Wawa Breach May Have Compromised More Than 30 Million Payment Cards

Credit to Author: BrianKrebs| Date: Tue, 28 Jan 2020 20:12:16 +0000

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

Read more

Russian Cybercrime Boss Burkov Pleads Guilty

Credit to Author: BrianKrebs| Date: Mon, 27 Jan 2020 18:21:46 +0000

Aleksei Burkov, an ultra-connected Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Read more

Does Your Domain Have a Registry Lock?

Credit to Author: BrianKrebs| Date: Fri, 24 Jan 2020 16:37:11 +0000

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

Read more

DDoS Mitigation Firm Founder Admits to DDoS

Credit to Author: BrianKrebs| Date: Mon, 20 Jan 2020 23:13:03 +0000

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.

Read more

Patch Tuesday, January 2020 Edition

Credit to Author: BrianKrebs| Date: Wed, 15 Jan 2020 02:31:50 +0000

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates.

Read more

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 22:17:47 +0000

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

Read more

Phishing for Apples, Bobbing for Links

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 16:09:58 +0000

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures has emerged as the most targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.

Read more