http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-04-26 21:12:18 - Krebs on Security : A longtime reader recently asked How do online fraudsters get the 3-digit card verification value CVV or CVV2 code printed on the back of customer cards if merchants are forbidden from storing this information The answer Probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attacker's server http://www.secuobs.com/revue/news/604747.shtmlhttp://www.secuobs.com/revue/news/604747.shtml Secuobs.com : 2016-04-21 01:07:49 - Krebs on Security - Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Atlanta today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims http://www.secuobs.com/revue/news/604279.shtmlhttp://www.secuobs.com/revue/news/604279.shtml Secuobs.com : 2016-04-20 21:02:30 - Krebs on Security - Citing a recent and large increase in credit card fraud, Washington, DC-area grocer Giant Food says it will no longer allow customers to use credit cards when purchasing gift cards and reloadable or prepaid debit cards http://www.secuobs.com/revue/news/604270.shtmlhttp://www.secuobs.com/revue/news/604270.shtml Secuobs.com : 2016-04-18 14:08:09 - Krebs on Security - Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for the platform, warns the Department of Homeland Security's US Computer Emergency Readiness Team US-CERT The advice came just as researchers are reporting two new critical security holes in Quicktime that likely won't be patched http://www.secuobs.com/revue/news/604017.shtmlhttp://www.secuobs.com/revue/news/604017.shtml Secuobs.com : 2016-04-17 12:37:18 - Krebs on Security - http://www.secuobs.com/revue/news/603960.shtmlhttp://www.secuobs.com/revue/news/603960.shtml Secuobs.com : 2016-04-14 16:42:43 - Krebs on Security - A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts -- including Paunch, the nickname used by the author of the infamous Blackhole exploit kit Once an extremely popular crimeware-as-a-service offering, Blackhole was for several years responsible for a large percentage of malware infections and stolen banking credentials, and likely contributed to tens of millions of dollars stolen from small to mid-sized businesses over several years http://www.secuobs.com/revue/news/603782.shtmlhttp://www.secuobs.com/revue/news/603782.shtml Secuobs.com : 2016-04-13 16:33:47 - Krebs on Security - Microsoft released fixes on Tuesday to plug critical security holes in Windows and other software The company issued 13 patches to tackle dozens of vulnerabilities, including a much-hyped Badlock file-sharing bug that appears ripe for exploitation Also, Adobe updated its Flash Player release to address at least two-dozen flaws -- in addition to the zero-day vulnerability Adobe patched last week http://www.secuobs.com/revue/news/603653.shtmlhttp://www.secuobs.com/revue/news/603653.shtml Secuobs.com : 2016-04-12 17:15:48 - Krebs on Security - If you use an Apple iPhone, iPad or other iDevice, now would be an excellent time to ensure that the machine is running the latest version of Apple's mobile operating system --- version 931 Failing to do so could expose your devices to automated threats capable of rendering them unresponsive and perhaps forever useless http://www.secuobs.com/revue/news/603534.shtmlhttp://www.secuobs.com/revue/news/603534.shtml Secuobs.com : 2016-04-08 16:33:05 - Krebs on Security - http://www.secuobs.com/revue/news/603267.shtmlhttp://www.secuobs.com/revue/news/603267.shtml Secuobs.com : 2016-04-07 17:18:22 - Krebs on Security - http://www.secuobs.com/revue/news/603135.shtmlhttp://www.secuobs.com/revue/news/603135.shtml Secuobs.com : 2016-04-07 00:16:54 - Krebs on Security - Online payroll management firm Greenshadescom is an object lesson in how not to do authentication Until very recently, the company allowed corporate payroll administrators to access employee payroll data online using nothing more than an employee's date of birth and Social Security number That is, until criminals discovered this and began mass-filing fraudulent tax refund requests with the IRS on large swaths of employees at firms that use http://www.secuobs.com/revue/news/603037.shtmlhttp://www.secuobs.com/revue/news/603037.shtml Secuobs.com : 2016-04-04 22:09:01 - Krebs on Security - Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection -- a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump --- appears to be dealing with another breach of its credit card systems If confirmed, this would be the second such breach at the Trump properties in less than a year http://www.secuobs.com/revue/news/602830.shtmlhttp://www.secuobs.com/revue/news/602830.shtml Secuobs.com : 2016-03-24 20:13:16 - Krebs on Security - Verizon Enterprise Solutions, a division of the telecommunications giant that gets called in to help organizations respond to some of the world's largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned http://www.secuobs.com/revue/news/601996.shtmlhttp://www.secuobs.com/revue/news/601996.shtml Secuobs.com : 2016-03-24 16:22:40 - Krebs on Security - Many US citizens are bound to experience delays in getting their tax returns processed this year, thanks largely to more stringent controls enacted by Uncle Sam and the states to block fraudulent tax refund requests filed by identity thieves A steady drip of corporate data breaches involving phished employee W-2 information is adding to the backlog, as is an apparent mass adoption by ID thieves of professional tax services for processing large numbers of phony refund requests http://www.secuobs.com/revue/news/601974.shtmlhttp://www.secuobs.com/revue/news/601974.shtml Secuobs.com : 2016-03-22 19:13:36 - Krebs on Security - A Kentucky hospital says it is operating in an internal state of emergency after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up