Beware of Hurricane Florence Relief Scams
If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on...
Credit Freezes are Free: Let the Ice Age Begin
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If...
Mirai Botnet Authors Avoid Jail Time
Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “Mirai,” a potent malware strain used in countless attacks designed...
GovPayNow.com Leaks 14M+ Records
Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14...
U.S. Mobile Giants Want to be Your Online Identity
The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location,...
Patch Tuesday, September 2018 Edition
Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in...
In a Few Days, Credit Freezes Will Be Fee-Free
Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently...
Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats
A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools.
On Aug. 31, officers with the U.K.’s National Crime...
Browser Extensions: Are They Worth the Risk?
Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves...
For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records
mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text...
Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted
A 20-year-old from Vancouver, Washington was indicted last week on federal hacking charges and for allegedly operating the “Satori” botnet, a malware strain unleashed last year that infected hundreds of thousands of wireless routers and other “Internet of Things”...
Instagram’s New Security Tools are a Welcome Step, But Not Enough
Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook-owned social network said it is in the process of rolling out support for third-party authentication apps. Unfortunately, this welcome...
Fiserv Flaw Exposed Customer Data at Hundreds of Banks
Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.
Brookfield, Wisc.-based...
Who’s Behind the Screencam Extortion Scam?
The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s...
Experts Urge Rapid Patching of ‘Struts’ Bug
In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147...
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
