Hold Security – Page 3 – Computer Security Articles

773M Password ‘Megabreach’ is Years Old

January 17, 2019 admin A Little Sunshine, alex holden, Breadcrumbs, HaveIBeenPwned.com, Hold Security, Mega.nz, Ne'er-Do-Well News, Sanixer, Troy Hunt

Credit to Author: BrianKrebs| Date: Thu, 17 Jan 2019 20:11:08 +0000

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.

Independent Krebs

When Identity Thieves Hack Your Accountant

April 11, 2018 admin A Little Sunshine, alex holden, crypting service, Form 14039, Hold Security, irs, ja_far, Latest Warnings, Microsoft Office 365, QuickBooks, SpyHunter, tax refund fraud, UltraTax, Web Fraud 2.0, xkey@exploit.im

Credit to Author: BrianKrebs| Date: Wed, 11 Apr 2018 18:11:26 +0000

The Internal Revenue Service has been urging tax preparation firms to step up their cybersecurity efforts this year, warning that identity thieves and hackers increasingly are targeting certified public accountants (CPAs) in a bid to siphon oodles of sensitive personal and financial data on taxpayers. This is the story of a CPA in New Jersey whose compromise by malware led to identity theft and phony tax refund requests filed on behalf of his clients.

Independent Krebs

Look-Alike Domains and Visual Confusion

March 8, 2018 admin alex holden, Apple Safari, CA, CA Technologies, ca.com, Computer Associates, Google Chrome, Hold Security, IDN, internationalized domain names, Latest Warnings, look-alike domains, mozilla firefox, phishing, Punycode, skype, The Coming Storm, Twitter, unicode, Web Fraud 2.0, xn--80a7a.com

Credit to Author: BrianKrebs| Date: Thu, 08 Mar 2018 16:55:13 +0000

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):

Independent Krebs

Anti-Skimmer Detector for Skimmer Scammers

December 5, 2017 admin alex holden, All About Skimmers, Charlie Harrow, Hold Security, NCR Corp, Smart Shield Detector

Credit to Author: BrianKrebs| Date: Tue, 05 Dec 2017 20:37:22 +0000

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology.

Independent Krebs

2nd Breach at Verticalscope Impacts Millions

November 3, 2017 admin alex holden, Hold Security, Holdsecurity.com, LeakedSource, LuiDB, Other, Toyotanation, verticalscope breach, Verticalscope.com breach, Web Shell

Credit to Author: BrianKrebs| Date: Fri, 03 Nov 2017 22:00:26 +0000

For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts. Evidence of the breach was discovered just before someone began using that illicit access as a commercial for a new paid search service that indexes consumer information exposed in corporate data breaches.

Independent Krebs

Website Flaw Let True Health Diagnostics Users View All Medical Records

May 8, 2017 admin alex holden, Data Breach Investigations Report, DBIR, Hold Security, Other, Troy Mursch, True Health CEO Chris Grottenthaler, True Health Diagnostics, Verizon

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 03:13:04 +0000

Over the past two weeks readers have pointed KrebsOnSecurity to no fewer than three different healthcare providers that failed to provide the most basic care to protect their patients’ records online. Only one of the three companies — the subject of today’s story — required users to be logged in order to view all patient records. A week ago I heard from Troy Mursch, an IT consultant based in Las Vegas. A big fan of proactive medical testing, Mursch said he’s been getting his various lab results reviewed annually for the past two years with the help of a company based in Frisco, Texas called True Health Diagnostics.