http://www.secuobs.com/revue/news/601751.shtmlhttp://www.secuobs.com/revue/news/601751.shtml Secuobs.com : 2016-03-21 17:47:40 - Krebs on Security - A steady stream of card breaches at retailers, restaurants and hotels has flooded underground markets with a historic glut of stolen debit and credit card data Today there are at least hundreds of sites online selling stolen account data, yet only a handful of them actively court bulk buyers and organized crime rings Faced with a buyer's market, these elite shops set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service http://www.secuobs.com/revue/news/601641.shtmlhttp://www.secuobs.com/revue/news/601641.shtml Secuobs.com : 2016-03-17 22:08:01 - Krebs on Security - Spammers are abusing US dot-gov gov link shorteners and ill-advised features on state government domains to promote spammy sites that are hidden behind short links ending in usagov http://www.secuobs.com/revue/news/601349.shtmlhttp://www.secuobs.com/revue/news/601349.shtml Secuobs.com : 2016-03-16 16:44:48 - Krebs on Security - Payday lending firm Moneytree is the latest company to alert current and former employees that their tax data -- including Social Security numbers, salary and address information -- was accidentally handed over directly to scam artists http://www.secuobs.com/revue/news/601218.shtmlhttp://www.secuobs.com/revue/news/601218.shtml Secuobs.com : 2016-03-14 14:35:33 - Krebs on Security - It's remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victim's wrongful arrest All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids http://www.secuobs.com/revue/news/600977.shtmlhttp://www.secuobs.com/revue/news/600977.shtml Secuobs.com : 2016-03-11 08:06:12 - Krebs on Security - Staminus Communications Inc, a California-based Internet hosting provider that specializes in protecting customers from massive distributed denial of service DDoS attacks aimed at knocking sites offline, has itself apparently been massively hacked Staminus's entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company's Facebook and Twitter pages In the midst of the outage, someone posted online download links for what appear to be Staminus's customer credentials, support tickets, credit card numbers and other sensitive data http://www.secuobs.com/revue/news/600811.shtmlhttp://www.secuobs.com/revue/news/600811.shtml Secuobs.com : 2016-03-09 16:26:31 - Krebs on Security - Consumer-friendly and secure Hardly anyone would pick either word to describe the vast majority of wireless routers in use today So naturally I was intrigued a year ago when I had the chance to pre-order a eero, a new WiFi system billed as easy-to-use, designed with security in mind, and able to dramatically extend the range of a wireless network without compromising speed Here's a brief review of the eero system I received and installed a week ago http://www.secuobs.com/revue/news/600602.shtmlhttp://www.secuobs.com/revue/news/600602.shtml Secuobs.com : 2016-03-08 22:43:27 - Krebs on Security - Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site http://www.secuobs.com/revue/news/600519.shtmlhttp://www.secuobs.com/revue/news/600519.shtml Secuobs.com : 2016-03-08 05:13:12 - Krebs on Security - Citing ongoing security concerns, the Internal Revenue Service IRS has suspended a service offered via its Web site that allowed taxpayers to retrieve so-called IP Protection PINs IP PINs , codes that the IRS has assigned to some 27 million taxpayers to help prevent those individuals from becoming victims of tax refund fraud two years in a row The move comes just days after KrebsOnSecurity first exposed how ID thieves were abusing the service to revisit tax refund on innocent taxpayers two years running http://www.secuobs.com/revue/news/600424.shtmlhttp://www.secuobs.com/revue/news/600424.shtml Secuobs.com : 2016-03-07 04:42:31 - Krebs on Security - Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away 2015 W-2 tax documents on all current and past employees, KrebsOnSecurity has learned W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service IRS and the states http://www.secuobs.com/revue/news/600311.shtmlhttp://www.secuobs.com/revue/news/600311.shtml Secuobs.com : 2016-03-02 20:30:23 - Krebs on Security - A number of credit unions say they have experienced an unusually high level of debit card fraud from the breach at nationwide fast food chain Wendy's, and that the losses so far eclipse those that came in the wake of huge card breaches at Target and Home Depot http://www.secuobs.com/revue/news/599938.shtmlhttp://www.secuobs.com/revue/news/599938.shtml Secuobs.com : 2016-03-01 10:44:42 - Krebs on Security - Last year, KrebsOnSecurity warned that the Internal Revenue Service's IRS solution for helping victims of tax refund fraud avoid being victimized two years in a row was vulnerable to compromise by identity thieves According to a story shared by one reader, the crooks are well aware of this security weakness and are using it to revisit tax refund fraud on at least some victims two years running -- despite the IRS's added ID theft protections http://www.secuobs.com/revue/news/599742.shtmlhttp://www.secuobs.com/revue/news/599742.shtml Secuobs.com : 2016-02-26 23:18:01 - Krebs on Security - The US Internal Revenue Service IRS today sharply revised previous estimates on the number of citizens that were hit by tax refund fraud since 2014 thanks to a security weakness in the IRS's own Web site According to the IRS, at least 724,000 citizens were victims of refund fraud after crooks figured out how to abuse a now defunct IRS Web site feature called Get Transcript to steal victim's prior tax da http://www.secuobs.com/revue/news/599525.shtmlhttp://www.secuobs.com/revue/news/599525.shtml Secuobs.com : 2016-02-26 05:58:26 - Krebs on Security - Notifying people and companies about data