Kerbs on Security

eBay Asks Users to Downgrade Security

22 hours 20 minutes ago
Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option.
BrianKrebs

Student Aid Tool Held Key for Tax Fraudsters

1 day 21 hours ago
Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of the tool has created unexpected hurdles for many families hoping to qualify for financial aid, but the action also eliminated a key source of data that fraudsters could use to conduct tax refund fraud. Last week, the IRS and the Department of Education said in a joint statement that they were temporarily shutting down the IRS's Data Retrieval Tool. The service was designed to make it easier to complete the Education Department's Free Application for Federal Student Aid (FAFSA) -- a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.
BrianKrebs

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

5 days 18 hours ago
Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLP -- a Virginia company that bills itself as "the choice provider of cyber security services to the federal government" -- told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher's net.
BrianKrebs

Google Points to Another POS Vendor Breach

6 days 16 hours ago
For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach -- by assigning a "This site may be hacked" warning beneath the search results for the Web site of a victimized merchant.
BrianKrebs

Four Men Charged With Hacking 500M Yahoo Accounts

1 week ago
The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI's point of contact in Moscow on cybercrime cases. Here's a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case -- Dmitry Dokuchaev, 33, and Igor Sushchin, 43 -- to hack into the email accounts of thousands of individuals. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case -- Dmitry Dokuchaev, 33, and Igor Sushchin, 43 -- to hack into the email accounts of thousands of individuals.
BrianKrebs

Adobe, Microsoft Push Critical Security Fixes

1 week 1 day ago
Adobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month's Patch Tuesday until today, issued an unusually large number of update bundles (18) to fix dozens of flaws in Windows and associated software.
BrianKrebs

If Your iPhone is Stolen, These Guys May Try to iPhish You

1 week 2 days ago
KrebsOnSecurity recently featured the story of a Brazilian man who was peppered with phishing attacks trying to steal his Apple iCloud username and password after his wife's phone was stolen in a brazen daylight mugging. Today, we'll take an insider's look at an Apple iCloud phishing gang that appears to work quite closely with organized crime rings -- within the United States and beyond -- to remotely unlock and erase stolen Apple devices. Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone -- just by visiting Apple's site and entering their iCloud username and password. Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim's stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services.
BrianKrebs

Dahua, Hikvision IoT Devices Under Siege

1 week 5 days ago
Dahua, the world's second-largest maker of "Internet of Things" devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices.
BrianKrebs

WikiLeaks: We’ll Work With Software Makers on Zero-Days

1 week 6 days ago
When WikiLeaks on Tuesday dumped thousands of files documenting hacking tools used by the U.S. Central Intelligence Agency, many feared WikiLeaks would soon publish a trove of so-called "zero days," the actual computer code that the CIA uses to exploit previously unknown flaws in a range of software and hardware products used by consumers and businesses. But on Thursday, WikiLeaks editor-in-chief Julian Assange promised that his organization would work with hardware and software vendors to fix the security weaknesses prior to releasing additional details about the flaws.
BrianKrebs

WikiLeaks Dumps Docs on CIA’s Hacking Tools

2 weeks ago
WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I've seen so far.
BrianKrebs

Payments Giant Verifone Investigating Breach

2 weeks 1 day ago
Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was "limited" and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations. On Jan. 23, 2017, Verifone sent an "urgent" email to all company staff and contractors, telling them that they had 24 hours to change all company passwords.
BrianKrebs

Ransomware for Dummies: Anyone Can Do It

3 weeks ago
Among today's fastest-growing cybercrime epidemics is "ransomware," malicious software that encrypts all of your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.
BrianKrebs

More on Bluetooth Ingenico Overlay Skimmers

3 weeks 3 days ago
This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. I'm revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers.
BrianKrebs

iPhone Robbers Try to iPhish Victims

3 weeks 5 days ago
In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone -- offering to buy back the locked device -- he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple's site.
BrianKrebs

How to Bury a Major Breach Notification

1 month ago
Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.
BrianKrebs

February Updates from Adobe, Microsoft

1 month ago
A handful of readers have inquired as to the whereabouts of Microsoft's usual monthly patches for Windows and related software. Microsoft opted to delay releasing any updates until next month, even though there is a zero-day vulnerability in Windows going around. However, Adobe did push out updates this week as per usual to fix critical issues in its Flash Player software
BrianKrebs

Men Who Sent Swat Team, Heroin to My Home Sentenced

1 month ago
It's been a remarkable week for cyber justice. On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.
BrianKrebs

Who Ran Leakedsource.com?

1 month 1 week ago
Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches -- including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo. In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource's principal owner may have been exposed by many of the same stolen databases he's been peddling.
BrianKrebs

Fast Food Chain Arby’s Acknowledges Breach

1 month 1 week ago
Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I'd heard anything about a data breach at Arby's fast-food restaurants. Asked about the rumors, Arby's told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.
BrianKrebs

‘Top 10 Spammer’ Indicted for Wire Fraud

1 month 2 weeks ago
Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World's Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.
BrianKrebs
Checked
48 seconds ago
In-depth security news and investigation
Subscribe to Kerbs on Security feed