Security News

July 27, 2020

Business ID Theft Soars Amid COVID Closures

This post was originally published on this siteIdentity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits. Most consumers are likely aware of the threat from identity theft, which occurs when crooks apply for […]
July 24, 2020

Thinking of a Cybersecurity Career? Read This

This post was originally published on this siteThousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd. Virtually every week KrebsOnSecurity receives at least one email from someone seeking advice on how to break into cybersecurity as a career. In most cases, the aspirants ask which certifications […]
July 23, 2020

NY Charges First American Financial for Massive Data Leak

This post was originally published on this siteIn May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based First American [NYSE:FAF] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs […]
July 22, 2020

Twitter Hacking for Profit and the LoLs

This post was originally published on this siteThe New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter’s internal employee tools, and were not responsible for the actual intrusion or bitcoin scams that took place that day. But new information suggests that at least two of them operated a service that resold access to Twitter employees for the purposes of modifying or seizing control of prized […]
July 16, 2020

Who’s Behind Wednesday’s Epic Twitter Hack?

This post was originally published on this siteTwitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it. The first public signs of the intrusion came around 3 PM EST, when the Twitter account for the cryptocurrency […]
July 14, 2020

‘Wormable’ Flaw Leads July Microsoft Patches

This post was originally published on this siteMicrosoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order). Top of the heap this month in terms of outright scariness is CVE-2020-1350, which concerns a remotely exploitable bug […]
July 13, 2020

Breached Data Indexer ‘Data Viper’ Hacked

This post was originally published on this siteData Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. The apparent breach at St. Louis, Mo. based Data Viper offers a […]
July 4, 2020

E-Verify’s “SSN Lock” is Nothing of the Sort

This post was originally published on this siteOne of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with […]
July 1, 2020

Ransomware Gangs Don’t Need PR Help

This post was originally published on this siteWe’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their […]
June 30, 2020

COVID-19 ‘Breach Bubble’ Waiting to Pop?

This post was originally published on this siteThe COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 […]
June 29, 2020

Updating Plugins

This post was originally published on this siteEvery plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser’s plugin preferences.
June 27, 2020

Russian Cybercrime Boss Burkov Gets 9 Years

This post was originally published on this siteA well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Photo: Andrei Shirokov / Tass via Getty Images. Alexsei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold […]
June 26, 2020

Hosting a Video Conference

This post was originally published on this siteWhen hosting a video conference, make sure you password protect the conference so only authorized individuals can join. If there are any strangers or people who you do not recongize on the call, remove them.
June 25, 2020

New Charges, Sentencing in Satori IoT Botnet Conspiracy

This post was originally published on this siteThe U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy. Indictments unsealed by a federal court in Alaska today allege 20-year-old Aaron Sterritt from Larne, Northern Ireland, and 31-year-old Logan Shwydiuk of Saskatoon, Canada […]
June 21, 2020

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

This post was originally published on this siteHundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data. A partial screenshot of the BlueLeaks data cache. In a post on Twitter, […]
June 19, 2020

Turn on MFA Before Crooks Do It For You

This post was originally published on this siteHundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident. As a career chief privacy officer for different organizations, Dennis Dayman has tried to instill in his twin boys […]
June 18, 2020

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

This post was originally published on this siteAn information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan arrested 29-year-old Justin Sean Johnson in connection with a 43-count indictment on charges of conspiracy, wire fraud and aggravated identity theft. Federal prosecutors in Pittsburgh allege that in 2013 and 2014 Johnson hacked into the Oracle PeopleSoft […]
June 17, 2020

When Security Takes a Backseat to Productivity

This post was originally published on this site“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division. The analysis highlights a shocking series of security failures at one of the world’s most secretive organizations, but the underlying weaknesses that gave rise to […]
June 13, 2020

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

This post was originally published on this siteFor the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. Earlier this year, KrebsOnSecurity heard from the owners of Privnote.com, who complained that someone […]
June 12, 2020

Secure Your Home Wi-Fi Router

This post was originally published on this siteThe most effective steps you can take to secure your wireless network at home is to change the default admin password, enable encryption and use a strong password for your wireless network.
June 9, 2020

Microsoft Patch Tuesday, June 2020 Edition

This post was originally published on this siteMicrosoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there are a few vulnerabilities that deserve special attention — particularly for enterprises and employees working remotely. June marks the fourth month in a row that Microsoft has issued fixes to address more than 100 security flaws in its […]
June 9, 2020

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

This post was originally published on this siteIn late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet. Nestled in the northwest corner of Alabama, Florence is home to roughly 40,000 residents. It is part of a quad-city metropolitan area perhaps best […]
June 7, 2020

Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service

This post was originally published on this siteThe co-owners of vDOS, a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli court. vDOS as it existed on Sept. 8, 2016. A judge in Israel handed down the sentences plus fines and probation against Yarden Bidani and Itay Huri, both Israeli citizens arrested in 2016 at age 18 in connection with an FBI investigation into vDOS. Until it was shuttered in […]
June 3, 2020

Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion

This post was originally published on this siteAn exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities. The multimedia investigation by the Organized Crime and Corruption Reporting Project (OCCRP) and several international journalism partners detailed the activities of the so-called Riviera Maya crime gang, allegedly a mafia-like group of Romanians who until very recently ran their own ATM company […]
June 2, 2020

REvil Ransomware Gang Starts Auctioning Victim Data

This post was originally published on this siteThe criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic. Over the past 24 hours, the crooks responsible for spreading the ransom malware […]