breaches often can be a frustrating and thankless job Despite my best efforts, sometimes a breach victim I'm alerting will come away convinced that I am not an investigative journalist but instead a scammer This happened most recently this week, when I told a California credit union that its online banking site was compromised and apparently had been for nearly two months http://www.secuobs.com/revue/news/599435.shtmlhttp://www.secuobs.com/revue/news/599435.shtml Secuobs.com : 2016-02-24 19:04:23 - Krebs on Security - With tax filing season in the United States well underway, scammers who specialize in tax refund fraud have a new trick up their sleeves Spoofing emails from a target organization's CEO, asking human resources and accounting departments for employee W-2 information http://www.secuobs.com/revue/news/599277.shtmlhttp://www.secuobs.com/revue/news/599277.shtml Secuobs.com : 2016-02-22 20:36:14 - Krebs on Security - Many readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the US Justice Department, which last week convinced a judge in California to order Apple to unlock an iPhone used by one of assailants in the recent San Bernardino massacres I don't have much original reporting to contribute on this important debate, but I'm visiting it here because it's a complex topic that deserves the broadest possible public scrutiny http://www.secuobs.com/revue/news/599015.shtmlhttp://www.secuobs.com/revue/news/599015.shtml Secuobs.com : 2016-02-19 22:11:04 - Krebs on Security - Computer maker Dell is asking for help in an ongoing probe into the source of customer information that appears to have somehow landed in the laps of fraudsters posing as Dell computer support technicians KrebsOnSecurity readers continue to report being called by scammers posing as Dell support personnel who offer proof that they're with Dell by rattling off the unique Dell service tag code printed on each Dell customer's PC or laptop, as well as information from any previous legitimate service issues the customer may have had with Dell http://www.secuobs.com/revue/news/598839.shtmlhttp://www.secuobs.com/revue/news/598839.shtml Secuobs.com : 2016-02-18 18:06:16 - Krebs on Security - Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer P2P network run by the Chinese manufacturer of the hardware Now imagine that the geek gear you bought doesn't actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt http://www.secuobs.com/revue/news/598705.shtmlhttp://www.secuobs.com/revue/news/598705.shtml Secuobs.com : 2016-02-16 15:56:04 - Krebs on Security - Many banks are now issuing customers more secure chip-based credit cards, and most retailers now have card terminals in their checkout lanes that can handle the dip of chip-card transactions as opposed to the usual swipe of the card's magnetic stripe But comparatively few retailers actually allow chip transactions Most are still asking customers to swipe the stripe instead of dip the chip This post will examine what's going on here, why so many merchants are holding out on the dip, and where this all leaves consumers http://www.secuobs.com/revue/news/598425.shtmlhttp://www.secuobs.com/revue/news/598425.shtml Secuobs.com : 2016-02-11 18:13:55 - Krebs on Security - Microsoft Windows users and those with Adobe Flash Player or Java installed, it's time to update again Microsoft released 13 updates to address some three dozen unique security vulnerabilities Adobe issued security updates for its Flash Player software that plugs at least 22 security holes in the widely-used browser plugin Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks http://www.secuobs.com/revue/news/598064.shtmlhttp://www.secuobs.com/revue/news/598064.shtml Secuobs.com : 2016-02-11 17:35:47 - Krebs on Security - Scam artists have been using hacked accounts from retailer Kohl'scom to order high-priced, bulky merchandise that is then shipped to the victim's home While the crooks don't get the stolen merchandise, the unauthorized purchases rack up valuable credits called Kohl's cash that the thieves quickly redeem at Kohl's locations for items that can be resold for cash or returned for gift cards http://www.secuobs.com/revue/news/598051.shtmlhttp://www.secuobs.com/revue/news/598051.shtml Secuobs.com : 2016-02-10 23:07:41 - Krebs on Security - http://www.secuobs.com/revue/news/597956.shtmlhttp://www.secuobs.com/revue/news/597956.shtml Secuobs.com : 2016-02-09 16:59:13 - Krebs on Security - If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data http://www.secuobs.com/revue/news/597775.shtmlhttp://www.secuobs.com/revue/news/597775.shtml Secuobs.com : 2016-02-08 16:45:33 - Krebs on Security - http://www.secuobs.com/revue/news/597661.shtmlhttp://www.secuobs.com/revue/news/597661.shtml Secuobs.com : 2016-02-03 16:58:53 - Krebs on Security - In Dec 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states Safeway hasn't disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device http://www.secuobs.com/revue/news/597274.shtmlhttp://www.secuobs.com/revue/news/597274.shtml Secuobs.com : 2016-02-02 16:48:45 - Krebs on Security - Good news Oracle says the next major version of its Java software will no longer plug directly into the user's Web browser This long overdue step should cut down dramatically on the number of computers infected with malicious software via opportunistic, so-called drive-by download attacks that exploit outdated Java plugins across countless browsers and multiple operating systems http://www.secuobs.com/revue/news/597157.shtmlhttp://www.secuobs.com/revue/news/597157.shtml Secuobs.com : 2016-01-30 14:52:09 - Krebs on Security - Norse Corp, a Foster City, Calif based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company The move comes just weeks after the company laid off almost 30 percent of its staff