KrebsonSecurity has the story. There was unauthorized card activity known due to cards that were created by the stolen card data. (this credit card fraud is called “card-present”) The speculation is that JimmyJohn’s has been breached and at this point we are waiting for JimmyJohn’s investigation. In the meantime if you want a delicious … Read more
Offensive Security has the information. As Offensive Security was performing a pentest, they noticed that Symantec Endpoint protection had a flaw -one that allows the hacker to escalate security privileges. This is very bad as it is not a direct execution flaw, but it is a stealth method. So one never notices as … Read more
CSRF or Cross Site Request forgery is the highest likely method of attack Broken Authentication is second And cross-site scripting(XSS) is third SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types. The IBM report at X-Force blog recounts the challenges a web application scanner has as to … Read more
today Apple beat estimates: Deadline.com with 35.2 mil iPhones sold threatpost has the info about a “stream of data” on an iPhone It looks like Jonathan Zdziarksi, a forensic scientist and at Twitter: @JZdziarski. found a backdoor in iOS, it is supposedly used by Apple for troubleshooting, diagnostics and enterprise. Apple responded to … Read more
KrebsonSecurity has a good rundown on what we know so far. Basically there has been a breach, some CC companies are noticing bad traffic, and the US secret service is in on the act. July 17th the first card companies were noticing suspicious traffic. There is no other information in the news reports Goodwill Industries … Read more
