The Coming Storm – Computer Security Articles

Alleged Child Porn Lord Faces US Extradition

March 22, 2019 admin 0 Comments A Little Sunshine, Brooke Donahue, Eric Eoin Marques, FBI, Firefox zero-day, Freedom Hosting, Ne'er-Do-Well News, RTE, The Coming Storm, The Irish Times, Tor, Tor Browser Bundle, Vlad Tsrklevich, wired.com

Credit to Author: BrianKrebs| Date: Fri, 22 Mar 2019 19:32:39 +0000

In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring – 33-year-old Freedom Hosting operator Eric Eoin Marques – was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This week, Ireland’s Supreme Court cleared the way for Marques to be extradited to the United States.

Independent Krebs

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

March 21, 2019 admin 0 Comments A Little Sunshine, Facebook, plaintext passwords, Scott Renfro, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 21 Mar 2019 15:17:55 +0000

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Independent Krebs

MyEquifax.com Bypasses Credit Freeze PIN

March 8, 2019 admin A Little Sunshine, credit freeze PIN, Experian, freeze PIN bypass, KBA, Latest Warnings, myEquifax.com, Nancy Bistritz-Balkan, Security Tools, The Coming Storm, Trans Union

Credit to Author: BrianKrebs| Date: Fri, 08 Mar 2019 16:12:38 +0000

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Independent Krebs

Hackers Sell Access to Bait-and-Switch Empire

March 4, 2019 admin A Little Sunshine, arrestrecords.us.org, autohistorychecks.com, backgroundchecks.us.org, Breadcrumbs, carhistory.us.org, carhistoryindex.com, carinfo2.com, carrecordusa.com, census.us.org, courtrecords.us.org, criminalrecords.us.org, data breaches, deathcertificates.us.org, deathrecord.com, deathrecords.us.org, dmv.us.org, dmvinfocheck.com, dmvrecords.co, DomainTools.com, homevalue.us.org, intel471.com, jailinmates.us.org, Jason Oster, Jesse Willms, Latest Warnings, memberreportaccess.com, Mike Stef, mugshots.us.org, myfeeplan.com, myinfobill.com, Ne'er-Do-Well News, Penguin Marketing, Peter Graver, phonelookup.us.org, police.us.org, prison.us.org, propertyrecord.com, propertysearch.us.org, publicrecords.us.org, reversephonelookup.us.org, Taylor Clark, Terra Marketing Group, The Atlantic, The Coming Storm, The Dark Overlord, trafficticket.us.org, vehiclehistoryreports.us.org, vehiclereportusa.com, vinsearchusa.org, warrantcheck.com

Credit to Author: BrianKrebs| Date: Mon, 04 Mar 2019 22:11:33 +0000

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, Microsoft and Oprah Winfrey, to name a few.

Independent Krebs

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

February 18, 2019 admin A Little Sunshine, APNIC, Bill Woodcock, Cisco Talos, Comodo, CrowdStrike, data breaches, DHS, DNSpionage, dnssec, EPP, extensible provisioning protocol, Farsight Security, FireEye, Frobbit, ICANN, John Crain, Key Systems, Lars Michael Jogbäck, LetsEncrypt, Netnod, Packet Clearing House, Patrik Fältström, PCH, SecurityTrails, The Coming Storm, U.S. Department of Homeland Security

Credit to Author: BrianKrebs| Date: Mon, 18 Feb 2019 13:51:01 +0000

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.

Independent Krebs

Crooks Continue to Exploit GoDaddy Hole

February 4, 2019 admin A Little Sunshine, A.S. Mechanical, Charlene Price, Dan Race, DNS, Gand Crab ransomware, GoDaddy, Latest Warnings, Martijn Grooten, MyOnlineSecurity, nomoreransom.org, Ron Guilmette, Spammy Bear, The Coming Storm, Virus Bulletin

Credit to Author: BrianKrebs| Date: Mon, 04 Feb 2019 19:12:25 +0000

Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

Independent Krebs

How the U.S. Govt. Shutdown Harms Security

January 23, 2019 admin Alex Stamos, Brian Fung, Christopher Burgess, FBI Agents Association, FBIAA, Patrick Gray, Risky Business podcast, The Coming Storm, US Government Shutdown

Credit to Author: BrianKrebs| Date: Wed, 23 Jan 2019 17:51:22 +0000

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely have serious repercussions for federal law enforcement agencies for years to come. One federal agent with more than 20 years on the job told KrebsOnSecurity that the shutdown “is crushing our ability to take the fight to cyber criminals.”

Independent Krebs

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

January 22, 2019 admin A Little Sunshine, Amazon Web Services, Cisco Talos, Digital Ocean, DNS, GoDaddy, Google Cloud, Matthew Bryant, mozilla firefox, Mozilla Foundation, Ron Guilmette, Spammy Bear, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 23 Jan 2019 02:44:28 +0000

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.

Independent Krebs

Apple Phone Phishing Scams Getting Better

January 3, 2019 admin 866-277-7794, A Little Sunshine, apple phone phishing, Global Cyber Risk LLC, Jody Westby, Latest Warnings, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 03 Jan 2019 19:21:40 +0000

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Independent Krebs

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

November 13, 2018 admin A Little Sunshine, Abuse.ch, Flashpoint, instagram, Julie Randall, Latest Warnings, Magecart, RiskIQ, Shadowserver, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 13 Nov 2018 16:26:39 +0000

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

Independent Krebs

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

November 8, 2018 admin A Little Sunshine, eSafe@usps.gov, Identity Theft, Informed Delivery, informeddelivery@custhelp.com, Latest Warnings, Ne'er-Do-Well News, The Coming Storm, U.S. Secret Service, USPS

Credit to Author: BrianKrebs| Date: Thu, 08 Nov 2018 07:28:45 +0000

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.

← Previous