Last night, password management company LastPass notified users in a blog postthat it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.
In general, we are not a fan of password management tools. While they provide convenience, a central repository of any sensitive data is always going to garner greater attention from hackers.
Last week, millions of government employees were probably quite nervous to hear that their personal data had been stolen by hackers (likely from China), who gained access to a trove of data from the Office of Personnel Management. This week, the same office is opening up even more government employees to more risk, based on their response to the breach. The OPM announced that they will notify all impacted individuals by email, which makes not only the affected individuals, but also anyone else who is worried that they might be affected, now a ripe target for a phishing attack.
Over the past six months, there have been a number of changes in the way the big payment and mobile technology players have approached security for payment apps.
It had been widely anticipated that the launch of Apple Pay in October 2014 would have a big impact, in part due to the technical aspects of the service. Expectations that the launch would disrupt Read more
ATM skimming remains a big business for organized crime rings. According to a recent article in ATMMarketplace.com, card skimming accounted for more than $2 billion in losses. One new approach that banks are exploring to mitigate this particular vector of fraud, is the notion of using smartphones as a second Read more
Last November, we launched a new product called DMARC Compass. DMARC Compass is designed to provide organizations with instant visibility into how many criminals are using their domain to send spam and phishing attacks. DMARC Compass has been a huge success and early feedback from our clients has been extremely positive. Read more
As we have predicted, hackers are eagerly (and successfully) branching out to verticals outside the financial sector. Below we demonstrate how a malware attack was executed under the name of a government agency, targeting the finance department of an enterprise. Read more
Details continue to emerge on the massive breach at health care company Anthem, in which hackers have gained access to information including names, birthdays, medical IDs, Social Security Numbers, street addresses, email addresses and employment information (including income), on up to 80 million people. Read more
At Easy Solutions we spend a lot of time thinking, talking and researching fraud: fraud on different parts of the world and across different verticals, from the most complex to the simplest methodologies. Even with all the different variables that make up these kinds of crimes, one thing is the same across all kinds of electronic fraud—their lifecycle. The lifecycle of a fraud incident is made of three key stages: Read more
A hacker calling himself “Mastermind” is claiming to be in possession of over 20 million credentials for an unnamed dating site. These credentials are claimed to be 100% valid in a posting to a paste site. Included in the list are over 7 million credentials from Hotmail, 2.5 million from Yahoo and 2.2 million from Gmail.com. Read more