If you applied for credit at T-mobile, your identity may be at risk

T-Mobile customers should keep an eye out for identity thieves. The cell service provider said today that the data of about 15 million credit applicants was stolen from credit reporting agency Experian.

It’s always a bummer when you see these kinds of reports. If you supplied your SS# to T-mobile for a credit-type application, there’s a good chance that information is now in the hands of thieves so take appropriate action.

Source: Personal data of 15M T-Mobile credit applicants stolen through hack of credit reporting agency Experian – GeekWire

Scary security hole lets attackers remotely control Chrysler with Uconnect feature.

If you have a 2013 or earlier Chrysler product with the Uconnect feature, contact your dealer immediately and get the upgrade to patch this serious, scary security hole.

Reading this article was horrifying as the author described how (with his consent) hackers took over his Jeep Cherokee.  At first they just played w/ the A/C and radio, but later they messed with the transmission and the brakes, all from remote Internet locations.

 

Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.

Source: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Force a Windows Update and patch a “serious security hole” ASAP 

Looks like there’s a serious security hole in Windows that is based on a type of font. Presumably, this goes undetected by anti-virus software and can be activated by opening up a Word document.

Don’t wait. Go to Windows Update right now and force a “Check for Updates”, then install the patches.

More details:

The software giant said in an advisory Monday that the vulnerability, if exploited, could “allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”

Source: Microsoft releases emergency patch for all versions of Windows | ZDNet

This is why it’s not a good idea to use password-storing services like LastPass

 

Looks like there was a breach in the LastPass service. While it’s not a complete disaster, it should give everyone a good signal that it’s really not a good idea (IMO) to use cloud-based password-storing systems.

If I was using LastPass, I would be deleting my account and all its data immediately.

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

Source: LastPass Security Notice | The LastPass Blog

If you use the Starbucks app to buy coffee, read this and change your password ASAP!

Hackers are breaking into Starbucks accounts with weak passwords and then reloading their gift cards with your money. The solution is to create a “hard” password. Do it right now.

Fraudsters have figured out how to break into Starbucks accounts and drain your bank account or credit card. Customers tell CNNMoney they’re furious Starbucks isn’t taking this more seriously.

Source: Hackers are draining bank accounts via the Starbucks app – May. 13, 2015

Better update your WordPress asap

Looks like another big security hole has been discovered:

Millions of websites running WordPress are at risk of hijacking attacks thanks to a vulnerability that is actively being exploited in the wild and is present in the default installation of the widely used content management system, security researchers warned Wednesday.

Source: Actively exploited WordPress bug puts millions of sites at risk | Ars Technica

Do you know where that drive has been?

USB thumbdrives may become very unsafe indeed.

Maybe we should go back to paying in cash?

Tweetdeck Security Problems