Investment Scammer John Davies Reinvents Himself?

Credit to Author: BrianKrebs| Date: Fri, 07 May 2021 13:15:27 +0000

John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.

Read more

Malicious Office 365 Apps Are the Ultimate Insiders

Credit to Author: BrianKrebs| Date: Wed, 05 May 2021 12:27:50 +0000

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Read more

Task Force Seeks to Disrupt Ransomware Payments

Credit to Author: BrianKrebs| Date: Thu, 29 Apr 2021 12:26:09 +0000

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Read more

Experian API Exposed Credit Scores of Most Americans

Credit to Author: BrianKrebs| Date: Wed, 28 Apr 2021 20:47:02 +0000

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Read more

Experian’s Credit Freeze Security is Still a Joke

Credit to Author: BrianKrebs| Date: Mon, 26 Apr 2021 21:58:24 +0000

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Read more

Note to Self: Create Non-Exhaustive List of Competitors

Credit to Author: BrianKrebs| Date: Tue, 20 Apr 2021 21:46:52 +0000

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Read more

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Credit to Author: BrianKrebs| Date: Fri, 16 Apr 2021 12:57:19 +0000

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.

Read more