Kerbs on Security

Hacked Password Service Leakbase Goes Dark

1 month 2 weeks ago
Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.
BrianKrebs

Former NSA Employee Pleads Guilty to Taking Classified Data

1 month 2 weeks ago
A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government.
BrianKrebs

Carding Kingpin Sentenced Again. Yahoo Hacker Pleads Guilty

1 month 3 weeks ago
Roman Seleznev, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo.
BrianKrebs

MacOS High Sierra Users: Change Root Password Now

1 month 3 weeks ago
A newly-discovered flaw in macOS High Sierra -- Apple's latest iteration of its operating system -- allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful "root" user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account's password now.
BrianKrebs

Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

1 month 3 weeks ago
In August 2016, a mysterious entity calling itself "The Shadow Brokers" began releasing the first of several troves of classified documents and hacking tools purportedly stolen from "The Equation Group," a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we'll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.
BrianKrebs

Name+DOB+SSN=FAFSA Data Gold Mine

1 month 4 weeks ago
KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid.
BrianKrebs

Correcting the Record on vDOS Prosecutions

2 months ago
KrebsOnSecurity recently featured a story about a New Mexico man who stands accused of using the now-defunct vDOS attack-for-hire service to hobble the Web sites of several former employers. That piece stated that I wasn't aware of any other prosecutions related to vDOS customers, but as it happens there was a prosecution in the United Kingdom earlier this year of a man who's admitted to both using and helping to administer vDOS. Here's a look at some open-source clues that may have led to the U.K. man's arrest.
BrianKrebs

R.I.P. root9B? We Hardly Knew Ya!

2 months 1 week ago
root9B, a company that many in the security industry considered little more than a big-name startup aimed at cashing in on the stock market's insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year. Founded in 2011, Colorado Springs, Colo. based root9B Technologies touted itself as an IT security training firm staffed by an impressive list of ex-military leaders with many years of cybersecurity experience at the Department of Defense and National Security Agency (NSA). As it began to attract more attention from investors, root9B's focus shifted to helping organizations hunt for cyber intruders within their networks.
BrianKrebs

Adobe, Microsoft Patch Critical Cracks

2 months 1 week ago
It's Nov. 14 -- the second Tuesday of the month (a.k.a. "Patch Tuesday) -- and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft's 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products -- including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe's got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.
BrianKrebs

How to Opt Out of Equifax Revealing Your Salary History

2 months 1 week ago
A KrebsOnSecurity series on how easy big-three credit bureau Equifax makes it to get detailed salary history data on tens of millions of Americans apparently inspired a deeper dive on the subject by Fast Company, which examined how this Equifax division has been one of the company's best investments. In this post, I'll show you how to opt out of yet another Equifax service that makes money at the expense of your privacy.
BrianKrebs

Hack of Attack-for-Hire Service vDOS Snares New Mexico Man

2 months 1 week ago
A New Mexico man is facing federal hacking charges for allegedly using the now defunct attack-for-hire service vDOS to launch damaging digital assaults aimed at knocking his former employer's Web site offline. Prosecutors were able to bring the case in part because vDOS got massively hacked last year, and its customer database of payments and targets leaked to this author and to the FBI.
BrianKrebs

DDoS-for-Hire Service Launches Mobile App

2 months 1 week ago
In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store.
BrianKrebs

Simple Banking Security Tip: Verbal Passwords

2 months 2 weeks ago
There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn't acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn't let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone.
BrianKrebs

2nd Breach at Verticalscope Impacts Millions

2 months 2 weeks ago
For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts. Evidence of the breach was discovered just before someone began using that illicit access as a commercial for a new paid search service that indexes consumer information exposed in corporate data breaches.
BrianKrebs

Equifax Reopens Salary Lookup Service

2 months 2 weeks ago
Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person's Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, and began restoring the site eight days later saying it had added unspecified "security enhancements."
BrianKrebs

Fear the Reaper, or Reaper Madness?

2 months 3 weeks ago
Last week we looked at reports from China and Israel about a new "Internet of Things" malware strain called "Reaper" that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs). Now some botnet experts are calling on people to stop the "Reaper Madness," saying the actual number of IoT devices infected with Reaper right now is much smaller. Arbor Networks said it believes the current actual size of the Reaper botnet fluctuates between 10,000 and 20,000 bots total. Arbor notes that this can change any time.
BrianKrebs

Dell Lost Control of Key Customer Support Domain for a Month in 2017

2 months 4 weeks ago
A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." It's designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name -- DellBackupandRecoveryCloudStorage.com -- which until recently was central to PC maker Dell's customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell's contractor regained control over it.
BrianKrebs

Reaper: Calm Before the IoT Security Storm?

2 months 4 weeks ago
It's been just over a year since the world witnessed some of the world's top online Web sites being taken down for much of the day by "Mirai," a zombie malware strain that enslaved "Internet of Things" (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware -- variously named "Reaper" and "IoTroop" -- that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already. Reaper isn't attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks.
BrianKrebs

What You Should Know About the ‘KRACK’ WiFi Security Weakness

3 months ago
Researchers this week published information about a newfound, serious weakness in WPA2 -- the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who's most at-risk from this vulnerability, and what organizations and individuals can do about it.
BrianKrebs
Checked
19 minutes 10 seconds ago
In-depth security news and investigation
Subscribe to Kerbs on Security feed