Web Fraud 2.0 – Page 9 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Wed, 25 Jan 2023 19:58:46 +0000

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.

Independent Krebs

January 9, 2023 admin

Identity Thieves Bypassed Experian Security to View Credit Reports

Credit to Author: BrianKrebs| Date: Mon, 09 Jan 2023 14:05:15 +0000

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

Independent Krebs

December 13, 2022 admin

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Credit to Author: BrianKrebs| Date: Tue, 13 Dec 2022 23:54:21 +0000

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.

Independent Krebs

December 8, 2022 admin

New Ransom Payment Schemes Target Executives, Telemedicine

Credit to Author: BrianKrebs| Date: Thu, 08 Dec 2022 18:25:04 +0000

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

Independent Krebs

December 5, 2022 admin

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Credit to Author: BrianKrebs| Date: Mon, 05 Dec 2022 19:44:50 +0000

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google’s legal fees.

Independent Krebs

November 16, 2022 admin

Disneyland Malware Team: It’s a Puny World After All

Credit to Author: BrianKrebs| Date: Wed, 16 Nov 2022 17:32:00 +0000

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

Independent Krebs

October 20, 2022 admin

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Credit to Author: BrianKrebs| Date: Thu, 20 Oct 2022 17:07:34 +0000

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

Independent Krebs

October 15, 2022 admin

Anti-Money Laundering Service AMLBot Cleans House

Credit to Author: BrianKrebs| Date: Sat, 15 Oct 2022 14:08:59 +0000

AMLBot, a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.