http://www.secuobs.com/revue/news/596949.shtmlhttp://www.secuobs.com/revue/news/596949.shtml Secuobs.com : 2016-01-29 00:18:38 - Krebs on Security - The US Federal Trade Commission FTC today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud The announcement coincided with the debut of a beefed up FTC Web site aimed at making it easier for consumers to report and recover from all forms of ID theft http://www.secuobs.com/revue/news/596808.shtmlhttp://www.secuobs.com/revue/news/596808.shtml Secuobs.com : 2016-01-27 16:01:02 - Krebs on Security - Wendy's, the nationwide chain of fast-food burger restaurants, says it is investigating claims of a possible credit card breach at some locations The acknowledgment comes in response to questions from KrebsOnSecurity about banking industry sources who discovered a pattern of fraud on cards that were all recently used at various Wendy's locations http://www.secuobs.com/revue/news/596654.shtmlhttp://www.secuobs.com/revue/news/596654.shtml Secuobs.com : 2016-01-26 15:24:42 - Krebs on Security - Oracle has shipped an update for its Java software that fixes at least eight critical security holes If you have an affirmative use for Java, please update to the latest version if you're not sure why you have Java installed, it's high time to remove the program once and for all http://www.secuobs.com/revue/news/596524.shtmlhttp://www.secuobs.com/revue/news/596524.shtml Secuobs.com : 2016-01-25 17:55:23 - Krebs on Security - Ne'er-do-wells have long abused a feature in Skype to glean the Internet address of other users Indeed, many shady online services that can be hired to launch attacks aimed at knocking users offline bundle so-called Skype resolvers that let customers find a target's last known location online At long last, Microsoft says its latest version of Skype will hide user Internet addresses by default http://www.secuobs.com/revue/news/596447.shtmlhttp://www.secuobs.com/revue/news/596447.shtml Secuobs.com : 2016-01-21 04:56:24 - Krebs on Security - A Ukrainian man who tried to frame me for heroin possession has pleaded guilty to multiple cybercrime charges in US federal court, including credit card theft and hacking into more than 13,000 computers http://www.secuobs.com/revue/news/596084.shtmlhttp://www.secuobs.com/revue/news/596084.shtml Secuobs.com : 2016-01-20 18:18:34 - Krebs on Security - A story in a national news source earlier this month about freezing your child's credit file to preempt ID thieves prompted many readers to erroneously conclude that all states allow this as of 2016 The truth is that some states let parents create a file for their child and then freeze it, while many states have no laws on the matter Here's a short primer on the current situation, with the availability of credit freezes aka security freeze for minors by state and by credit bureau http://www.secuobs.com/revue/news/596064.shtmlhttp://www.secuobs.com/revue/news/596064.shtml Secuobs.com : 2016-01-19 05:10:37 - Krebs on Security - A Texas manufacturing firm is suing its cyber insurance provider for refusing to cover a 480,000 loss following an email scam that impersonated the firm's chief executive http://www.secuobs.com/revue/news/595904.shtmlhttp://www.secuobs.com/revue/news/595904.shtml Secuobs.com : 2016-01-15 19:42:23 - Krebs on Security - If you stayed, ate or played at a Hyatt hotel between Aug 13 and Dec 8, 2015, there's a good chance your credit or debit card data was stolen by unknown cyber thieves who infiltrated many of the hotel chain's payment systems Its its first disclosure about the scope of a breach acknowledged last month, Hyatt Hotels Corp says the intrusion likely affected guests at 250 hotels in roughly 50 countries http://www.secuobs.com/revue/news/595733.shtmlhttp://www.secuobs.com/revue/news/595733.shtml Secuobs.com : 2016-01-14 18:01:21 - Krebs on Security - Ransomware -- malicious software that encrypts the victim's files and holds them hostage unless and until the victim pays a ransom in Bitcoin -- has emerged as a potent and increasingly common threat online But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services http://www.secuobs.com/revue/news/595660.shtmlhttp://www.secuobs.com/revue/news/595660.shtml Secuobs.com : 2016-01-12 20:58:57 - Krebs on Security - Adobe and Microsoft each issued updates today to fix critical security problems with their software Adobe's patch updates 17 flaws in its Acrobat and PDF Reader products Microsoft released nine update bundles to plug at least 22 security holes in Windows and associated software http://www.secuobs.com/revue/news/595481.shtmlhttp://www.secuobs.com/revue/news/595481.shtml Secuobs.com : 2016-01-11 06:43:03 - Krebs on Security - Crooks who make a living via identity theft schemes, dating scams and other con games often run into trouble when presented with a phone-based challenge that requires them to demonstrate mastery of a language they don't speak fluently Enter the criminal call center, which allows scammers to outsource those calls to multi-lingual men and women who can be hired to close the deal http://www.secuobs.com/revue/news/595298.shtmlhttp://www.secuobs.com/revue/news/595298.shtml Secuobs.com : 2016-01-06 20:17:47 - Krebs on Security - Cybercrime takes many forms, but one of the more insidious and perhaps less obvious manifestations is warranty fraud This scheme involves con artists who assume the identity of a consumer, complain that a given product has ceased to operate as expected, and demand that the retailer replace the article in question Such claims turn into a loss for targeted merchants when the scammer hacks an unwitting customer's account and replaces the customer's email address with his own address and demands that the retailer ship him a brand new device http://www.secuobs.com/revue/news/595011.shtmlhttp://www.secuobs.com/revue/news/595011.shtml