Friday, January 3, 2014

PNC customers in Philadelphia region - check your accounts , there could be errors in your PNC account ! Murder by internet ? Will hackers be able to target and kill victims remotely ? Recently Skype and Snapchat hacked - really nothing is safe out here folks ! Target hack impact Virginia Benefits cards ( 40 ,000 cards turned off as they were used at Target ) ....... State benefit cards hacked ( more than 450 , 000 subject to the breach nationwide ) , JP Morgan remains silent for months afterwards ?

http://philadelphia.cbslocal.com/2014/01/03/pnc-bank-acknowledges-glitch-affecting-unknown-number-of-customers/



95

View Comments
(One PNC customer's account showed a number of "miscellaneous withdrawals" that the bank said it would reverse.  Image provided by customer)
(One PNC customer’s account showed a number of “miscellaneous withdrawals” that the bank said it would reverse. Image provided by customer)


By Tim Jimenez
PHILADELPHIA (CBS) — A number of PNC bank customers woke up today seeing less money in theiraccounts.
The company is calling it a “glitch.”
PNC spokeswoman Marcey Zwiebel says if you checked your bank account and saw a number of strange charges, or may have had that mortgage payment taken out twice, don’t worry.  She says they’re working on it.
Zwieble says an overnight processing delay is to blame, messing with transactions in general.  When asked if this was hacking or some kind of scam, Zwiebel said, “This is not a security related issue.”
There was no word from PNC on how many customers were affected, but Zwiebel says only certain groups of customers were affected.
If you see any problems with your account or have questions, she says, you should go to a branch, or call their customer service line at 1-888-PNC-BANK.
They’re hoping for a fix by the evening hours, and Zwiebel says customers will not be responsible for overdraft fees resulting from their problem.





http://www.nbcwashington.com/news/local/Va-Benefit-Cards-Turned-Off-Due-to-Target-Breach-238714961.html



Va. Benefit Cards Turned Off Due to Target Breach

Saturday, Jan 4, 2014  |  Updated 12:11 PM EST
View Comments (
4
)
|
Email
|
Print
Va. Benefit Cards Turned Off Due to Target Breach
advertisement
Virginia has deactivated nearly 4,000 state-issued electronic benefits cards due to the recent security breach at Target Corp. stores.
The EPPICards are used by people receiving benefits such as Temporary Assistance for Needy Families and child support.
Target revealed in December that data connected to about 40 million credit and debit card accounts were stolen between Nov. 27 and Dec. 15.
The Virginia Department of Social Services tells media outlets that nearly 4,000 EPPICards were used at Target stores during this period.
The department says the EPPICard program's vendor, Xeros, blocked the affected cards Wednesday. The cards are being replaced.

http://www.timesunion.com/local/article/State-benefit-cards-hacked-5109785.php


State benefit cards hacked

40,00 jobless, food stamp recipients affected; bank delay in reporting breach
Published 9:24 pm, Thursday, January 2, 2014
  • New York electronic benefit card (EBT) sample. (New York State)
    New York electronic benefit card (EBT) sample. (New York State)





Albany

Approximately 40,000 welfare, food stamp and unemployment recipients were told this month that their electronic benefit card information may have been viewed by hackers.
There's no evidence that anyone actually suffered a loss from the electronic intrusion, but officials are wondering why the major bank that administers the cards, J.P. Morgan Chase, took nearly three months to tell them about the breach.
The potential breach occurred between July 17 and Sept. 17.
It involved an estimated 465,000 people nationwide after unencrypted personal data for cash card holders showed up on a site maintained by the bank for its UCard cash card system.
If someone accessed the site and, for example, entered an address change or other update, it briefly showed up in a form that was not encoded. Normally, personal information on the site is encrypted.
The data was not believed to include Social Security numbers and led to no known theft or loss of money.
The potential breach was reported by Reuters in early December, around the same time state officials said they were notified.
The potential victims received electronic benefit cards administered by the state Office of Temporary and Disability Assistance and Department of Labor.
Other states, including Connecticut and Louisiana, also use the system for services like welfare payments as well as income tax refunds.
J.P. Morgan Chase spokesman Michael Fusco said they initially focused their effort on dealing with the potential breach.
"When we detected the issue, our first priority was to protect the system," he said. "We quickly fixed the issue and began an extensive investigation to find out what happened."
The bank this month emailed cardholders who might have been affected, Fusco said, stressing that no one has reported any improper use of their cards.
Additionally, the bank will offer two years of free credit monitoring for people who may have had their data viewed.
Still, the episode has left state officials in New York as well as other states wondering why they weren't immediately informed.
"The State is awaiting an explanation from Chase as to why the State and its departments were not informed until December 3 of the potential security breach that was discovered in mid-September," a statement on the Labor Department website said.
"We believe it would have been appropriate for J.P. Morgan Chase to notify us immediately and we are currently assessing the matter further," Labor spokesman Chris White said in an email.
A hotline to answer customer questions is available at 866-849-5255.








