Tag Archive for: credentials

Sharp rise seen in attacks using stolen credentials

/in

Organizations are seeing a sharp increase in attacks using stolen account credentials, with crooks using new techniques to beat fraud detection systems, according to Gartner.

Gartner clients have reported a “significant rise” over the last two months in the use of stolen credentials to access accounts, wrote fraud expert Avivah Litan in a blog post Thursday.

The hackers are trying to access systems related to credit cards and financial data, digital currency, travel rewards and high-end fashion — “anything and everything that has monetary or resale value,” Litan wrote.

To read this article in full or to leave a comment, please click here

Network World Security

Stolen credentials used to access United Airlines’ MileagePlus accounts

/in

Three dozen loyalty accounts belonging to United Airlines customers saw fraudulent transactions after hackers used login credentials collected from an unknown source.

The Mileage Plus accounts, which are part of United’s rewards program, were accessed early last month, said Luke Punzenberger, a United spokesman, on Sunday. The program has about 95 million participants.

Punzenberger said the accounts were accessed using login credentials that came from a third party. He did not have specific information on how the airline determined that.

The login credentials were not obtained as a result of a data breach at United, Punzenberger said. He added that United was not the only company that saw attempts to access accounts using the login credentials.

To read this article in full or to leave a comment, please click here

Network World Security

DOD approves new mobile security credentials – Defense Systems

/in

DOD approves new mobile security credentials
Defense Systems
The Defense Department has taken another step toward wider use of mobile devices with the approval of security credentials for Android, Apple and Microsoft devices used by vendors and other DOD partners. DOD has issued External Certificate Authority

and more »

“mobile security” – read more

Home Depot says attackers stole a vendor’s credentials to break in

/in

Home Depot has shed more light on a recent data breach that compromised 56 million payment cards, saying hackers used login credentials belonging to another company to access its network. It also revealed that 53 million email addresses were also stolen.

The stolen login credentials didn’t provide direct access to its point-of-sale terminals, Home Depot said. But once inside, the hackers gained “elevated rights” that allowed them to navigate to other parts of its network and install their malware on self-checkout systems in the U.S. and Canada.

The retailer didn’t identify the third-party vendor that was compromised. A Home Depot spokesman said the attack is still under investigation and the company could not comment further.

To read this article in full or to leave a comment, please click here

Network World Security