# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

  • More on Bluetooth Ingenico Overlay Skimmers Mon, 27 Feb 2017 01:54:58 +0000
    This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. I'm revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers.
  • iPhone Robbers Try to iPhish Victims Fri, 24 Feb 2017 21:21:24 +0000
    In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone -- offering to buy back the locked device -- he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple's site.
  • How to Bury a Major Breach Notification Tue, 21 Feb 2017 17:44:39 +0000
    Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.

# Bruce Schneier's blog

# WIRED Threat Level

# exploit-db.com

# Securiteam