The Coming Storm – Computer Security Articles

Apple Phone Phishing Scams Getting Better

January 3, 2019 admin 866-277-7794, A Little Sunshine, apple phone phishing, Global Cyber Risk LLC, Jody Westby, Latest Warnings, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 03 Jan 2019 19:21:40 +0000

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Independent Krebs

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

November 13, 2018 admin A Little Sunshine, Abuse.ch, Flashpoint, instagram, Julie Randall, Latest Warnings, Magecart, RiskIQ, Shadowserver, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 13 Nov 2018 16:26:39 +0000

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

Independent Krebs

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

November 8, 2018 admin A Little Sunshine, eSafe@usps.gov, Identity Theft, Informed Delivery, informeddelivery@custhelp.com, Latest Warnings, Ne'er-Do-Well News, The Coming Storm, U.S. Secret Service, USPS

Credit to Author: BrianKrebs| Date: Thu, 08 Nov 2018 07:28:45 +0000

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.

Independent Krebs

Busting SIM Swappers and SIM Swap Myths

November 6, 2018 admin A Little Sunshine, Caleb Tuttle, Christian Ferri, Erin West, John Rose, Latest Warnings, REACT Task Force, Samy Tarazi, SIM swap, T-Mobile, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 07 Nov 2018 05:49:37 +0000

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked.

Independent Krebs

Who’s In Your Online Shopping Cart?

November 4, 2018 admin @breachmessenger, 46.161.40.49, A Little Sunshine, AIDE, Breadcrumbs, British Airways breach, formjacking, Magecart, Newegg breach, RiskIQ, Symantec, The Coming Storm, Tripwire, watchdo.gs, Web Fraud 2.0, wewatchyourwebsite.com, window.atob, Yonathan Klijnsma

Credit to Author: BrianKrebs| Date: Sun, 04 Nov 2018 19:10:06 +0000

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that is obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain.

Independent Krebs

Supply Chain Security 101: An Expert’s View

October 12, 2018 admin A Little Sunshine, blind buy, Bloomberg Businessweek, Center for Internet Security, Einstein Program, Internet of Things, supply-chain security, The Coming Storm, Tony Sager, Trusted Internet Connections

Credit to Author: BrianKrebs| Date: Sat, 13 Oct 2018 01:03:12 +0000

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology sold to a number of American companies.

Independent Krebs

Naming & Shaming Web Polluters: Xiongmai

October 9, 2018 admin 9Trading, A Little Sunshine, A-ZONE, Abowone, AHWVSE, ANRAN, ASECAM, Autoeye, AZISHN, BESDER, BESDERSEC, BESSKY, Bestmo, BFMore, BOAVISION, BULWARK, CANAVIS, Cisco Systems, CWH, DAGRO, Dahua, datocctv, DEFEWAY, digoo, DiySecurityCameraWorld, DONPHIA, ENKLOV, ESAMACT, ESCAM, EVTEVISION, Fayele, FLOUREON, Funi, GADINAN, GARUNK, HAMROL, HAMROLTE, Hangzhou Xiongmai Technology Co., Hauwei, Highfly, Hiseeu, HISVISION, HMQC, IHOMEGUARD, Internet of Things, IoT, ISSEUSEE, iTooner, JENNOV, Jooan, Jshida, JUESENWDM, JUFENG, JZTEK, KERUI, KKMOON, Koenig & Bauer AG, KONLEN, Kopda, Lenyes, LESHP, LEVCOECAM, LINGSEE, LOOSAFE, MA, Metrohm AG, MIEBUL, Mirai, MISECU, Ne'er-Do-Well News, Nextrend, OEM, OLOEY, OUERTECH, P2P, QNTSQ, SACAM, SANNCE, SANSCO, SEC Consult, SecTec, Shell film, sifsecurityvision, Sifvision, smar, SMTSEC, SSICON, SUNBA, Sunivision, Susikum, TECBOX, Techage, Techege, The Coming Storm, TianAnXun, Time to Patch, TMEZON, TVPSii, Unique Vision, unitoptek, USAFEQLO, VOLDRELI, Westmile, Westshine, Wistino, Witrue, WNK Security Technology, WOFEA, WOSHIJIA, WUSONLUSAN, XIAO, XinAnX, Xiongmai, xloongx, XMEye, YiiSPO, YUCHENG, YUNSYE, zclever, zilnk, ZJUXIN, zmodo, ZRHUNTER

Credit to Author: BrianKrebs| Date: Wed, 10 Oct 2018 00:41:56 +0000

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.

Independent Krebs

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

October 2, 2018 admin A Little Sunshine, All American Entertainment, AngelList, Apollo, Arnie, data breaches, exactis, Facebook, Kickass, LinkedIn, Ne'er-Do-Well News, NightLion Security, Salesforce, Soundcard, TDO, Techcrunch, The Coming Storm, The Dark Overlord, Twitter, Vinny Troia, wired.com, Yelp

Credit to Author: BrianKrebs| Date: Tue, 02 Oct 2018 23:42:24 +0000

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the stolen data. But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.

Independent Krebs

Voice Phishing Scams Are Getting More Clever

October 1, 2018 admin A Little Sunshine, Cabel Sasser, caller ID spoofing, Latest Warnings, Matt Haughey, MetaFilter, Panic Inc., phone phishing, slack, The Coming Storm, vishing

Credit to Author: BrianKrebs| Date: Mon, 01 Oct 2018 14:02:27 +0000

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Independent Krebs

Beware of Hurricane Florence Relief Scams

September 24, 2018 admin A Little Sunshine, disaster@leo.gov, Hurricane Florence relief scams, Latest Warnings, National Center for Disaster Fraud, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 24 Sep 2018 16:34:48 +0000

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc. Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.

Independent Krebs

U.S. Mobile Giants Want to be Your Online Identity

September 12, 2018 admin A Little Sunshine, AT&T, International Computer Science Institute, Johannes Jaskolski, LocationSmart, Nicholas Weaver, number port-out scams, Project Verify, Security Tools, Securus Technologies, SIM swap, Sprint, T-Mobile, The Coming Storm, UC Berkeley, Verizon

Credit to Author: BrianKrebs| Date: Wed, 12 Sep 2018 20:58:31 +0000

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.

← Previous