NY Payroll Company Vanishes With $35 Million

Credit to Author: BrianKrebs| Date: Wed, 11 Sep 2019 15:02:26 +0000

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Read more

Patch Tuesday, September 2019 Edition

Credit to Author: BrianKrebs| Date: Tue, 10 Sep 2019 20:09:11 +0000

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Read more

Secret Service Investigates Breach at U.S. Govt IT Contractor

Credit to Author: BrianKrebs| Date: Mon, 09 Sep 2019 16:47:56 +0000

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks. In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000).

Read more

‘Satori’ IoT Botnet Operator Pleads Guilty

Credit to Author: BrianKrebs| Date: Wed, 04 Sep 2019 04:14:18 +0000

A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “Satori” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.

Read more

Spam In your Calendar? Here’s What to Do.

Credit to Author: BrianKrebs| Date: Tue, 03 Sep 2019 18:56:07 +0000

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Here’s a brief primer on what you can do about it.

Read more

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Credit to Author: BrianKrebs| Date: Mon, 02 Sep 2019 20:52:00 +0000

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.

Read more

Phishers are Angling for Your Cloud Providers

Credit to Author: BrianKrebs| Date: Fri, 30 Aug 2019 16:21:59 +0000

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Read more

Ransomware Bites Dental Data Backup Firm

Credit to Author: BrianKrebs| Date: Thu, 29 Aug 2019 17:59:11 +0000

PerCSoft, a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack.

Read more

Cybersecurity Firm Imperva Discloses Breach

Credit to Author: BrianKrebs| Date: Tue, 27 Aug 2019 16:52:58 +0000

Imperva, a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells firewall technology designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of Web-based software applications.

Read more

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Credit to Author: BrianKrebs| Date: Thu, 22 Aug 2019 21:38:47 +0000

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United States.

Read more