A Little Sunshine – Page 30 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Fri, 27 Sep 2019 16:17:07 +0000

Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll deposits from customers. On Monday, the CEO was arrested and allegedly confessed that the diversion was the last desperate gasp of a financial shell game that earned him $70 million over several years.

Independent Krebs

September 18, 2019 admin

Before He Spammed You, this Sly Prince Stalked Your Mailbox

Credit to Author: BrianKrebs| Date: Wed, 18 Sep 2019 18:53:16 +0000

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: it was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these “advance fee” or “419” scams- – so-called because they violate section 419 of the criminal code of Nigeria where many such lures originate — predate email and have circulated via postal mail in various forms and countries over the years.

Independent Krebs

September 11, 2019 admin

NY Payroll Company Vanishes With $35 Million

Credit to Author: BrianKrebs| Date: Wed, 11 Sep 2019 15:02:26 +0000

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Independent Krebs

September 2, 2019 admin

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Credit to Author: BrianKrebs| Date: Mon, 02 Sep 2019 20:52:00 +0000

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.

Independent Krebs

August 21, 2019 admin

Forced Password Reset? Check Your Assumptions

Credit to Author: BrianKrebs| Date: Wed, 21 Aug 2019 11:58:53 +0000

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site’s efforts to identify customers who are reusing passwords from other sites that have already been hacked. But ironically, many companies taking these proactive steps soon discover that their explanation as to why they’re doing it can get misinterpreted as more evidence of lax security. This post attempts to unravel what’s going on here.

Independent Krebs

August 19, 2019 admin

The Rise of “Bulletproof” Residential Networks

Credit to Author: BrianKrebs| Date: Mon, 19 Aug 2019 13:03:32 +0000

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Most often, those connections are hacked computers, mobile phones, or home routers. But this is the story of a sprawling “bulletproof residential VPN” service that appears to have been built by acquiring chunks of Internet addresses from some the largest ISPs and mobile data providers in the United States and abroad.

Independent Krebs

August 14, 2019 admin

Meet Bluetana, the Scourge of Pump Skimmers

Credit to Author: BrianKrebs| Date: Wed, 14 Aug 2019 12:25:32 +0000

“Bluetana,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.

Independent Krebs

August 9, 2019 admin

iNSYNQ Ransom Attack Began With Phishing Email

Credit to Author: BrianKrebs| Date: Fri, 09 Aug 2019 18:18:55 +0000

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQ’s internal network to properly stage things before unleashing the ransomware. iNSYNQ ultimately declined to pay the ransom demand, and it is still working to completely restore customer access to files.