Kaspersky Labs reports that an unnamed large Brazilian financial institution with $27B in assets was compromised by hackers who took over its DNS -- by hijacking its NIC.br account -- and for 5 hours were able to impersonate the bank to all its online customers (and possibly to control its ATMs) in order to plunder their accounts and steal their credit card details.
Kaspersky’s Bestuzhev argues that, for banks, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party. And regardless of who controls a bank’s DNS, they can take special precautions to prevent their DNS registrations from being changed without safety checks, like a “registry lock” some registrars provide and two-factor authentication that makes it far harder for hackers to alter them.
Without those simple precautions, the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement. Your encrypted website and locked down network won’t help when your customers are silently routed to a bizarro version deep in the web’s underbelly.
How Hackers Hijacked a Bank’s Entire Online Operation [Andy Greenberg/Wired]
(Image: Bundesarchiv, CC-BY-SA)
(via Naked Capitalism)
A woman New Mexico faces criminal charges after police say she stole a car and then attempted to pass herself off as Beyoncé Knowles.
The Pembroke Pines Police Department tweeted: “Wanted: Unknown Cow.” “Description: Female cow. Brown with a white head. Faster than it looks. Talented fence jumper. Enjoys pools.”
He tried to smuggle an electric drill out of a Walmart in his pants. She faces drug charges. It’s a match made in Louisiana. A couple accused of stealing over $1,000 worth of beer from 6 different Target stores over the span of a week was arrested Sunday on theft charges, Baton Rouge sheriff’s office […]
Can’t sit still during the pandemic? You’re not alone. Many folks are using their social distancing time to decompress and zone out on Tiger King, some even pushing back against the idea of being productive. But plenty of others find themselves bored, restless, and in need of projects and goals, somewhere to direct their energy. […]
Even if you don’t miss much else about the office right now, there’s a good chance your home laptop is making you nostalgic for the added efficiency of that pair of monitors on your desk at work to spread out your workflow. There’s no telling how long the new normal may continue to be the […]
If you’re looking to become a software engineer or it’s an idea you’ve tossed around half-seriously, there may be no better time than now to take the leap. It’s one of the fastest-growing, most in-demand roles already. And in the midst of the pandemic, between the extra hours you likely have in your day, and […]