers

Equifax hackers stole 200k credit card accounts

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the data breach announced last week at Equifax. Hackers initially breached Equifax in November 2016.

Equifax says the accounts were all stolen when hackers accessed the company’s systems in mid-May 2017.

The data stolen included card account number, expiration date, and the cardholder’s name. Fraudsters can use this information to conduct e-commerce fraud at online merchants.

Bloomberg published a story yesterday indicating that three top executives at Equifax sold millions of dollars’ worth of stock during the time between when the company says it discovered the breach and when it notified the public and investors. Shares of Equifax’s stock are down more than 13 percent.

The executives stated they didn’t know about the breach when they sold their shares. A law firm in New York has announced it is investigating potential insider trading claims against Equifax.

Hurricane Harvey relief scams

U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be wary of scam artists. In years past we’ve seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an ongoing disaster.

The FTC also warns consumers not to assume that a charity message posted on social media is a legitimate, and urges folks to research the organization before donating by visiting charity evaluation sites such as Charity Navigator, Charity Watch, GuideStar, or the Better Business Bureau’s Wise Giving Alliance. The agency also reminds people who wish to donate via text message to confirm the number with the source before you donate.

From the US Computer Emergency Readiness Team comes a reminder that malware purveyors frequently use natural disasters and other breaking news items of broad interest to trick people into clicking on malicious links or opening booby-trapped email attachments.

Microsoft ends Windows 10 automatic download lawsuit

Microsoft has promised it won’t download new Windows software to users without permission again. The promise staves off legal action in Germany, though is somewhat outdated with the changes to the way Windows is developed.

The legal case followed the discovery in 2015 that Microsoft had automatically downloaded Windows 10 installation files to users regardless of whether they had shown any interest in upgrading to the new system.

The Windows 10 download is around six gigabytes and users were upset because hard drive space had been eaten up, or because the download had cut into monthly usage limits on their broadband service plan.

Windows 10 will be the last completely new version, with new features added in major updates. There will also be updates that fix bugs and security holes.

700 million e-mail accounts hijacked

It’s possible to check if an e-mail address appears in any publicly leaked lists through independent sites such as https://haveibeenpwned.com/.

If an address brings up hits on such sites, it may be worth changing e-mail passwords on the associated sites and any other sites that you’ve used the same password on. That said, security experts recommend using unique, strong passwords on ALL sites to minimize risk.

New Android banking trojan for sale

Security researchers from SfyLabs have discovered a new Android banking Trojan that is being rented on many dark websites for a monthly fee.

Like most other Android banking trojans, Red Alert has a large number of capabilities such as stealing login credentials, hijacking Text messages, displaying an overlay on the top of legitimate apps, contact list harvesting, among others.

Besides this, they have also added an interesting functionality, like blocking and logging all incoming calls associated with banks and financial associations. This would allow the malware to prevent warnings of a compromised account to be received by the victims from their associated banks.

The easiest way to prevent yourself from becoming a victim is to not download apps from third-party app stores or links provided in Text messages or emails.

Also, go to Settings → Security and make sure “Unknown sources” option is turned off on your Android device that blocks installation of apps from unknown sources.

More celebrity nude photos hacked and leaked online

Dozens of personal and intimate photos of Anne Hathaway, Miley Cyrus, Kristen Stewart, Katharine McPhee, golfer Tiger Woods and his ex Lindsey Vonn have reportedly been surfaced on the Internet, and have widely been shared on Reddit, Tumblr and Twitter.

The incident comes a few months after “The Fappening 2.0” surfaced, leaking alleged pictures of many female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan.

The latest release of celebs private photos seems to have come after an unidentified hacker or group of hackers has gained access to celebs’ Apple iCloud accounts and stolen private iPhone photos and videos.

Miley Cyrus, Anne Hathaway, Amanda Seyfried, Demi Lovato, Lucy Hale, Kate Hudson, Rose McGowan, Rosario Dawson, Suki Waterhouse and Alison Brie, and much more are just the latest victims adds to the long list of affected celebrities.

The compromised images were posted on the Celeb Jihad website, and the celebrities’ lawyers are actively working to get those pictures taken off, but they are now being copied and shared across the internet.

How to keep your private information private

  • Do not click on any suspicious links or attachments in any e-mail.
  • When in doubt, contact the sender to confirm that he or she sent the e-mail to you or not.
  • Never provide your personal or financial information through an e-mail to anyone.
  • No service, including Google, Apple, or Microsoft, will ever ask for your password or any other sensitive personal information over an e-mail.