Crooks Are Selling a Skimmer That Works on All Chip Card Readers

From “Crooks Are Selling a Skimmer That Works on All Chip Card Readers”
CSO Online (08/31/16) Korolov, Maria. Posted by ASIS.

Researchers have found a website that claims to sell “the most advanced EMV chip data collector in the world.” The seller says that the device is powered by the point of sale terminal, and can hold information on up to 5,000 credit cards in its memory. The equipment can also be used on machines made by Ingenico and Verifone, as well as terminals on gas station pumps, ticket purchase stations, and on small ATMs, specifically those manufactured by Triton. Andrei Barysevich, director of Eastern European research and analysis at Flashpoint, says that the device is primarily targeted towards Latin America. Latin America is still reliant on static data authentication chips, which allow criminals to create usable new chip cards with the data they catch, making it an easier target. Barysevich also says that the “technology can be used in any point of sale device. It literally takes less than 10 seconds to install, and once installed, it stays there forever.” He said that terminal manufacturers have been notified about the issue.

Laptops Most Often Stolen From Most Unlikely Place

From “Laptops Most Often Stolen From Most Unlikely Place”
CIO (08/15/16) Olavsrud, Thor. Posted by ASIS.

According to Kensington’s IT Security & Laptop Theft report, the No. 1 place employees had experienced IT theft was ‘cars and transportation’. The No. 2 response, coming in ahead of ‘airports and hotels’ and ‘restaurants’ was the office. Kensington, a supplier of desktop and mobile device accessories, surveyed 300 U.S. IT professionals from a range of industries for the report. The company found that 34 percent of organizations do not have a physical security policy in place for their laptops, mobile devices, and other electronic assets. Additionally, 54 percent of respondents do not currently use physical locks for IT equipment. “Since studies confirm that well-implemented security can significantly decrease laptop theft by as much as 85 percent, it’s important for IT personnel to consistently utilize physical locks for computing and mobile equipment to provide resistance to tampering and theft,” said Rob Humphrey, director of Global Product Management, Security, Kensington.

Police: Laptop Used to Reprogram, Steal More Than 100 Cars

From “Police: Laptop Used to Reprogram, Steal More Than 100 Cars”
Associated Press (08/05/16) Posted by ASIS.

Police have arrested two men in Houston for allegedly using pirated computer software to steal more than 100 vehicles. Michael Arce, 24, and Jesse Zelaya, 22, focused on new Jeep and Dodge vehicles that are lucrative on the black market in Mexico, authorities said. Using a laptop computer, the men allegedly reprogrammed the targeted vehicles’ electronic security so their own key worked. The stolen vehicles relied on a common software used by auto technicians and dealers, according to Houston police officer Jim Woods. Computer security expert Yoni Heilbronn says computerization and Internet connectivity increase vehicle security in some ways, but also increase the risk of theft and malicious disabling. Automakers are cooperating to develop best practices and to share information on cybersecurity threats.

A New Wireless Hack Can Unlock 100 Million Volkswagens

 08/10/2016

In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.

See full story at  https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

Local Schools to Use New Security App Directly Connected to Police

From “Local Schools to Use New Security App Directly Connected to Police”
WSBTV.com (Atlanta, GA) (08/08/16) Petchenik, Mike. Posted by ASIS.

The Fulton County school district in Georgia recently launched the QuickTip app, which allows anyone to anonymously report something suspicious to Fulton County school police. School officials hope the app will help keep kids safe in class. Fulton County Schools Director of Safety and Security Shannon Flounnory said he hopes the app will stop a range of bad student behavior. Anyone can download the app on their smart phone through the Fulton County schools app or access it online. The district launched it quietly last year and Flounorry says they’ve had some success.

Full Story:  http://www.wsbtv.com/news/local/north-fulton-county/local-schools-to-use-new-security-app-directly-connected-to-police/419250001

Hospital Shooting: Florida Facilities Beef up Security With Armed Guards, Random Bag Checks

From “Hospital Shooting: Florida Facilities Beef up Security With Armed Guards, Random Bag Checks”
Fierce Healthcare (07/25/2016) Minemyer, Paige. Reposted by ASIS

Central Florida hospitals are bolstering their security in the wake of a deadly shooting at an area facility. The shooting at Parrish Medical Center earlier this month has sparked security concerns in the area. Parrish itself has reportedly increased security in its emergency department and main entrance, instituting random bag checks, and restricting access at certain locations within the facility. Health First, a system that owns four other hospitals in the same county, is also implementing those measures, as well as employing armed guards, which has some worried patient safety will be endangered. Orlando Health, the hospital that treated the majority of patients injured in the Pulse nightclub shooting, is now screening people entering its hospitals with wand and bag checks. Hospitals across the country are increasingly planning for active shooter situations in their facilities, or to handle a sudden overflow of patients should a shooting occur elsewhere.

