Internet Security | SC Media

Internet Security

The key to protecting against internet traffic hijacking

Recently, reports emerged that a large Asian telecommunications company has been covertly hijacking global internet traffic for nearly 30 months. By publishing false routing information using a protocol called BGP, sources were able to redirect global traffic and pass it through unauthorized locations where it is subject to possible interception and tampering — all without…

Report: Details on 617 million user accounts up for sale on dark web

By

A dark web marketplace this week reportedly began selling stolen data linked to roughly 617 million user accounts from 16 different websites. The Register was first to report the incident, citing details provided by the seller, who has set up show on the Tor network-based site Dream Market cyber-souk. The affected online services consist of video messaging…

Movie and TV-tracking service Trakt belatedly discovers 2014 breach

By

An unauthorized party illegally accessed data from TV and movie “scrobbling” service Trakt more than four years ago, but only now are users learning about it. The California-based company, which allows viewers to track the programs and films they watch, reportedly sent an email to its subscribers informing them that an unauthorized party used a…

Google says it is not a flaw that passwords saved in its web browser can be viewed in plain text.

Google adds Password Checkup Chrome extension

By

Google has rolled out a new Chrome extension that will inform users if their passwords have been compromised. The service, which was introduced as part of Google’s Safer Internet Day offerings, is called Password Checkup. The Chrome extension checks a person’s username and password against a list of four billion credentials that are known to…

Safer Internet Day 2019 offers array of educational programs

By

Safer Internet Day 2019 kicks off today with a worldwide schedule of events to help make the internet a safer environment, and this is certainly needed as a recent poll indicates many people still make poor choices when it comes to protecting themselves online. Behind the slogan “Together for a better internet”, the day’s organizer…

DHS issues emergency directive to protect federal domains from DNS hijacking campaign

By

The Department of Homeland Security’s newly created Cybersecurity and Infrastructure Security Agency (CISA) issued its first-ever emergency directive on Tuesday, instructing federal government agencies to take preventative measures against an ongoing DNS hijacking campaign that has recently affected several executive branch domains. Cisco Systems’ Talos research unit first reported on the DNS infrastructure tampering in November…

Click2Gov breach threatens credit card data of Hanover County residents

By

A data breach of an third-party online payment system has compromised the personal information of Hanover County, Virginia, residents. In an official online notification, county officials have disclosed that an unauthorized party stole credit card information processed by the Click2Gov payment portal between Aug. 1, 2018 and Jan. 9, 2019. Exposed information includes customer names,…

Credential stuffing attack prompts Reddit to force password reset

By

Some Reddit users discovered they were locked out of their own accounts earlier this week after an apparent credential stuffing attack compelled the popular website to invoke password security measures. An admin post published on Reddit’s Help subreddit this past Wednesday advises users that a “large group of accounts were locked down” due to anomalous…

Phishing kit leverages web fonts to obfuscate source code

By

In an apparent first, researchers last year observed an unusual phishing kit that obfuscates its landing page’s source code with web fonts as a means to avoid detection. Attackers recently used the kit as part of a credential harvesting scheme that targeted a major retail bank, researchers from Proofpoint revealed in a Jan. 3 blog…

Cybercriminals compromise website for Dublin tram system, post ransom demand

By

Malicious hackers on Thursday defaced the website for Luas, a public tram system based in Dublin Ireland, posting a ransom demand that threatened to publish data they claim to have stolen from the transport service. The Ireland-based division of Transdev, the transportation company that runs Luas, took its site offline in response to the incident.…

Next post in Cybercrime