Collaborate Disseminate
ThreatConnect, provider of the industry’s only intelligence-driven security operations platform, announced its updated integration with Flashpoint, the leader in Business Risk Intelligence (BRI). With this latest integration, joint customers can now le… Continue reading ThreatConnect users can now access data from Flashpoint
It’s a good time to be in the credit card-stealing business. Hacking associations like Magecart — a loose collection of at least 12 groups that specialize in skimming payment data from digital checkout pages — are carrying out more efficient attacks to walk off with online shoppers’ data. By injecting malicious code into vulnerable e-commerce systems in anywhere from the payment system Magento to advertisements and analytics pages, thieves are able to exfiltrate payment information without detection. Before scammers hit Amazon’s CloudFront content delivery network last week and Forbes magazine in May, Magecart was best known for shaking down popular sites like Ticketmaster and British Airways. Each group relies on different techniques, ranging from exploiting server vulnerabilities to using unique skimming code and, in the case of Group 5, which was blamed for the Ticketmaster breach, hacking third party suppliers. “It’s like a shotgun approach to mass compromise,” said Yonathan […]
The post Magecart’s ‘shotgun approach’ to payment card theft is wreaking havoc on e-commerce sites appeared first on CyberScoop.
The adversaries have the hallmarks of an advanced, organized group, with well-established infrastructure. Continue reading Wipro Attackers Have Operated Under the Radar for Years
Flashpoint is a business risk intelligence provider that has been protecting government and private sector assets for a long time. In fact, to paraphrase Jack Nicholson in A Few Good Men, “We have been sleeping under the blanket of their securit… Continue reading DevOps Chat: Security Intelligence with Flashpoint’s Josh Lefkowitz
Company Significantly Expands Use-Case Driven Business Risk Intelligence (BRI) Offerings London – 24th April 2019 – Flashpoint, the global leader in Business Risk Intelligence (BRI), today announced new innovations and enhancements that hel… Continue reading Flashpoint Strengthens Intelligence Platform with New Dashboards and Analytics, Expanded Collections and Tailored Alerting by Industry
Guest article by Josh Lefkowitz, CEO of Flashpoint
Acceptable business risks must be managed, and none more so than those associated with external vendors who often have intimate access to infrastructure or business data. As we’ve seen wit… Continue reading Third Party Security Risks to Consider and Manage
The Omidyar Network, an investment firm created by eBay and First Look Media founder Pierre Omidyar, has invested $2 million in Terbium Labs, the dark web intelligence company announced Monday. Terbium has raised $19 million from sources including Glasswing Ventures, which invested $6 million in 2017, and .406 Ventures, the company said in a statement Monday. The $2 million investment from the Omidyar Network comes as competition among dark web vendors has intensified, with competitors like Recorded Future, Digital Shadows and Flashpoint also scouring hidden sections of the internet for client information. Terbium utilizes artificial intelligence algorithms to model the dark web, locate new sites and predict where stolen information is most likely to go up for sale next, the company said. More than 10,000 users including Mastercard and Thomson Reuters use Matchlight, Terbium’s dark web search system, according to Terbium. The company also relies on a fuzzy hashing protocol that […]
The post Dark web intelligence competition escalates as Terbium raises $2 million from Omidyar Network appeared first on CyberScoop.
More than six months after U.S. prosecutors announced the arrests of three accused hackers affiliated with a sophisticated criminal hacking group, researchers say they have new evidence the billion-dollar crime ring is still active. The Department of Justice last year said police apprehended three Ukrainian men involved in the FIN7 hacking group. The financially-motivated group may have stolen as much as one billion dollars, according to one estimate, as well as 15 million credit card numbers from U.S. businesses. Now, there is some evidence to suggest the group’s infrastructure is starting to reappear after months, according to research published Wednesday by Flashpoint. Researchers uncovered a new strain of malicious software called SQLRat, which is spread via phishing emails. The strain is especially difficult for investigators to detect because it doesn’t leave behind much evidence. “The use of SQL scripts is ingenious in that [attackers] don’t leave artifacts behind the way traditional […]
The post New FIN7 hacking tools uncovered months after three suspects were arrested appeared first on CyberScoop.
Continue reading New FIN7 hacking tools uncovered months after three suspects were arrested
Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online. Continue reading Why Phone Numbers Stink As Identity Proof
Sometimes the little things can help cybercriminals separate their wares from the pack. It could be an uncommon feature in the malware itself, or it could just be a new way to market a familiar strategy. In unrelated reports Wednesday, cybersecurity companies detailed DMSniff, which takes a new approach to remaining stealthy as it steals point-of-sale (POS) information from consumers, as well as GlitchPOS, which steals credit-card information in a familiar way but comes with an instructional video from its creators. Threat intelligence company Flashpoint reports that DMSniff has quietly been in active use since 2016 thanks in part to a domain generation algorithm, which allows hackers to continue siphoning data from a web page even after police or researchers have taken hackers’ domain pages offline. Flashpoint notes that the use of such an algorithm is “rarely seen” in the smash-and-grab world of POS malware, where thieves typically distribute malware to as many sites as possible and […]
The post Hide it well or market it well: Two reports show how point-of-sale malware has users in mind appeared first on CyberScoop.