Supply Chain Security 101: An Expert’s View

Credit to Author: BrianKrebs| Date: Sat, 13 Oct 2018 01:03:12 +0000

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We  talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology sold to a number of American companies.

Read more

Patch Tuesday, October 2018 Edition

Credit to Author: BrianKrebs| Date: Thu, 11 Oct 2018 07:34:56 +0000

Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

Read more

Naming & Shaming Web Polluters: Xiongmai

Credit to Author: BrianKrebs| Date: Wed, 10 Oct 2018 00:41:56 +0000

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.

Read more

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Credit to Author: BrianKrebs| Date: Fri, 05 Oct 2018 19:45:18 +0000

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times. Bloomberg Businessweek on Thursday published a bombshell investigation alleging that Chinese cyber spies had used a U.S.-based tech firm to secretly embed tiny computer chips into electronic devices purchased and used by almost 30 different companies. There aren’t any corroborating accounts of this scoop so far, but it is both fascinating and terrifying to look at why threats to the global technology supply chain can be so difficult to detect, verify and counter.

Read more

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Credit to Author: BrianKrebs| Date: Tue, 02 Oct 2018 23:42:24 +0000

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the stolen data. But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.

Read more

Voice Phishing Scams Are Getting More Clever

Credit to Author: BrianKrebs| Date: Mon, 01 Oct 2018 14:02:27 +0000

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Read more

Facebook Security Bug Affects 90M Users

Credit to Author: BrianKrebs| Date: Fri, 28 Sep 2018 19:36:45 +0000

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in […]

Read more

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

Credit to Author: BrianKrebs| Date: Thu, 27 Sep 2018 20:45:41 +0000

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.

Read more

Beware of Hurricane Florence Relief Scams

Credit to Author: BrianKrebs| Date: Mon, 24 Sep 2018 16:34:48 +0000

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc. Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.

Read more

Credit Freezes are Free: Let the Ice Age Begin

Credit to Author: BrianKrebs| Date: Fri, 21 Sep 2018 16:31:43 +0000

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Read more

Mirai Botnet Authors Avoid Jail Time

Credit to Author: BrianKrebs| Date: Wed, 19 Sep 2018 16:54:40 +0000

Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “Mirai,” a potent malware strain used in countless attacks designed to knock Web sites offline — including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.

Read more