Secuobs.com : 2016-01-04 06:09:43 - Krebs on Security - Virtually every aspect of cybercrime has been made into a service or plug-and-play product That includes dating scams -- among the oldest and most common of online swindles Recently, I had a chance to review a package of dating scam emails, instructions, pictures, videos and love letter templates that are sold to scammers in the underground, and was struck by how commoditized this type of fraud has become http://www.secuobs.com/revue/news/594714.shtmlhttp://www.secuobs.com/revue/news/594714.shtml Secuobs.com : 2015-12-29 17:51:58 - Krebs on Security - You know you're getting old when you can't remember your own birthday a reader tipped me off Today is the sixth anniversary of this site's launch KrebsOnSecurity turns 6 I'm pretty sure that's like middle age in Internet years http://www.secuobs.com/revue/news/594421.shtmlhttp://www.secuobs.com/revue/news/594421.shtml Secuobs.com : 2015-12-28 22:18:09 - Krebs on Security - Adobe has shipped a new version of its Flash Player browser plugin to close at least 19 security holes in the program, including one that is already being exploited in active attacks http://www.secuobs.com/revue/news/594326.shtmlhttp://www.secuobs.com/revue/news/594326.shtml Secuobs.com : 2015-12-28 19:54:17 - Krebs on Security - My PayPal account was hacked on Christmas Eve The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang that recruits for the terrorist group ISIS Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations -- including many financial institutions -- remain woefully behind the times in authenticating their customers and staying ahead of identity thieves http://www.secuobs.com/revue/news/594320.shtmlhttp://www.secuobs.com/revue/news/594320.shtml Secuobs.com : 2015-12-23 23:42:01 - Krebs on Security - Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations http://www.secuobs.com/revue/news/594111.shtmlhttp://www.secuobs.com/revue/news/594111.shtml Secuobs.com : 2015-12-23 08:16:46 - Krebs on Security - Expect phishers and other password thieves to up their game in 2016 Both Google and Yahoo are taking steps to kill off the password as we know it New authentication methods now offered by Yahoo and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device http://www.secuobs.com/revue/news/594027.shtmlhttp://www.secuobs.com/revue/news/594027.shtml Secuobs.com : 2015-12-21 23:03:38 - Krebs on Security - The US Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers LifeLock agreed to pay 100 million for violating a 2010 promise to cease deceptive advertising practices Oracle's legal troubles with the FTC stem from its failure to fully remove older, less secure versions of Java when consumers installed the latest Java software http://www.secuobs.com/revue/news/593871.shtmlhttp://www.secuobs.com/revue/news/593871.shtml Secuobs.com : 2015-12-18 16:41:04 - Krebs on Security - Digital gift card retailer Gyft has forced a password reset for some of its users The move comes in response to the theft of usernames and passwords from a subset of Gyft customers http://www.secuobs.com/revue/news/593651.shtmlhttp://www.secuobs.com/revue/news/593651.shtml Secuobs.com : 2015-12-17 20:01:27 - Krebs on Security - Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry's Inc, a company that manages a nationwide stable of well-known restaurants -- including Bubba Gump, Claim Jumper, McCormick Schmick's, and Morton's Landry's has not responded to multiple requests for comment http://www.secuobs.com/revue/news/593526.shtmlhttp://www.secuobs.com/revue/news/593526.shtml Secuobs.com : 2015-12-16 06:20:28 - Krebs on Security - Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado Safeway confirmed it is investigating skimming incidents at several stores http://www.secuobs.com/revue/news/593281.shtmlhttp://www.secuobs.com/revue/news/593281.shtml Secuobs.com : 2015-12-14 22:18:06 - Krebs on Security - http://www.secuobs.com/revue/news/593119.shtmlhttp://www.secuobs.com/revue/news/593119.shtml Secuobs.com : 2015-12-14 15:57:29 - Krebs on Security - With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims Here's what you need to know going into January to protect you and your family http://www.secuobs.com/revue/news/593067.shtmlhttp://www.secuobs.com/revue/news/593067.shtml Secuobs.com : 2015-12-10 21:05:37 - Krebs on Security - On any given day, there are thousands of gift cards from top retailers for sale online that can be had for a fraction of their face value Some of these are exactly what they appear to be legitimate gift cards sold through third-party sites that specialize in reselling used or unwanted cards But many discounted gift cards for sale online are in fact the product of merchandise return fraud, meaning consumers who purchase them unwittingly help thieves rob the stores that issued the cards http://www.secuobs.com/revue/news/592803.shtmlhttp://www.secuobs.com/revue/news/592803.shtml Secuobs.com : 2015-12-09 01:52:10 - Krebs on Security - Adobe and Microsoft today independently issued software updates to plug critical security holes in their software Adobe released a patch that fixes a whopping 78 security vulnerabilities in its Flash Player software Microsoft pushed a dozen patch bundles to address at least 71 flaws in various versions of the Windows operating system and associated software http://www.secuobs.com/revue/news/592549.shtmlhttp://www.secuobs.com/revue/news/592549.shtml Secuobs.com : 2015-12-07 12:17:20 - Krebs on Security - I recently heard from a source in law enforcement who had a peculiar problem The source investigates cybercrime, and he was reaching out for advice after trying but failing to conduct undercover buys of stolen credit cards from a well-known underground card market