Krebs – Page 87 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Fri, 10 Nov 2017 01:55:52 +0000

In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store.

Independent Krebs

November 6, 2017 admin

Simple Banking Security Tip: Verbal Passwords

Credit to Author: BrianKrebs| Date: Mon, 06 Nov 2017 16:53:03 +0000

There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn’t acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn’t let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone.

Independent Krebs

November 3, 2017 admin

2nd Breach at Verticalscope Impacts Millions

Credit to Author: BrianKrebs| Date: Fri, 03 Nov 2017 22:00:26 +0000

For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts. Evidence of the breach was discovered just before someone began using that illicit access as a commercial for a new paid search service that indexes consumer information exposed in corporate data breaches.

Independent Krebs

November 2, 2017 admin

Equifax Reopens Salary Lookup Service

Credit to Author: BrianKrebs| Date: Thu, 02 Nov 2017 14:04:20 +0000

Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person’s Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, and began restoring the site eight days later saying it had added unspecified “security enhancements.”

Independent Krebs

October 27, 2017 admin

Fear the Reaper, or Reaper Madness?

Credit to Author: BrianKrebs| Date: Fri, 27 Oct 2017 20:39:21 +0000

Last week we looked at reports from China and Israel about a new “Internet of Things” malware strain called “Reaper” that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs). Now some botnet experts are calling on people to stop the “Reaper Madness,” saying the actual number of IoT devices infected with Reaper right now is much smaller. Arbor Networks said it believes the current actual size of the Reaper botnet fluctuates between 10,000 and 20,000 bots total. Arbor notes that this can change any time.

Independent Krebs

October 24, 2017 admin

Dell Lost Control of Key Customer Support Domain for a Month in 2017

Credit to Author: BrianKrebs| Date: Wed, 25 Oct 2017 03:22:34 +0000

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called “Dell Backup and Recovery Application.” It’s designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name — DellBackupandRecoveryCloudStorage.com — which until recently was central to PC maker Dell’s customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell’s contractor regained control over it.

Independent Krebs

October 23, 2017 admin

Reaper: Calm Before the IoT Security Storm?

Credit to Author: BrianKrebs| Date: Mon, 23 Oct 2017 19:42:42 +0000

It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware — variously named “Reaper” and “IoTroop” — that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already. Reaper isn’t attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks.

Independent Krebs

October 16, 2017 admin

What You Should Know About the ‘KRACK’ WiFi Security Weakness

Credit to Author: BrianKrebs| Date: Mon, 16 Oct 2017 20:43:47 +0000

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it.