A Little Sunshine – Page 36 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Wed, 21 Nov 2018 17:10:18 +0000

U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response. After confirming his findings, this author contacted the USPS, which promptly addressed the issue.

Independent Krebs

November 13, 2018 admin

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Credit to Author: BrianKrebs| Date: Tue, 13 Nov 2018 16:26:39 +0000

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

Independent Krebs

November 8, 2018 admin

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Credit to Author: BrianKrebs| Date: Thu, 08 Nov 2018 07:28:45 +0000

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.

Independent Krebs

November 6, 2018 admin

Busting SIM Swappers and SIM Swap Myths

Credit to Author: BrianKrebs| Date: Wed, 07 Nov 2018 05:49:37 +0000

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked.

Independent Krebs

November 4, 2018 admin

Who’s In Your Online Shopping Cart?

Credit to Author: BrianKrebs| Date: Sun, 04 Nov 2018 19:10:06 +0000

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that is obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain.

Independent Krebs

November 2, 2018 admin

SMS Phishing + Cardless ATM = Profit

Credit to Author: BrianKrebs| Date: Fri, 02 Nov 2018 15:03:31 +0000

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

Independent Krebs

November 1, 2018 admin

Equifax Has Chosen Experian. Wait, What?

Credit to Author: BrianKrebs| Date: Thu, 01 Nov 2018 16:47:13 +0000

A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.

Independent Krebs

October 29, 2018 admin

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Credit to Author: BrianKrebs| Date: Thu, 25 Oct 2018 16:11:57 +0000

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, but in truth it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that.