Turns out, the cybercrime bazaar's own security system triggered a pig alert and brazenly flagged the fed's transactions as an undercover purchase placed by a law enforcement officer http://www.secuobs.com/revue/news/592283.shtmlhttp://www.secuobs.com/revue/news/592283.shtml Secuobs.com : 2015-12-02 15:33:00 - Krebs on Security - Many readers wrote in this past week to say they'd finally been officially notified that their fingerprints, background checks, Social Security numbers, and other sensitive information was jeopardized in the massive data breach discovered this year at the Office of Personnel Management OPM Almost as many complained that the OPM's response -- the offering of free credit monitoring services for up to three years -- won't work if readers have taken my advice and enacted a security freeze on one's credit file with the major credit bureaus This post is an attempt to explain what's going on here http://www.secuobs.com/revue/news/591854.shtmlhttp://www.secuobs.com/revue/news/591854.shtml Secuobs.com : 2015-12-01 06:08:54 - Krebs on Security - The US Department of Homeland Security DHS has been quietly launching stealthy cyber attacks against a range of private US companies -- mostly banks and energy firms These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help critical infrastructure companies shore up their computer and network defenses against real-world adversaries And it's all free of charge well, on the US taxpayer's dime http://www.secuobs.com/revue/news/591632.shtmlhttp://www.secuobs.com/revue/news/591632.shtml Secuobs.com : 2015-11-30 15:57:54 - Krebs on Security - Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam Crooks embed skimming devices inside fuel station pumps to steal credit card data from customers Thieves then clone the cards and use them to steal hundreds of gallons of gas at multiple filling stations The gas is pumped into hollowed-out trucks and vans, which ferry the fuel to a giant tanker truck The criminals then sell and deliver the gas at cut rate prices to shady and complicit fuel station owners http://www.secuobs.com/revue/news/591558.shtmlhttp://www.secuobs.com/revue/news/591558.shtml Secuobs.com : 2015-11-25 17:32:33 - Krebs on Security - LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information But LANDESK employees contacted by this author say the breach may go far deeper for the company and its customers http://www.secuobs.com/revue/news/591214.shtmlhttp://www.secuobs.com/revue/news/591214.shtml Secuobs.com : 2015-11-25 02:14:50 - Krebs on Security - Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems http://www.secuobs.com/revue/news/591140.shtmlhttp://www.secuobs.com/revue/news/591140.shtml Secuobs.com : 2015-11-24 07:10:48 - Krebs on Security - All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks Dell says it is prepping a fix for the issue, but experts say the threat may ultimately need to be stomped out by the major Web browser makers http://www.secuobs.com/revue/news/590999.shtmlhttp://www.secuobs.com/revue/news/590999.shtml Secuobs.com : 2015-11-23 17:35:46 - Krebs on Security - Amazon has added multi-factor authentication to help customers better secure their accounts from hackers The security feature allows customers to receive a code via text message and or a third-party app -- such as Google Authenticator http://www.secuobs.com/revue/news/590932.shtmlhttp://www.secuobs.com/revue/news/590932.shtml Secuobs.com : 2015-11-20 23:14:20 - Krebs on Security - From NBC News come revelations that ISIS has its very own web-savvy, 24-hour Jihadi Help Desk manned by a half-dozen senior operatives to assist foot soldiers in spreading their message far and wide My first reaction to this story was disbelief, then envy hey, where the heck is my 24 7 support But soon my mind began racing with other possibilities Imagine the epic trolling opportunities available to a bored or disgruntled Jihadi Help Desk operator For this persona, we need to reach way back into the annals of Internet history, to the Bastard Operator from Hell BOFH -- a megalomaniacal system administrator who constantly toyed with the very co-workers he was paid to support RECORDED MESSAGE Thank you for contacting the ISIS Jihadi Help Desk We are currently experiencing higher than normal call volume Please wait and your inquiry will be answered in the order that it was received This call may be monitored for customer service and Jihadi training purposes http://www.secuobs.com/revue/news/590739.shtmlhttp://www.secuobs.com/revue/news/590739.shtml Secuobs.com : 2015-11-20 19:23:57 - Krebs on Security - Starwood Hotels Resorts Worldwide today warned that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale cash registers at some of the company's hotels in North America The disclosure makes Starwood just the latest in a recent string of hotel chains to announce credit card breach investigations http://www.secuobs.com/revue/news/590725.shtmlhttp://www.secuobs.com/revue/news/590725.shtml Secuobs.com : 2015-11-19 17:06:04 - Krebs on Security - A bill introduced in the US House of Representatives on Wednesday targets swatting, an increasingly common and costly hoax in which perpetrators spoof a communication to authorities about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force http://www.secuobs.com/revue/news/590599.shtmlhttp://www.secuobs.com/revue/news/590599.shtml Secuobs.com : 2015-11-18 17:07:36 - Krebs on Security - http://www.secuobs.com/revue/news/590463.shtmlhttp://www.secuobs.com/revue/news/590463.shtml Secuobs.com : 2015-11-17 23:47:00 - Krebs on Security - US state and federal law enforcement officials appear poised to tap into public concern over the terror attacks in France last week to garner support for proposals that would fundamentally weaken the security of encryption