Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.
In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.
“This settlement marks our final agreement with a card brand related to the intrusion,” Heartland CEO Robert Carr said in the statement.
In January, Heartland agreed to set aside $60 million to reimburse banks issuing Visa cards, for breach-related costs. Heartland has also agreed to pay $3.6 million to settle claims brought against it by American Express and more than $41 million to reimburse MasterCard issuers for breach-related costs.
In addition to settling with the major card brands, Heartland also has offered to pay $4 million to settle a consolidated consumer class action lawsuit being heard in Texas.
All of the settlement money has come from the $140 million Heartland set aside to cover the costs related to the breach. That amount includes more than $26 million in legal costs.
Heartland, one of the largest processors of payment card transactions in the U.S., disclosed in January 2009 that hackers had broken into its systems in 2008 and stolen credit and debit card data. Authorities later said that data on as many as 130 million credit and debit cards had been stolen, making it the largest ever breach involving payment card data.
The intrusions at Heartland and several other major retailers were later traced to a gang of cyber thieves led by Miami-based Albert Gonzalez who was sentenced in March to 20 years in federal prison.
Based on a survey by Symantec Hosted Services and SC Magazine, it found that employee use of the web was perceived as the most likely route to malware infection, with 67.6 per cent of respondents selecting this option ahead of email (28.4 per cent) and instant messenger (3.9 per cent).
Dan Bleaken, senior malware data analyst at Symantec Hosted Services, said:
In some ways, the fact that this is seen as one of the biggest threats is somewhat reassuring. The reality is that the cyber criminals are looking for any way to get in and compromise your business resources and home resources by any means that they can make use of. What we see today is attacks by multiple protocols, so people are used to problems with email such as spam, which can cripple company resources, and also malicious email that can come through, and if a user makes a bad decision and clicks on a link, they can become infected.
Acunetix announced version 7 of its Web Vulnerability Scanner which features a new vulnerability verifying techniques, scanning engine, support for a wider variety of web applications, improved performance, less false positives and detection of a wide range of new web vulnerability types.
Check out the video below to find out whats new in the Acunetix Web Vulnerability Scanner Version 7. You can also download the Free version from the Security Tools Page.
Symantec has teamed up with rapper Snoop Dogg to launch a cybercrime rap contest.
Participants are invited to bust some rhymes on the subject of malware, hacking and botnets for the chance to win an all expenses paid trip to LA to attend a Snoop gig and meet his people, if not the rapper himself. Winners get a Toshiba laptop outfitted (inevitably) with Norton Internet Security 2011. Entry is only open to US residents.
Would-be rappers are invited to submit a two-minute rap video to www.HackIsWack.com before the 30 September deadline. The winner will be selected on the basis of “originality, creativity and message”.
In the meantime the contest is being promoted via Facebook and a dedicated Twitter feed already offering nuggets of wisdom such as “dk man, iz it this spiff or iz @RealWizKhalifa from rollin 20′s snoop hood lmmfao. #blackandYellow #dj #bbm”.
The exercise has the laudable aim of raising awareness about cybercrime but we can’t help fearing the musical results are likely to be dire. When corporate giants team with musical stars to appear “down with the kids” the results are seldom edifying.
Unfortunately early entries to the HackIsWack contest, which launched on Moday, fully vindicate these fears.
In this video, Niklas Wolff of the CSIS Security Group demonstrates recent integer overflow vulnerability in Adobe Reader (CVE-2010-2862), disclosed at Black Hat in July, that allows remote code execution.
The latest version of iTunes for Windows addresses 13 security vulnerabilities, as well as adding much-publicised social networking functionality.
iTunes 10 for Windows addresses flaws in the media player’s WebKit browser that were fixed in Safari late last month with version 5.0.1 and 4.1.1 of Apple’s browser software.
Apple’s advisory on the security content of iTunes 10 can be found here.
There has been another case discovered where Google Code is being used to spread malware yet again. This latest example was discovered by security firm zScaler, which reported the finding on their research blog on Wednesday. A spokesman from Google said that the company has taking the necessary steps to remove the project that was hosting the malicious code for violating the terms of service agreement.
At this time it is not certain how long the latest files have been hosted, but zScaler claims one of the executables dates back to late June, 2010, which could be a good indication that Google may have been hosting some or all of the malware for over at least two months now.
Microsoft has released a software tool that helps system administrators protect PCs against a critical class of vulnerabilities found in more than 100 applications from a variety of software makers.
The FixIt Tool works only on machines that have already installed the workaround Microsoft published last week. The latest point-and-click release is designed to make the previous workaround easier to use and fine-tune a variety of settings that will ensure compatibility with applications such as Outlook 2002, members of the Microsoft Security Response Center said.
