‘War Dialing’ Tool Exposes Zoom’s Password Problems

Credit to Author: BrianKrebs| Date: Thu, 02 Apr 2020 14:43:04 +0000

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. And according to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a crazy number major corporations are setting up meetings without passwords enabled.

Read more

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Credit to Author: BrianKrebs| Date: Wed, 01 Apr 2020 03:30:46 +0000

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to briefly hijack domains for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.

Read more

Annual Protest to ‘Fight Krebs’ Raises €150K+

Credit to Author: BrianKrebs| Date: Mon, 30 Mar 2020 17:42:52 +0000

In 2018, KrebsOnSecurity unmasked the creators of Coinhive — a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals — as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of thousands of euros to nonprofits that combat cancer (Krebs means “cancer” in German). This week, the forum is celebrating its third annual observance of that protest to “fight Krebs,” albeit with a Coronavirus twist.

Read more

Russians Shut Down Huge Card Fraud Ring

Credit to Author: BrianKrebs| Date: Thu, 26 Mar 2020 17:28:07 +0000

Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade. In a statement released this week, the Russian Federal Security Service (FSB) said 25 individuals were charged with circulating illegal means of payment in connection with some 90 websites that sold stolen credit card data.

Read more

US Government Sites Give Bad Security Advice

Credit to Author: BrianKrebs| Date: Wed, 25 Mar 2020 19:30:12 +0000

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

Read more

Who’s Behind the ‘Web Listings’ Mail Scam?

Credit to Author: BrianKrebs| Date: Mon, 23 Mar 2020 20:17:26 +0000

In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. What follows are some clues that point to a very convincing answer to that question.

Read more

Zyxel Flaw Powers New Mirai IoT Botnet Strain

Credit to Author: BrianKrebs| Date: Fri, 20 Mar 2020 14:46:15 +0000

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.

Read more

Security Breach Disrupts Fintech Firm Finastra

Credit to Author: BrianKrebs| Date: Fri, 20 Mar 2020 16:52:19 +0000

Finastra, a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.

Read more