Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
6/5/2017 | 5:25:41 AM
Re: 9 Minutes?
No, I don't think so. I think what the piece is trying to communicate is that once they had already accessed the information, they took mere minutes to use the compromised information. The 9-minute figure has nothing to do with the breach itself.
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
6/5/2017 | 5:23:36 AM
Re: When you want it, you want it.
Is it? How many of them, I wonder, already had an ecommerce portal open in another browser tab at the time?
Dr.T
Dr.T,
 User Rank: Ninja
5/30/2017 | 12:32:40 PM
NSA
At the same time, this is may be another vulnerability that was exploited and not shared with the vendor and hackers now know it. 
Dr.T
Dr.T,
 User Rank: Ninja
5/30/2017 | 12:32:03 PM
Re: When you want it, you want it.
"you often want it right away"

Agree. 9 minutes is quite impressive.
Dr.T
Dr.T,
 User Rank: Ninja
5/30/2017 | 12:31:06 PM
Re: Interesting Honeypot
"Interesting Honeypot"

I like the idea that they try to understand what would happen.

 
Dr.T
Dr.T,
 User Rank: Ninja
5/30/2017 | 12:29:06 PM
9 Minutes?
So they know a backdoor that we do not. 
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
5/28/2017 | 3:05:52 PM
When you want it, you want it.
Makes sense. When you're in the market for something -- whether it's stolen PII or something else -- you often want it right away.
RyanSepe
RyanSepe,
 User Rank: Ninja
5/27/2017 | 1:53:07 PM
Interesting Honeypot
This is an interesting exercise to show the value of compromising personal records from the attackers perspective. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27854
PUBLISHED: 2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
CVE-2021-27861
PUBLISHED: 2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
CVE-2021-27862
PUBLISHED: 2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
CVE-2021-27853
PUBLISHED: 2022-09-27
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
CVE-2022-39258
PUBLISHED: 2022-09-27
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal o...