GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Credit to Author: BrianKrebs| Date: Sat, 21 Nov 2020 18:15:49 +0000

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.

Read more

Trump Fires Security Chief Christopher Krebs

Credit to Author: BrianKrebs| Date: Wed, 18 Nov 2020 16:02:32 +0000

President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.

Read more

Be Very Sparing in Allowing Site Notifications

Credit to Author: BrianKrebs| Date: Tue, 17 Nov 2020 14:13:29 +0000

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Read more

Why Paying to Delete Stolen Data is Bonkers

Credit to Author: BrianKrebs| Date: Wed, 04 Nov 2020 19:32:40 +0000

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway.

Read more

The Now-Defunct Firms Behind 8chan, QAnon

Credit to Author: BrianKrebs| Date: Thu, 22 Oct 2020 21:48:35 +0000

Some of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan’s current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space.

Read more

QAnon/8Chan Sites Briefly Knocked Offline

Credit to Author: BrianKrebs| Date: Mon, 19 Oct 2020 04:03:45 +0000

A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia.

Read more

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Credit to Author: BrianKrebs| Date: Thu, 08 Oct 2020 19:42:04 +0000

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained.

Read more