Smashing Security podcast #305: Norton unlocked, and police leaks

Carole’s in her sick bed, which leaves Graham in charge of the good ship “Smashing Security” as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.

Find out more in this… Continue reading Smashing Security podcast #305: Norton unlocked, and police leaks

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.

TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards. Continue reading Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Identity theft protection firm LifeLock may have exposed user email addresses

By Waqas
LifeLock, an Arizona-based identity theft protection firm may have exposed email addresses of millions of its customers – Simply put: A firm vowing to protect online identity of its customers may have exposed their identity to malicious … Continue reading Identity theft protection firm LifeLock may have exposed user email addresses

LifeLock Bug Exposed Millions of Customer Email Addresses

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security. Continue reading LifeLock Bug Exposed Millions of Customer Email Addresses

MI: Holland Eye Surgery & Laser Center notifies 42,200 patients about 2016 hack

After his victim allegedly didn’t respond to his repeated demands for a “security fee,”  a hacker accuses the victim of covering up a hack for almost two years.  One of the breaches added to HHS’s public breach tool this past we… Continue reading MI: Holland Eye Surgery & Laser Center notifies 42,200 patients about 2016 hack

Please don’t buy this: identity theft protection services

Identity theft protection services promise to have your back against cybercriminals looking to steal your data. But they don’t actually stop them from taking your identity. Are they worth it, then? We say no.
Categories:

Cybercrime
Privacy

Tags… Continue reading Please don’t buy this: identity theft protection services