The Coming Storm – Computer Security Articles

Sendgrid Under Siege from Hacked Accounts

August 28, 2020 admin A Little Sunshine, cauce, invaluement.com, kromatix, neil schwartzman, rob mcewen, sendgrid, steve pugh, The Coming Storm, twilio

Credit to Author: BrianKrebs| Date: Fri, 28 Aug 2020 13:59:23 +0000

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

Independent Krebs

FBI, CISA Echo Warnings on ‘Vishing’ Threat

August 21, 2020 admin cisa, covid-19, FBI, Latest Warnings, Security Tools, The Coming Storm, vishing

Credit to Author: BrianKrebs| Date: Fri, 21 Aug 2020 20:34:18 +0000

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.

Independent Krebs

Voice Phishers Targeting Corporate VPNs

August 19, 2020 admin Allison Nixon, domaintools, Latest Warnings, Security Keys, The Coming Storm, unit 221b, urlscan.io, vishing, vpn phishing, Yubico, Yubikey, zack allen, ZeroFOX

Credit to Author: BrianKrebs| Date: Wed, 19 Aug 2020 13:55:46 +0000

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Independent Krebs

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

August 6, 2020 admin covid-19, data breaches, derek dubner, economic injury disaster loan, idi data, interactive data llc, International Computer Science Institute, Nicholas Weaver, The Coming Storm, UC Berkeley

Credit to Author: BrianKrebs| Date: Thu, 06 Aug 2020 19:56:59 +0000

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

Independent Krebs

Is Your Chip Card Secure? Much Depends on Where You Bank

July 30, 2020 admin All About Skimmers, chip cards, cvv, cyber r&d labs, EMV, Gemini Advisory, iCVV, key food breach, Latest Warnings, POS malware, shimmers, skimmers, Stas Alforov, The Coming Storm, Visa

Credit to Author: BrianKrebs| Date: Thu, 30 Jul 2020 15:09:24 +0000

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

Independent Krebs

Business ID Theft Soars Amid COVID Closures

July 27, 2020 admin alex holden, business identity theft, covid-19, dun & bradstreet, eva velasquez, fan experiences, Hold Security, identity theft resource center, mary mcmahan, scott russell, Target: Small Businesses, The Coming Storm

Credit to Author: BrianKrebs| Date: Mon, 27 Jul 2020 22:50:56 +0000

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

Independent Krebs

NY Charges First American Financial for Massive Data Leak

July 23, 2020 admin data breaches, First American Financial Corp., new york state department of financial services, Reuters, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 23 Jul 2020 16:12:14 +0000

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.

Independent Krebs

Breached Data Indexer ‘Data Viper’ Hacked

July 13, 2020 admin A Little Sunshine, apollo breach, data viper breach, empire market, exabyte, five, Ne'er-Do-Well News, RaidForums, Soundcard, The Coming Storm, verifications.io breach, Vinny Troia

Credit to Author: BrianKrebs| Date: Mon, 13 Jul 2020 23:30:39 +0000

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime.

← Previous