Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
6/5/2017 | 5:25:41 AM
Re: 9 Minutes?
No, I don't think so. I think what the piece is trying to communicate is that once they had already accessed the information, they took mere minutes to use the compromised information. The 9-minute figure has nothing to do with the breach itself.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
6/5/2017 | 5:23:36 AM
Re: When you want it, you want it.
Is it? How many of them, I wonder, already had an ecommerce portal open in another browser tab at the time?
Dr.T
Dr.T,
User Rank: Ninja
5/30/2017 | 12:32:40 PM
NSA
At the same time, this is may be another vulnerability that was exploited and not shared with the vendor and hackers now know it. 
Dr.T
Dr.T,
User Rank: Ninja
5/30/2017 | 12:32:03 PM
Re: When you want it, you want it.
"you often want it right away"

Agree. 9 minutes is quite impressive.
Dr.T
Dr.T,
User Rank: Ninja
5/30/2017 | 12:31:06 PM
Re: Interesting Honeypot
"Interesting Honeypot"

I like the idea that they try to understand what would happen.

 
Dr.T
Dr.T,
User Rank: Ninja
5/30/2017 | 12:29:06 PM
9 Minutes?
So they know a backdoor that we do not. 
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
5/28/2017 | 3:05:52 PM
When you want it, you want it.
Makes sense. When you're in the market for something -- whether it's stolen PII or something else -- you often want it right away.
RyanSepe
RyanSepe,
User Rank: Ninja
5/27/2017 | 1:53:07 PM
Interesting Honeypot
This is an interesting exercise to show the value of compromising personal records from the attackers perspective. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25936
PUBLISHED: 2023-01-30
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.
CVE-2022-25967
PUBLISHED: 2023-01-30
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.
CVE-2023-24622
PUBLISHED: 2023-01-30
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.
CVE-2023-24623
PUBLISHED: 2023-01-30
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.
CVE-2022-48303
PUBLISHED: 2023-01-30
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace c...