http://www.esecurityplanet.com/hackers/rapid7-hackers-to-focus-on-internet-of-things-in-2014.html

Rapid7: Hackers to Focus on Internet of Things in 2014

As a result, Internet Identity suggests, 2014 could see the first murder by Internet.

Vulnerability management firm Rapid7 recently told CIO Insight's Robert Lemos that Internet-connected devices are becoming increasingly attractive targets for cyber criminals -- and while 2013 saw a few such attacks, the company says the number will surge in the coming year.
"This is only set to continue -- we're already seeing network-enabled toasters, kettles, fridges and much more emerging," Rapid7 told Lemos. "Unfortunately, researchers have found time and again that security issues abound on embedded devices, and they are typically very poorly patched."
The problem, according to Rapid7, is that time to market usually trumps security concerns as companies launch such products.


http://www.esecurityplanet.com/hackers/syrian-electronic-army-hackers-hit-skype.html


Syrian Electronic Army Hackers Hit Skype

The hackers used Skype's Twitter account to claim that Microsoft is 'monitoring your accounts and selling the data to the governments.'

Members of the Syrian Electronic Army recently compromised the official Twitter, Facebook and WordPress accounts for Skype (h/tSophos).
On Skype's Twitter account, the hackers posted, "Don't use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments. More details soon #SEA"
On their own Twitter account, the hackers also posted what they claimed were Microsoft CEO Steve Ballmer's e-mail address and phone number, writing, "You can thank Microsoft for monitoring your accounts/emails using this details."



Soon after, Microsoft regained control of the Skype Twitter account and stated, "You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience."
As Sophos' Chester Wisniewski notes, the nature of the attack seems to indicate either that the same password was shared between the three social media accounts or that a Skype employee's e-mail account was compromised -- and more importantly, it indicates that Microsoft isn't using two-factor authentication on its social media accounts.
"I believe it is the responsibility of organizations with a large number of followers to do whatever they can to secure their profiles," Wisniewski writes. "I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you."

And Internet Identity, in its security predictions for 2014, predicts that those flaws will lead to the first murder by Internet-connected device in the coming year.
"With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective," Internet Identity president and CTO Rod Rasmussen said in a statement. "That’s horrifying. Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used."


http://www.esecurityplanet.com/network-security/snapchat-hacked.html


Snapchat Hacked

4.6 million users' phone numbers and user names were made available online.

A group of unidentified hackers recently claimed to have leveraged asecurity flaw in the Snapchat app to access 4.6 million Snapchatusers' phone numbers and user names (h/t PCMag.com).
The hackers made the data available at SnapchatDB.info with the last two digits of each phone number redacted "to minimize spam and abuse," but the site has since been taken down by its hosting provider.
"You are downloading 4.6 million users' phone number information, along with their usernames," the hackers wrote. "People tend to use the same username around the Web so you can use this information to find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with."


"Feel free to contact us to ask for the uncensored database," the hackers added. "Under certain circumstances, we may agree to release it."
In a statement provided to TechCrunch, the hackers explained, "Our main goal is to raise public awareness on how reckless many Internet companies are with user information. It is a secondary goal for them, and that should not be the case. You wouldn't want to eat at a restaurant that spends millions on decoration, but barely anything on cleanliness."