Investment Scammer John Davies Reinvents Himself?

Credit to Author: BrianKrebs| Date: Fri, 07 May 2021 13:15:27 +0000

John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.

Read more

Experian API Exposed Credit Scores of Most Americans

Credit to Author: BrianKrebs| Date: Wed, 28 Apr 2021 20:47:02 +0000

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Read more

Experian’s Credit Freeze Security is Still a Joke

Credit to Author: BrianKrebs| Date: Mon, 26 Apr 2021 21:58:24 +0000

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Read more

Note to Self: Create Non-Exhaustive List of Competitors

Credit to Author: BrianKrebs| Date: Tue, 20 Apr 2021 21:46:52 +0000

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Read more

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Credit to Author: BrianKrebs| Date: Fri, 16 Apr 2021 12:57:19 +0000

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.

Read more

Whistleblower: Ubiquiti Breach “Catastrophic”

Credit to Author: BrianKrebs| Date: Tue, 30 Mar 2021 18:00:49 +0000

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

Read more

No, I Did Not Hack Your MS Exchange Server

Credit to Author: BrianKrebs| Date: Sun, 28 Mar 2021 17:40:44 +0000

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me.

Read more