 

Is Your Hospital’s Communications System Ready for the Next Big Emergency?

From “Is Your Hospital’s Communications System Ready for the Next Big Emergency?”
Campus Safety Magazine (06/08/2016) Winn, Zach. Reposted by ASIS.

Updated emergency communications systems designed to meet hospitals’ unique needs are crucial to maintain real-time communication during emergency situations. Emergency communication between different organizations or responding teams can pose challenges if communication channels are encrypted; hospitals are required to make their communication channels compatible with local law enforcement and emergency response services. Companies like Mutualink provide interoperable networks by inserting existing communications infrastructure into an IP network. “It allows emergency commanders to, among other things, create incident channels,” said Mutualink’s Rob Wright. “So if there are multiple teams responding to something, they can be added to the channel in an instant and communicate seamlessly.” Experts stress redundancy in emergency notifications; alerts should be sent through a number of platforms, including text messages, phone calls, emails, overhead paging, and desktop alerts. Cutting lag time in emergency notification and response is a priority, according to Bryan Warren, director of corporate security for the Carolinas Healthcare System. “By their very nature, emergency situations are very fluid and dynamic,” said Warren. “Without real time, up-to-the-second details and effective two-way communication capabilities, poor decisions can be made.”

Wondering if that LinkedIn password e-mail is real? Read on.

Security Management Magazine by Megan Gates  

LinkedIn is invalidating passwords for all accounts created before 2012 following the disclosure that 100 million members’ passwords may have been compromised.

In a post on the social network’s blog, LinkedIn confirmed that in 2012 it was the victim of an unauthorized access and disclosure of 6.5 million of its users’ passwords.

“At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure,” the blog post said. “Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.”

On Tuesday, however, LinkedIn became aware that an additional set of data that has been released claims to be e-mail and hashed password combinations of more than 100 million LinkedIn members from the 2012 theft.

The data is reportedly for sale on a dark web market called The Real Deal by the dealer Peace, who is selling the data for 5 Bitcoin (approximately $2,200), according to Forbes.

Due to this new development, LinkedIn began invalidating passwords on Wednesday for all accounts created before the 2012 breach that have not updated their password.

“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will continue those members to reset their passwords,” the blog post explained. “We have no indication that this is as a result of a new security breach.”

LinkedIn said it will be notifying individual users if they need to reset their password. “However, regularly changing your password is always a good idea and you don’t have to wait for the notification,” it explained.

To change your password on LinkedIn, follow the below instructions:

  1.  Login to your LinkedIn account
  2. Move your cursor over your photo in the top right of your homepage and select Privacy & Settings
  3. Select the Account tab at the top of the page
  4. Under the Basics section, click Change next to Change Password
  5. Enter your old password, type your new password, and then type it again to confirm it. (Passwords are case sensitive and must contain at least six characters.)
  6. Select the checkbox if you’d like to automatically be signed out of all sessions once you change your password
  7. Click Save

Report: Security and Privacy Fears Can Affect Internet Use

From “Report: Security and Privacy Fears Can Affect Internet Use”
PC Magazine (05/14/16) Murphy, David. Posted by ASIS.

About one-fifth of 41,000 respondents said they were victims of some sort of negative personal experience online in the last year, according to a new report from the Nationals Telecommunications and Information Administration. The report’s conclusion noted that it appears many Americans have completely changed their online behavior in the wake of privacy concerns. In fact, 45 percent of respondents indicated their concerns stopped them from conducting online financial transactions, buying goods and services, posting on social networks, or expressing opinions. Around 30 percent refrained from at least two of those activities. Most respondents cited identity theft as their main concern, followed by credit card and banking fraud, data collection by online services, loss of control over personal data, and the government collecting user data. The most concerned users were those who had experienced a breach of data in the past. NTIA will conduct additional studies to learn more about the public’s Internet practices related to online security and privacy.