Popular e-commerce website Newegg is the latest victim of cyber attacking by Magecart, according to Volexity, a cyberthreat monitoring firm. Newegg is one in a string of high profile cyber attacks making use of the card skimming code which recently compromised British Airways, Ticketmaster, and Feedify. Most critically, customer names and complete card details were stolen using exploited code between August 16th and September 18th. Read More
Just before the weekend, LastPass came across some suspicious activity on its network. It closed off the security breach, but only after the bad guys had made off with some personal information. The incident serves as a reminder of the risks inherent with trusting a company and web service with your security.
The team found no evidence that any encrypted vault data was taken. This means you shouldn't have to change passwords on sites that you've stored in your LastPass account.
That said, some email addresses, password reminders, authentication hashes, and server per user salts were compromised. As a result, LastPass is prompting everyone to update their master passwords (and you should go change your password if you've reused it on any other sites). The Read More
eBay isn't for everyone, but with such a steady stream of good deals on gadgets, there's a reason to have paid the site a visit lately. Welp, apparently the online Read More
auction block marketplace (eBay reached out to let us know they're not just an auction block, but a marketplace where the overwhelming majority of listings are buy it now or new, in case you were wondering!) has been hacked, and it's time for all users to change their passwords. This should be a preventative measure, as the company hasn't noticed any fraudulent activity on anyone's accounts just yet. Nevertheless, that doesn't mean your credentials aren't now resting on someone's computer waiting to be sold or exploited someday.
The second annual Mobile Pwn2Own competition, run by HP TippingPoint's Zero Day Initiative, is fast approaching. This year's event will take place at the PacSec Applied Security Conference in Tokyo from November 13-14, and over $300,000 in cash and prizes is up for grabs. The Pwn2Own contest challenges security researchers to find and exploit vulnerabilities on mobile devices and rewards them by giving them the device they were able to compromise. In short, a contestant must "pwn" a device in order to own it. This year's event is sponsored by Google's Android Security Team and BlackBerry.
Contestants can receive $50,000 for compromising a mobile device using Bluetooth, Wi-Fi, USB, or NFC. Read More