PandaLabs, Panda Security’s anti-malware laboratory has drawn up a ranking of the most widely used scams over the last few years. These confidence tricks, which are still in wide circulation, all have the same objective: to defraud users of amounts ranging from $500 to thousands of dollars.
Typically, these scams follow a similar pattern: initial contact is made via email or through social networks. The intended victim is then asked to respond, either by email, telephone, fax, etc. Once this initial bait has been taken, criminals will try to gain the trust of the victim, finally asking for a sum of money under one pretext or another.
According to Luis Corrons, Technical Director of PandaLabs, “As with all the classic scams that predate the Internet, many of the numerous users that fall for these tricks and lose their money are reticent to report the crime. And if recovering the stolen money was difficult in the old days, it is even harder now as the criminals’ tracks are often lost across the Web. The best defense is to learn how to identify these scams and avoid taking the bait”.
PandaLabs has ranked the most frequent scams of the last 10 years, based on their distribution and the frequency with which they are received. They are as follows:
Nigerian scam: This was the first type of scam to appear on the Internet, and continues to be widely used by cyber-criminals today. This typically arrives in the form of an email, claiming to be from someone who needs to get a very large sum of money out of a country (normally Nigeria, hence the name). You are promised a substantial reward if you help to do this. However, those that take the bait will be asked to forward an initial sum to help pay bank fees (often around $1,000). Once you have paid, the contact disappears and your money is lost.
Lotteries: In essence, this is similar to the Nigerian scam. An email arrives claiming that you are the winner of a lottery, and asking for your details in order to transfer the substantial winnings. As with the previous scam, victims are asked to front up around $1,000 to cover bank fees, etc.
Girlfriends: A beautiful girl, normally from Russia, finds your email address and wants to get to know you. She will always be young and desperate to visit your country and meet you, as she has fallen head-over-heels in love with you. She wants to come immediately, but at the last moment there is a problem and she needs some money (once again, around $1000 should cover it) to sort out flight tickets, visas, etc. Unsurprisingly, not only does your money disappear, but so does the girl.
Job offers: This time you receive a message from a foreign company looking for financial agents in your country. The work is easy -you can do it from home- and you can earn up to $3,000 working just three or four hours a day. If you accept, you’ll be asked for your bank details. In this case you will be used to help steal money from people whose bank account details have been stolen by the cyber criminals. The money will be transferred directly to your account, and you will then be asked to forward the money via Western Union. You will become a ‘money mule’, and when the police investigate the theft, you will be seen as an accomplice. Although this is often referred to as a scam, it is different from the others in that the ‘money mule’ also stands to gain, albeit by unwittingly committing a crime.
Facebook / Hotmail: Criminals obtain the details to access an account on Facebook, Hotmail, or similar. They then change the login credentials so that the real user can no longer access the account, and send a message to all contacts saying that the account holder is on holiday (London seems to be a popular choice) and has been robbed just before coming home. They still have flight tickets but need between $500 and $1,000 for the hotel.
Compensation: This is quite a recent ruse, and originates from the Nigerian scam. The email claims that a fund has been set up to compensate victims of the Nigerian scam, and that your address is listed as among those possibly affected. You are offered compensation (often around $1 million) but naturally, as in the original scam, you will need to pay an advance sum of around $1,000.
The mistake: This has become very popular in recent months, perhaps fueled by the financial crisis and the difficulty people are having in selling goods or houses. Contact is made with someone who has published a classified ad selling a house, car, etc. With great enthusiasm, the scammers agree to buy whatever it is and quickly send a check, but for the wrong amount (always more than the agreed sum). The seller will be asked to return the difference. The check will bounce, the house remains unsold and the victim will lose any money transferred.
What should I do if I’m targeted by one of these scams?
It’s normal that if you’re not aware of these types of criminal ploys, you might think that you have won a lottery or found true love on the Internet. So here are some practical tips that will help keep you out of harm’s way:
Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.
Use your common sense. This is always your best ally against this kind of fraud. Nobody gives away something for nothing, and love at first sight on the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.
The Internet is a fantastic tool for a great many things, but if you really want to sell something, it’s better to have the buyer standing right in front of you. So even if you make contact across the Web, it’s better to make the transaction in the ‘real world’, to verify the genuine intentions of potential buyers.
I was wondering when we would start hearing and talking about this. This could get pretty scary!!
Of course, your car is probably not a high-priority target for most malicious hackers. But security experts tell CNET that car hacking is starting to move from the realm of the theoretical to reality, thanks to new wireless technologies and evermore dependence on computers to make cars safer, more energy efficient, and modern.
"Now there are computerized systems and they have control over critical components of cars like gas, brakes, etc.," said Adriel Desautels, chief technology officer and president of NetraGard, which does vulnerability assessments and penetration testing on all kinds of systems. "There is a premature reliance on technology."
PandaLabs
