Secret Service: Theft Rings Turn to Fuze Cards

Credit to Author: BrianKrebs| Date: Thu, 10 Jan 2019 16:27:54 +0000

Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns.

Read more

Dirt-Cheap, Legit, Windows Software: Pick Two

Credit to Author: BrianKrebs| Date: Tue, 08 Jan 2019 15:00:33 +0000

Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.

Read more

Apple Phone Phishing Scams Getting Better

Credit to Author: BrianKrebs| Date: Thu, 03 Jan 2019 19:21:40 +0000

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Read more

A Chief Security Concern for Executive Teams

Credit to Author: BrianKrebs| Date: Tue, 18 Dec 2018 21:23:10 +0000

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough. KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.

Read more

Spammed Bomb Threat Hoax Demands Bitcoin

Credit to Author: BrianKrebs| Date: Thu, 13 Dec 2018 20:24:32 +0000

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

Read more

Scanning for Flaws, Scoring for Security

Credit to Author: BrianKrebs| Date: Wed, 12 Dec 2018 19:25:14 +0000

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.

Read more

How Internet Savvy are Your Leaders?

Credit to Author: BrianKrebs| Date: Mon, 10 Dec 2018 20:40:05 +0000

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of. But it wasn’t until the past week that it become clear how many organizations — including towns, cities and political campaigns — actually have fallen for this brazen scam.

Read more

Bomb Threat Hoaxer, DDos Boss Gets 3 Years

Credit to Author: BrianKrebs| Date: Sat, 08 Dec 2018 01:38:49 +0000

The alleged ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched debilitating denial-of-service attacks against Web sites (including KrebsOnSecurity on multiple occasions) has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials. 

Read more

A Breach, or Just a Forced Password Reset?

Credit to Author: BrianKrebs| Date: Tue, 04 Dec 2018 21:45:51 +0000

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case. Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward.

Read more

What the Marriott Breach Says About Security

Credit to Author: BrianKrebs| Date: Sat, 01 Dec 2018 21:16:13 +0000

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

Read more

Half of all Phishing Sites Now Have the Padlock

Credit to Author: BrianKrebs| Date: Mon, 26 Nov 2018 14:57:53 +0000

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Read more