Why Phone Numbers Stink As Identity Proof
Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number —...
Ad Network Sizmek Probes Account Breach
Online advertising firm Sizmek Inc. says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.
In a recent...
Patch Tuesday, March 2019 Edition
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about...
Insert Skimmer + Camera Cover PIN Stealer
Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as...
MyEquifax.com Bypasses Credit Freeze PIN
Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have...
Hackers Sell Access to Bait-and-Switch Empire
Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records,...
Booter Boss Interviewed in 2014 Pleads Guilty
A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and...
Crypto Mining Service Coinhive to Call it Quits
Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhivecom, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the...
Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison
A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men — a former Russian cyber intelligence official and an...
Payroll Provider Gives Extortionists a Payday
Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. Faced with the threat of an extended outage, Apex chose to...
New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth
Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in...
A Deep Dive on the Recent Widespread DNS Hijacking Attacks
The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive...
Bomb Threat Hoaxer Exposed by Hacked Gaming Site
Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and...
Patch Tuesday, February 2019 Edition
Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to...
Email Provider VFEmail Suffers ‘Catastrophic’ Hack
Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he...
6 Ways Mature DevOps Teams Are Killing It in Security
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled
Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…
Old Tech Spills Digital Dirt on Past Owners
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
The Case of the Missing Data
The latest twist in the Equifax breach has serious implications for organizations.
Industrial Cybersecurity Firm Nozomi Launches Research Department
Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs.
read more