technology used by US corporations and citizens Here's a closer look at what's going on, and why readers should be tuned in and asking questions http://www.secuobs.com/revue/news/590350.shtmlhttp://www.secuobs.com/revue/news/590350.shtml Secuobs.com : 2015-11-16 23:53:46 - Krebs on Security - The restaurant chain Chipotle Mexican Grill seems pretty good at churning out huge numbers of huge burritos, but the company may need to revisit some basic corporate cybersecurity concepts For starters, Chipotle's human resources department has been replying to new job applicants using the domain chipotlehrcom -- a Web site name that the company has never owned or controlled Translation Until last week, anyone could have read email destined for the company's HR department just by registering the domain chipotlehrcom Also, Chipotle itself has inadvertently being pointing this out for months in emails to anyone who applied for a job via the company's Web site http://www.secuobs.com/revue/news/590240.shtmlhttp://www.secuobs.com/revue/news/590240.shtml Secuobs.com : 2015-11-13 16:58:24 - Krebs on Security - Buried in the federal indictments unsealed this week against four men accused of stealing tens of millions of consumer records from JPMorgan Chase and other brokerage firms are a series of other unnamed companies that were similarly victimized by the accused One of them, identified in the indictments only as Victim 12, is an entity that helps banks block transactions for dodgy goods advertised in spam Turns out, the hackers targeted this company so that they could better push through payments for spam-advertised prescription drugs and fake antivirus schemes According to multiple sources, Victim 12 is none other than Bellevue, Wash based G2 Web Services LLC, a company that helps banks figure out if a website is fraudulent or is selling contraband G2 Web Services did not respond to multiple requests for comment http://www.secuobs.com/revue/news/590011.shtmlhttp://www.secuobs.com/revue/news/590011.shtml Secuobs.com : 2015-11-12 12:58:20 - Krebs on Security - The Internet of Things is fast turning into the Internet-of-Things-We-Can't-Afford Almost daily now we are hearing about virtual shakedowns wherein attackers demand payment in Bitcoin virtual currency from a bank, e-retailer or online service Those who don't pay the ransom see their sites knocked offline in coordinated cyberattacks This story examines one contributor to the problem, and asks whether we should demand better security from ISPs, software and hardware makers http://www.secuobs.com/revue/news/589870.shtmlhttp://www.secuobs.com/revue/news/589870.shtml Secuobs.com : 2015-11-11 15:51:32 - Krebs on Security - For the third time in a month, Adobe has issued an update to plug security holes in its Flash Player software The update came on Patch Tuesday, when Microsoft released a dozen patches to fix dozens of vulnerabilities in Windows, Internet Explorer, Skype and other software http://www.secuobs.com/revue/news/589783.shtmlhttp://www.secuobs.com/revue/news/589783.shtml Secuobs.com : 2015-11-10 21:08:52 - Krebs on Security - US authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation's biggest financial institutions and brokerage firms, including JP Morgan Chase, E Trade and Scottrade http://www.secuobs.com/revue/news/589701.shtmlhttp://www.secuobs.com/revue/news/589701.shtml Secuobs.com : 2015-11-09 06:58:13 - Krebs on Security - One of the more common and destructive computer crimes to emerge over the past few years involves ransomware -- malicious code that quietly scrambles all of the infected user's documents and files with very strong encryption A ransom, to be paid in Bitcon, is demanded in exchange for a key to unlock the files Well, now it appears fraudsters are developing ransomware that does the same but for Web sites -- essentially holding the site's files, pages and images for ransom http://www.secuobs.com/revue/news/589450.shtmlhttp://www.secuobs.com/revue/news/589450.shtml Secuobs.com : 2015-11-08 15:47:34 - Krebs on Security - I recently participated in an Ask Me Anything interview on Redditcom about investigative reporting I spent the better part of a day responding to readers about the challenges and rewards of independent journalism and a focus on data breaches, cybercrime and cybercriminals It occurred to me today that I hadn t mentioned the interview yet on http://www.secuobs.com/revue/news/589421.shtmlhttp://www.secuobs.com/revue/news/589421.shtml Secuobs.com : 2015-11-06 15:06:35 - Krebs on Security - In September 2014, I penned a column called We Take Your Privacy and Security Seriously It recounted my experience receiving notice from my former Internet service provider -- Cox Communications -- that a customer service employee had been tricked into giving away my personal information to hackers This week, the Federal Communications Commission FCC fined Cox 595,000 for the incident that affected me and 60 other customers http://www.secuobs.com/revue/news/589289.shtmlhttp://www.secuobs.com/revue/news/589289.shtml Secuobs.com : 2015-11-05 06:18:58 - Krebs on Security - So you've got two-step authentication set up to harden the security of your email account you do, right But when was the last time you took a good look at the security of your inbox's recovery email address That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity Earlier this week, I heard from Chris Blake, a longtime KrebsOnSecurity reader from the United Kingdom Blake reached out because I'd recently written about a character of interest in the breach at British phone and broadband provider TalkTalk an individual using the Twitter handle Fearful Blake proceeded to explain how that same Fearful account had belonged to him for some time until May 2015, when an elaborate social engineering