Kerbs on Security

How Cybercrooks Put the Beatdown on My Beats

1 day 20 hours ago
Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant's account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how his account was hacked. But such attacks are becoming more prevalent of late as crooks increasingly turn to online crimeware services that make it a cakewalk to cash out stolen passwords.
BrianKrebs

Tracing Spam: Diet Pills from Beltway Bandits

3 days 20 hours ago
Reading junk spam messages isn't exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here's the simple story of how a recent spam email advertising celebrity "diet pills" was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities.
BrianKrebs

InterContinental Hotel Chain Breach Expands

4 days 14 hours ago
In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across a large number of the 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
BrianKrebs

Shoney’s Hit By Apparent Credit Card Breach

1 week 1 day ago
It's Friday, which means it's time for another episode of "Which Restaurant Chain Got Hacked?" Multiple sources in the financial industry say they've traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney's, a 70-year-old restaurant chain that operates primarily in the southern United States.
BrianKrebs

Critical Security Updates from Adobe, Microsoft

1 week 4 days ago
Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products. Adobe patched dozens of holes in its Flash Player, Acrobat and Reader products. Microsoft pushed fixes to address dozens of vulnerabilities in Windows and related software.
BrianKrebs

Fake News at Work in Spam Kingpin’s Arrest?

1 week 5 days ago
Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there is scant evidence that the spammer's arrest had anything to do with the election, the success of that narrative is a sterling example of how the Kremlin's propaganda machine is adept at manufacturing fake news, undermining public trust in the media, and distracting attention away from the real story.
BrianKrebs

Alleged Spam King Pyotr Levashov Arrested

1 week 6 days ago
Authorities in Spain have arrested a Russian computer programmer thought to be one of the world's most notorious spam kingpins. Spanish police arrested Pyotr Levashov under an international warrant executed in the city of Barcelona, according to Reuters. Russian state-run television station RT (formerly Russia Today) reported that Levashov was arrested while vacationing in Spain with his family. According to numerous stories here at KrebsOnSecurity, Levashov was better known as "Severa," the hacker moniker used by a pivotal figure in many popular Russian-language cybercrime forums. Severa was the moderator for the spam subsection of multiple online communities, and in this role served as the virtual linchpin connecting virus writers with huge spam networks that Severa allegedly created and sold himself.
BrianKrebs

Gamestop.com Investigating Possible Breach

2 weeks 1 day ago
Video game giant GameStop Corp. [NSYE: GME] says it is investigating reports that hackers may have siphoned credit card and customer data from its website -- gamestop.com. The company acknowledged the investigation after being contacted by KrebsOnSecurity.
BrianKrebs

Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer

2 weeks 3 days ago
The author of a banking Trojan called Nuclear Bot -- a teenager living in France -- recently released the source code for his creation just months after the malware began showing up for sale in cybercrime forums. Now the young man's father is trying to convince him not to act on a job offer in the United States, fearing it may be a trap set by law enforcement agents.
BrianKrebs

Dual-Use Software Criminal Case Not So Novel

2 weeks 4 days ago
"He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks' crimes." The above snippet is the subhead of a story published last month by the Daily Beast titled "FBI Arrests Hacker Who Hacked No One." The subject of that piece -- a 26-year-old American named Taylor Huddleston -- faces felony hacking charges connected to two computer programs he authored and sold: An anti-piracy product called Net Seal, and a Remote Administration Tool (RAT) called NanoCore that he says was a benign program designed to help users remotely administer their computers. The author of the Daily Beast story, former black hat hacker and Wired.com editor Kevin Poulsen, argues that Huddelston's case "raises a novel question: When is a programmer criminally responsible for the actions of his users? Some experts say [the case] could have far reaching implications for developers, particularly those working on new technologies that criminals might adopt in unforeseeable ways." But a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices -- paints a more complex and nuanced picture that suggests this may not be the case to raise that legal question in a meaningful way.
BrianKrebs

Why I Always Tug on the ATM

3 weeks 1 day ago
Once you understand how easy and common it is for thieves to attach "skimming" devices to ATMs and other machines that accept debit and credit cards, it's difficult not to closely inspect and even tug on the machines before using them. Several readers who are in the habit of doing just that recently shared images of skimmers they discovered after gently pulling on various parts of a cash machine they were about to use.
BrianKrebs

Post-FCC Privacy Rules, Should You VPN?

3 weeks 2 days ago
Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data. Some are concerned enough by this development that they're looking at obfuscating all of their online browsing by paying for a subscription to a virtual private networking (VPN) service. This piece is intended to serve as a guidepost for those contemplating such a move.
BrianKrebs

Alleged vDOS Owners Poised to Stand Trial

3 weeks 6 days ago
Police in Israel are recommending that the state attorney's office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline. On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attracted tens of thousands of paying customers and facilitated countless distributed denial-of-service (DDoS) attacks. That story named two young Israelis -- Yarden Bidani and Itay Huri -- as the likely owners and operators of vDOS, and within hours of its publication the two were arrested by Israeli police, placed on house arrest for 10 days, and forbidden from using the Internet for a month.
BrianKrebs

Phishing 101 at the School of Hard Knocks

4 weeks 1 day ago
A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) -- requiring a one-time code in addition to a password -- for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.
BrianKrebs

eBay Asks Users to Downgrade Security

1 month ago
Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option.
BrianKrebs

Student Aid Tool Held Key for Tax Fraudsters

1 month ago
Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of the tool has created unexpected hurdles for many families hoping to qualify for financial aid, but the action also eliminated a key source of data that fraudsters could use to conduct tax refund fraud. Last week, the IRS and the Department of Education said in a joint statement that they were temporarily shutting down the IRS's Data Retrieval Tool. The service was designed to make it easier to complete the Education Department's Free Application for Federal Student Aid (FAFSA) -- a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.
BrianKrebs

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

1 month ago
Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLP -- a Virginia company that bills itself as "the choice provider of cyber security services to the federal government" -- told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher's net.
BrianKrebs

Google Points to Another POS Vendor Breach

1 month ago
For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach -- by assigning a "This site may be hacked" warning beneath the search results for the Web site of a victimized merchant.
BrianKrebs

Four Men Charged With Hacking 500M Yahoo Accounts

1 month 1 week ago
The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI's point of contact in Moscow on cybercrime cases. Here's a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case -- Dmitry Dokuchaev, 33, and Igor Sushchin, 43 -- to hack into the email accounts of thousands of individuals. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case -- Dmitry Dokuchaev, 33, and Igor Sushchin, 43 -- to hack into the email accounts of thousands of individuals.
BrianKrebs

Adobe, Microsoft Push Critical Security Fixes

1 month 1 week ago
Adobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month's Patch Tuesday until today, issued an unusually large number of update bundles (18) to fix dozens of flaws in Windows and associated software.
BrianKrebs
Checked
2 hours 34 minutes ago
In-depth security news and investigation
Subscribe to Kerbs on Security feed