The Coming Storm – Page 20 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Tue, 07 Aug 2018 19:27:23 +0000

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone “SIM swaps.”

Independent Krebs

August 2, 2018 admin

The Year Targeted Phishing Went Mainstream

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 15:11:45 +0000

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

Independent Krebs

July 27, 2018 admin

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Credit to Author: BrianKrebs| Date: Fri, 27 Jul 2018 15:45:09 +0000

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a “confusingly worded typed letter with occasional Chinese characters.”

Independent Krebs

July 25, 2018 admin

LifeLock Bug Exposed Millions of Customer Email Addresses

Credit to Author: BrianKrebs| Date: Wed, 25 Jul 2018 22:20:46 +0000

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security.

Independent Krebs

July 12, 2018 admin

Sextortion Scam Uses Recipient’s Hacked Passwords

Credit to Author: BrianKrebs| Date: Thu, 12 Jul 2018 14:19:53 +0000

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

Independent Krebs

July 6, 2018 admin

ExxonMobil Bungles Rewards Card Debut

Credit to Author: BrianKrebs| Date: Fri, 06 Jul 2018 15:53:19 +0000

Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors.

Independent Krebs

June 22, 2018 admin

Supreme Court: Police Need Warrant for Mobile Location Data

Credit to Author: BrianKrebs| Date: Fri, 22 Jun 2018 20:30:13 +0000

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies.

Independent Krebs

June 19, 2018 admin

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Credit to Author: BrianKrebs| Date: Tue, 19 Jun 2018 18:03:44 +0000

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, the four major wireless carriers have responded to requests from a U.S. senator for more details about how the carriers are managing access to this extremely sensitive information. While three out of four providers said they had cancelled data sharing agreements with some of the offending companies, only one — Verizon — pledged to terminate all of them and initiate a wholesale review of their location data-sharing practices.