The Life Cycle of a Breached Database

Credit to Author: BrianKrebs| Date: Thu, 29 Jul 2021 16:20:54 +0000

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse.

Read more

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Credit to Author: BrianKrebs| Date: Thu, 08 Jul 2021 15:22:58 +0000

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Read more

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Credit to Author: BrianKrebs| Date: Thu, 01 Jul 2021 18:56:42 +0000

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Read more

We Infiltrated a Counterfeit Check Ring! Now What?

Credit to Author: BrianKrebs| Date: Wed, 30 Jun 2021 20:34:54 +0000

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be? Such is the curse of the fraud fighter known online by the handles “Brianna Ware” and “BWare” for short, a longtime member of a global group of volunteers who’ve infiltrated a cybercrime gang that disseminates fraudulent checks tied to a dizzying number of online scams.

Read more

First American Financial Pays Farcical $500K Fine

Credit to Author: BrianKrebs| Date: Fri, 18 Jun 2021 12:20:21 +0000

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back more than 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

Read more

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang

Credit to Author: BrianKrebs| Date: Mon, 07 Jun 2021 23:18:38 +0000

The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide, a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities.

Read more

Adventures in Contacting the Russian FSB

Credit to Author: BrianKrebs| Date: Mon, 07 Jun 2021 13:35:06 +0000

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to contact them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The reason I contacted the FSB — one of the successor agencies to the Russian KGB — ironically enough had to do with security concerns raised about the FSB’s own preferred method of being contacted.

Read more

Using Fake Reviews to Find Dangerous Extensions

Credit to Author: BrianKrebs| Date: Sat, 29 May 2021 16:14:47 +0000

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

Read more