The Coming Storm – Computer Security Articles

Beware of Hurricane Florence Relief Scams

September 24, 2018 admin 0 Comments A Little Sunshine, disaster@leo.gov, Hurricane Florence relief scams, Latest Warnings, National Center for Disaster Fraud, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 24 Sep 2018 16:34:48 +0000

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc. Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.

Independent Krebs

U.S. Mobile Giants Want to be Your Online Identity

September 12, 2018 admin A Little Sunshine, AT&T, International Computer Science Institute, Johannes Jaskolski, LocationSmart, Nicholas Weaver, number port-out scams, Project Verify, Security Tools, Securus Technologies, SIM swap, Sprint, T-Mobile, The Coming Storm, UC Berkeley, Verizon

Credit to Author: BrianKrebs| Date: Wed, 12 Sep 2018 20:58:31 +0000

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.

Independent Krebs

In a Few Days, Credit Freezes Will Be Fee-Free

September 10, 2018 admin alex holden, CFPB, Consumer Financial Protection Bureau, credit freeze, credit lock, CreditKarma, Equifax, Experian, Federal Trade Commission, FTC, Innovis, Lisa Holden, NCTUE, security freeze, Security Tools, The Coming Storm, TransUnion

Credit to Author: BrianKrebs| Date: Tue, 11 Sep 2018 02:26:06 +0000

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle. If that accurately describes your views on the matter, this post may well change your mind.

Independent Krebs

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

August 28, 2018 admin Aite Group, Allen Weinberg, data breaches, fiserv, Glenbrook Partners, Julie Conroy, Kristian Erik Hermansen, secureinternetbank.com, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 28 Aug 2018 13:27:55 +0000

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.

Independent Krebs

Experts Urge Rapid Patching of ‘Struts’ Bug

August 23, 2018 admin Apache Software Foundation, Apache Struts vulnerability, Equifax breach, Latest Warnings, Man Yue Mo, Pavel Avgustinov, Semmle, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 23 Aug 2018 20:22:35 +0000

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside.

Independent Krebs

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

August 17, 2018 admin A Little Sunshine, ALM Trading Limited, Cosmos Bank, data breaches, Hang Seng Bank, National Bank of Blacksburg, Reuters, Rupay, The Coming Storm, TN Raghunatha, Visa

Credit to Author: BrianKrebs| Date: Fri, 17 Aug 2018 19:27:10 +0000

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

Independent Krebs

Hanging Up on Mobile in the Name of Security

August 16, 2018 admin A Little Sunshine, Allison Nixon, AT&T, Flashpoint, Google Voice, instagram, Joel Ortiz, Michael Terpin, Ne'er-Do-Well News, ogusers, SIM swapping, Sprint, T-Mobile, The Coming Storm, Time to Patch, Twitter, Verizon

Credit to Author: BrianKrebs| Date: Thu, 16 Aug 2018 17:01:36 +0000

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

Independent Krebs

Florida Man Arrested in SIM Swap Conspiracy

August 7, 2018 admin A Little Sunshine, AT&T, Coinbase, Gemini Trust, Joel Ortiz, motherboard, Ne'er-Do-Well News, number port-out scams, Ricky Handschumacher, SIM swap scams, T-Mobile, The Coming Storm, trezor, Tyler Winklevoss

Credit to Author: BrianKrebs| Date: Tue, 07 Aug 2018 19:27:23 +0000

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone “SIM swaps.”

Independent Krebs

The Year Targeted Phishing Went Mainstream

August 2, 2018 admin @SecGuru_OTX, A Little Sunshine, Ashley Madison hack, Dashlane, exploit kit, geo-ip, Keepass, lastpass, LinkedIn breach, phishing, sextortion, The Coming Storm, typosquatting

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 15:11:45 +0000

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

Independent Krebs

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

July 27, 2018 admin Krebs's 3 Basic Rules for Online Safety, Latest Warnings, Microsoft Word, MS-ISAC, Multi-State Information Sharing and Analysis Center, snail mail phishing, The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 27 Jul 2018 15:45:09 +0000

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a “confusingly worded typed letter with occasional Chinese characters.”

Independent Krebs

LifeLock Bug Exposed Millions of Customer Email Addresses

July 25, 2018 admin A Little Sunshine, Lifelock, Nathan Reese, Symantec, The Coming Storm

Credit to Author: BrianKrebs| Date: Wed, 25 Jul 2018 22:20:46 +0000

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security.

← Previous