FEC: Campaigns Can Use Discounted Cybersecurity Services

Credit to Author: BrianKrebs| Date: Thu, 11 Jul 2019 20:41:21 +0000

The U.S. Federal Election Commission (FEC) said today companies can offer discounted cybersecurity services to political campaigns without running afoul of existing campaign finance laws, provided they already do the same for other non-political entities. The decision comes amid much jostling on Capitol Hill over election security at the state level, and fresh warnings from U.S. intelligence agencies about impending cyber attacks targeting candidates in the lead up to the 2020 election.

Read more

Who’s Behind the GandCrab Ransomware?

Credit to Author: BrianKrebs| Date: Mon, 08 Jul 2019 17:27:42 +0000

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Read more

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Credit to Author: BrianKrebs| Date: Tue, 04 Jun 2019 00:16:11 +0000

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

Read more

NY Investigates Exposure of 885 Million Mortgage Documents

Credit to Author: BrianKrebs| Date: Fri, 31 May 2019 13:58:59 +0000

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.

Read more

Should Failing Phish Tests Be a Fireable Offense?

Credit to Author: BrianKrebs| Date: Wed, 29 May 2019 17:39:26 +0000

Would your average Internet user would be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach).

Read more

Account Hijacking Forum OGusers Hacked

Credit to Author: BrianKrebs| Date: Sat, 18 May 2019 13:44:20 +0000

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Read more

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Credit to Author: BrianKrebs| Date: Fri, 03 May 2019 14:30:36 +0000

A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about a glaring security weakness a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites.

Read more

Data: E-Retail Hacks More Lucrative Than Ever

Credit to Author: BrianKrebs| Date: Tue, 30 Apr 2019 20:13:03 +0000

For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores. But new data suggests that over the past year, the economics of supply-and-demand have helped to double the average price fetched by card-not-present data, meaning cybercrooks now have far more incentive than ever to target e-commerce stores.

Read more

Who’s Behind the RevCode WebMonitor RAT?

Credit to Author: BrianKrebs| Date: Mon, 22 Apr 2019 19:43:02 +0000

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Read more