Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Fresh Target Breach Cards Hitting Black Market
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
anon2815515591
50%
50%
anon2815515591,
User Rank: Apprentice
1/14/2015 | 12:36:06 PM
Re: Target Breach: the gift that keeps giving
Remember if you log on to a site that sells stolen data a) the FBI may be watching and you may get wrapped up in the hoopla, and B) If they are the unscrupulous type and sell peoples cards do you think it would be easy for them to also monitor who connects and inject malware into the systems that are connecting??

Just a thought, I would make sure you use a public wifi connection not your house and also use a computer that is ready for the scrap heap then pull the hard disk out and junk it...DONT use the computer you surf the web for on a day to day or you may get something you didnt ask for.
catvalencia
50%
50%
catvalencia,
User Rank: Apprentice
7/5/2014 | 4:01:32 AM
Re: Target Breach: the gift that keeps giving
That's absolutely right. Such scenarios of financial pain and horror might cause you to wonder how you can keep yourself from becoming a credit card theft victim. One answer is to use payday loans rather than credit cards in emergency situations where you need quick cash, as the process does not generally expose you to potential identity theft. However, having a small number of credit cards can be beneficial to your FICO score (indicating diversity in your credit portfolio, which creditors like to see), so perhaps a better long-term answer would be how to make credit card usage less dangerous.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/4/2014 | 7:13:21 PM
Re: Target Breach: the gift that keeps giving
That's an excellent question: upgrade to what? Some of the most secure forms of transfer payments that I have heard about concerns NFC and mobile wallets -- card security has a lot of limitations. I think cards can be utilized by the average consumers for another good decade or so, if somehow payments required the users to enter a pin, so in the event that 40 million card information has been stolen then all a user would have to do to make their card secure again is to assign a new pin.

Upgrade is a process that we should not be overlooked, I have heard that some small retailers have been issued to upgrade their OS from XP (not because of the Target Breach, but because XP won't we officially supported) by their payment solution providers.  
WKash
50%
50%
WKash,
User Rank: Apprentice
3/3/2014 | 9:19:05 PM
Protected
Interesting how credit card groups are saying you're protected if your card gets stolen. I just went through a fresh example of that -- and at least got what was promised:  Someone made off with my AMEX card.  I didn't discovere it for four days, by which time, the person ran up $2457 in credit cards purchases, mostly small stuff, where a credit card scan is all that's required.  Fortunately, AMEX credited all 30 charges.  But I would probably have not been as fortunate if I hadn't reported it.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
3/3/2014 | 5:14:10 PM
Re: Target Breach: the gift that keeps giving
I agree. Financial institutions keep saying it's too expensive to change -- but surely all the costs associated with a breach like this approach the cost of changing over. Viewed as an upgrade, then it might be more palatable. And if banks do it voluntarily, then the government won't force it on them at some point.
Michael Endler
100%
0%
Michael Endler,
User Rank: Apprentice
3/3/2014 | 3:50:50 PM
Re: Not Only Credit Cards
I wonder if it's the same "Microsoft Windows software" guy who called me twice last month.

"Hackers are trying to hack into your PC, really bad," he said. I proceeded to ask him which PC, which seemed to really confuse him. "What do you mean?" he asked. "I have more than one," I replied, at which point he hung up.

The next time, I decided to tell him he was full of BS, at which point he told me that if I wanted to let hackers take over my computer, it was on me. He hung up again.

If I weren't certain some people have fallen for it, the calls would have been pretty funny.
rradina
50%
50%
rradina,
User Rank: Apprentice
3/2/2014 | 8:55:59 PM
Re: Target Breach: the gift that keeps giving
Upgrade to what?  You cannot just change the card without changing the pin pads too.  You can add a chip in the card but as long as the local "Roach Coach" uses a Square plugged into an iPhone, old payment methods have to be allowed.  How are on-line sites more secure with new cards?  3-D Secure?  That doesn't require new cards.
Li Tan
50%
50%
Li Tan,
User Rank: Apprentice
3/2/2014 | 8:29:35 PM
Re: Target Breach: the gift that keeps giving
I completely agree. The major issue is not about card itself but mainly the security process. Nowadays the card with magnetic strip is in use not upgraded to IC chip yet. Keeping your card with the reach of your eyesight help nothing to prevent security breach. Instead some solid process must be in place.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:56:42 AM
Re: Target Breach: the gift that keeps giving
I think the cost of a card itself is not a big deal (even when multiplied by 40 million). The logistics of sending all those cards out and getting them activated is what's causing the apprehension. Since the breach has taken place and eventually new cards have to be issued, now would be a nice time to upgrade card security in the processes. By viewing this whole process as an upgrade to security rather than a containment exercise, better results can be gained.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
3/2/2014 | 9:41:12 AM
Re: Bottom line advice?
Great advice and anyone who has been exposed to the breach window should call up the bank and say "that there is a 60% chance their card will be misused".
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20686
PUBLISHED: 2021-09-17
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-38402
PUBLISHED: 2021-09-17
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to ex...
CVE-2021-38404
PUBLISHED: 2021-09-17
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-38406
PUBLISHED: 2021-09-17
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-41326
PUBLISHED: 2021-09-17
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.