Nicholas Weaver – Computer Security Articles

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

February 28, 2023 admin A Little Sunshine, Allison Nixon, data breaches, International Computer Science Institute, Minecraft, Nicholas Weaver, roblox, Security Keys, SIM swapping, T-Mobile, tmo up, unit 221b, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Feb 2023 16:14:57 +0000

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Independent Krebs

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

October 20, 2022 admin A Little Sunshine, Amazon, anastacia brown, apple, binance, employment fraud, indeed, jay pinho, LinkedIn, Mandiant, Nicholas Weaver, signalhire, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 20 Oct 2022 17:07:34 +0000

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

Independent Krebs

Experian, You Have Some Explaining to Do

July 10, 2022 admin A Little Sunshine, arthur rishi, emory roan, Equifax, Experian, john turner, Latest Warnings, Nicholas Weaver, privacyrights.org, TransUnion, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 11 Jul 2022 04:07:15 +0000

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address.

Independent Krebs

DEA Investigating Breach of Law Enforcement Data Portal

May 12, 2022 admin A Little Sunshine, data breaches, Department of Justice, domain block list, Doxbin, drug enforcement administration, el paso intelligence center, emergency data request, Epic, esp.usdoj.gov, FBI, ICSI, kt, lapsus$, law enforcement inquiry and alerts, leia, national seizure system, Ne'er-Do-Well News, Nicholas Weaver, nss, spamhaus, The Coming Storm, u.s. drug enforcement agency

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Independent Krebs

Your Phone May Soon Replace Many of Your Passwords

May 7, 2022 admin A Little Sunshine, apple, FIDO Alliance, google, johannes ullrich, microsoft, Nicholas Weaver, sampath srinivas, sans, Security Tools, spycloud, steve bellovin, World Wide Web Consortium

Credit to Author: BrianKrebs| Date: Sat, 07 May 2022 13:31:17 +0000

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Independent Krebs

USPS Site Exposed Data on 60 Million Users

November 21, 2018 admin A Little Sunshine, Bit Discovery, data breaches, Informed Visibility, Nicholas Weaver, robert hansen, U.S. Secret Service, UC Berkeley's International Computer Science Institute, USPS Informed Delivery, USPS Office of Inspector General

Credit to Author: BrianKrebs| Date: Wed, 21 Nov 2018 17:10:18 +0000

U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response. After confirming his findings, this author contacted the USPS, which promptly addressed the issue.

Independent Krebs

U.S. Mobile Giants Want to be Your Online Identity

September 12, 2018 admin A Little Sunshine, AT&T, International Computer Science Institute, Johannes Jaskolski, LocationSmart, Nicholas Weaver, number port-out scams, Project Verify, Security Tools, Securus Technologies, SIM swap, Sprint, T-Mobile, The Coming Storm, UC Berkeley, Verizon

Credit to Author: BrianKrebs| Date: Wed, 12 Sep 2018 20:58:31 +0000

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.

Independent Krebs

‘Petya’ Ransomware Outbreak Goes Global

June 27, 2017 admin bitcoin, DLA Piper, Eternal Blue, Group-IB, ICSI, ISACA, Legal Week, Maersk, microsoft windows, MS17-010, Nicholas Weaver, Other, Petya, ransomware, Shadow Brokers, Symantec, UC Berkeley

Credit to Author: BrianKrebs| Date: Tue, 27 Jun 2017 20:18:43 +0000

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware appears to be spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.

← Previous