‘Wormable’ Flaw Leads July Microsoft Patches

Credit to Author: BrianKrebs| Date: Tue, 14 Jul 2020 21:45:28 +0000

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order).

Read more

Breached Data Indexer ‘Data Viper’ Hacked

Credit to Author: BrianKrebs| Date: Mon, 13 Jul 2020 23:30:39 +0000

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime.

Read more

E-Verify’s “SSN Lock” is Nothing of the Sort

Credit to Author: BrianKrebs| Date: Sat, 04 Jul 2020 22:24:14 +0000

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security’s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.

Read more

Ransomware Gangs Don’t Need PR Help

Credit to Author: BrianKrebs| Date: Thu, 02 Jul 2020 01:10:45 +0000

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism.

Read more

COVID-19 ‘Breach Bubble’ Waiting to Pop?

Credit to Author: BrianKrebs| Date: Tue, 30 Jun 2020 15:00:48 +0000

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

Read more

Russian Cybercrime Boss Burkov Gets 9 Years

Credit to Author: BrianKrebs| Date: Sat, 27 Jun 2020 17:27:43 +0000

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Read more

New Charges, Sentencing in Satori IoT Botnet Conspiracy

Credit to Author: BrianKrebs| Date: Thu, 25 Jun 2020 23:52:54 +0000

The U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build multiple botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced to drug treatment and 18 months community confinement for his admitted role in the conspiracy.

Read more

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Credit to Author: BrianKrebs| Date: Mon, 22 Jun 2020 04:33:21 +0000

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable via a new website by the same name, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals online.

Read more