Phishers Are Upping Their Game. So Should You.

Credit to Author: BrianKrebs| Date: Fri, 08 Dec 2017 00:35:24 +0000

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Read more

Anti-Skimmer Detector for Skimmer Scammers

Credit to Author: BrianKrebs| Date: Tue, 05 Dec 2017 20:37:22 +0000

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology.

Read more

Hacked Password Service Leakbase Goes Dark

Credit to Author: BrianKrebs| Date: Mon, 04 Dec 2017 05:39:53 +0000

Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.

Read more

Carding Kingpin Sentenced Again. Yahoo Hacker Pleads Guilty

Credit to Author: BrianKrebs| Date: Sat, 02 Dec 2017 01:15:15 +0000

Roman Seleznev, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo.

Read more

MacOS High Sierra Users: Change Root Password Now

Credit to Author: BrianKrebs| Date: Tue, 28 Nov 2017 22:34:22 +0000

A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now.

Read more

Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

Credit to Author: BrianKrebs| Date: Mon, 27 Nov 2017 17:01:26 +0000

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.

Read more

Name+DOB+SSN=FAFSA Data Gold Mine

Credit to Author: BrianKrebs| Date: Fri, 24 Nov 2017 12:55:03 +0000

KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid.

Read more

Correcting the Record on vDOS Prosecutions

Credit to Author: BrianKrebs| Date: Tue, 21 Nov 2017 13:11:31 +0000

KrebsOnSecurity recently featured a story about a New Mexico man who stands accused of using the now-defunct vDOS attack-for-hire service to hobble the Web sites of several former employers. That piece stated that I wasn’t aware of any other prosecutions related to vDOS customers, but as it happens there was a prosecution in the United Kingdom earlier this year of a man who’s admitted to both using and helping to administer vDOS. Here’s a look at some open-source clues that may have led to the U.K. man’s arrest.

Read more

R.I.P. root9B? We Hardly Knew Ya!

Credit to Author: BrianKrebs| Date: Wed, 15 Nov 2017 14:25:58 +0000

root9B, a company that many in the security industry considered little more than a big-name startup aimed at cashing in on the stock market’s insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year. Founded in 2011, Colorado Springs, Colo. based root9B Technologies touted itself as an IT security training firm staffed by an impressive list of ex-military leaders with many years of cybersecurity experience at the Department of Defense and National Security Agency (NSA). As it began to attract more attention from investors, root9B’s focus shifted to helping organizations hunt for cyber intruders within their networks.

Read more