What You Should Know About the ‘KRACK’ WiFi Security Weakness

Credit to Author: BrianKrebs| Date: Mon, 16 Oct 2017 20:43:47 +0000

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it.

Read more

Krebs Given ISSA’s ‘President’s Award’

Credit to Author: BrianKrebs| Date: Mon, 16 Oct 2017 12:35:57 +0000

KrebsOnSecurity was honored this month with the 2017 President’s Award for Public Service from the Information Systems Security Association, a nonprofit organization for cybersecurity professionals. The award recognizes an individual’s contribution to the information security profession in the area of public service.

Read more

Equifax Credit Assistance Site Served Spyware

Credit to Author: BrianKrebs| Date: Thu, 12 Oct 2017 21:03:46 +0000

Big-three consumer credit bureau Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download malicious software disguised as an update for Adobe’s Flash Player software.

Read more

Microsoft’s October Patch Batch Fixes 62 Flaws

Credit to Author: BrianKrebs| Date: Wed, 11 Oct 2017 14:18:40 +0000

Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.

Read more

Equifax Hackers Stole Info on 693,665 UK Residents

Credit to Author: BrianKrebs| Date: Tue, 10 Oct 2017 22:00:01 +0000

Equifax Inc. said today an investigation into information stolen in the epic data breach the company disclosed on Sept. 7 revealed that intruders took a file containing 15.2 million UK records. The company says it is now working to inform nearly 700,000 U.K. consumers whose data was stolen in the attack.

Read more

Equifax Breach Fallout: Your Salary History

Credit to Author: BrianKrebs| Date: Sun, 08 Oct 2017 18:56:50 +0000

In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone’s Social Security number and date of birth — both data elements that were stolen in the recent breach at Equifax.

Read more

Fear Not: You, Too, Are a Cybercrime Victim!

Credit to Author: BrianKrebs| Date: Wed, 04 Oct 2017 04:34:50 +0000

Maybe you’ve been feeling left out because you weren’t among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today. Yahoo! announced that, our bad!: It wasn’t just one billion users who had their account information filched in its record-breaking 2013 data breach. It was more like three billion (read: all) users. Meanwhile, big three credit bureau Equifax added 2.5 million more victims to its roster of 143 million Americans who had their Social Security numbers and other personal data filched in a breach earlier this year. At the same time, Equifax’s erstwhile CEO informed Congress that the breach was the result of even more bone-headed security than was first disclosed. To those still feeling left out by either company after this spate of news, I have only one thing to say (although I feel a bit like a broken record in repeating this): Assume you’re compromised, and take steps accordingly.

Read more

USPS ‘Informed Delivery’ Is Stalker’s Dream

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2017 16:32:33 +0000

A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns.

Read more

Here’s What to Ask the Former Equifax CEO

Credit to Author: BrianKrebs| Date: Fri, 29 Sep 2017 16:07:09 +0000

Richard Smith — who resigned as chief executive of big-three credit bureau Equifax this week in the wake of a data breach that exposed 143 million Social Security numbers — is slated to testify in front of no fewer than four committees on Capitol Hill next week. If I were a lawmaker, here are some of the questions I’d ask when Mr. Smith goes to Washington.

Read more

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards

Credit to Author: BrianKrebs| Date: Tue, 26 Sep 2017 21:28:31 +0000

Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment card systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores, KrebsOnSecurity has learned.

Read more