attack on his Internet service provider ISP allowed the current occupant of the account to swipe it out from under him http://www.secuobs.com/revue/news/589116.shtmlhttp://www.secuobs.com/revue/news/589116.shtml Secuobs.com : 2015-11-03 15:53:24 - Krebs on Security - How do fraudsters cash out stolen credit card data Increasingly, they are selling in-demand but underpriced products on eBay that they don't yet own Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder http://www.secuobs.com/revue/news/588911.shtmlhttp://www.secuobs.com/revue/news/588911.shtml Secuobs.com : 2015-10-27 17:48:35 - Krebs on Security - The US Senate is preparing to vote on cybersecurity legislation that proponents say is sorely needed to better help companies and the government share information about the latest Internet threats Critics of the bill and its many proposed amendments charge that it will do little, if anything, to address the very real problem of flawed cybersecurity while creating conditions that are ripe for privacy abuses What follows is a breakdown of the arguments on both sides, and a personal analysis that seeks to add some important context to the debate http://www.secuobs.com/revue/news/588156.shtmlhttp://www.secuobs.com/revue/news/588156.shtml Secuobs.com : 2015-10-24 16:44:38 - Krebs on Security - TalkTalk, a British phone and broadband provider with more than four million customers, disclosed Friday that intruders had hacked its Web site and may have stolen personal and financial data Sources close to the investigation say the company has received a ransom demand of approximately 80,000 USD 122,000 , with the attackers threatening to publish the TalkTalk's customer data unless they are paid the amount in Bitcoin http://www.secuobs.com/revue/news/587848.shtmlhttp://www.secuobs.com/revue/news/587848.shtml Secuobs.com : 2015-10-21 20:39:15 - Krebs on Security - This author has long sought to shame Web hosting and Internet service providers who fail to take the necessary steps to keep spammers, scammers and other online ne'er-do-wells off their networks Typically, the companies on the receiving end of this criticism are little-known Internet firms But according to anti-spam activists the title of the Internet's most spam-friendly provider recently has passed to networks managed by IBM -- one of the more recognizable and trusted names in technology and security http://www.secuobs.com/revue/news/587549.shtmlhttp://www.secuobs.com/revue/news/587549.shtml Secuobs.com : 2015-10-21 03:18:41 - Krebs on Security - Adobe has issued a patch to fix a zero-day vulnerability in its Flash Player software Separately, Oracle today released an update to plug more than two-dozen flaws in its Java software Both programs plug directly into the browser and are highly targeted by malicious software and malefactors Although Flash and Java are both widely installed, most users could probably ditch each program with little to no inconvenience or regret http://www.secuobs.com/revue/news/587443.shtmlhttp://www.secuobs.com/revue/news/587443.shtml Secuobs.com : 2015-10-19 23:21:15 - Krebs on Security - In July I wrote about the dangers of blindly trusting online reviews, especially for high-dollar services like moving companies That piece told the story of Full Service Van Lines, a moving company that had mostly five-star reviews online but whose owners and operators had a long history of losing or destroying their customers' stuff and generally taking months to actually ship the damaged goods it delivered Last week, federal regulators shut the company down http://www.secuobs.com/revue/news/587284.shtmlhttp://www.secuobs.com/revue/news/587284.shtml Secuobs.com : 2015-10-14 00:26:17 - Krebs on Security - A Ukrainian hacker who once hatched a plot to have heroin sent to my Virginia home and then alert police when the drugs arrived had his first appearance in a US court today, after being extradited to the United States to face multiple cybercrime charges http://www.secuobs.com/revue/news/586627.shtmlhttp://www.secuobs.com/revue/news/586627.shtml Secuobs.com : 2015-10-13 09:14:05 - Krebs on Security - The Washington Post reported last week that the Chinese government has quietly arrested a handful of hackers at the urging of the US government, a move described as an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions While this a welcome and encouraging development, this is not the first time Beijing has arrested Chinese hackers in response to pressure from the US government http://www.secuobs.com/revue/news/586505.shtmlhttp://www.secuobs.com/revue/news/586505.shtml Secuobs.com : 2015-10-12 19:01:43 - Krebs on Security - Another charity store chain has been hacked America s Thrift Stores, an organization that operates donations-based thrift stores throughout the southeast United States, said this week that it recently learned it was the victim of a malware-driven security breach that targeted software used by a third-party service provider http://www.secuobs.com/revue/news/586465.shtmlhttp://www.secuobs.com/revue/news/586465.shtml Secuobs.com : 2015-10-08 08:05:22 - Krebs on Security - T-Mobile disclosed last week that some 15 million customers had their Social Security numbers and other personal data stolen thanks to a breach at Experian, the largest of the big American consumer credit bureaus But this actually wasn't the first time that a hacking incident at Experian exposed sensitive T-Mobile customer data, and that previous breach may hold important clues about what went wrong more recently http://www.secuobs.com/revue/news/586037.shtmlhttp://www.secuobs.com/revue/news/586037.shtml Secuobs.com : 2015-10-06 21:02:20 - Krebs on Security - The next time you're thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account http://www.secuobs.com/revue/news/585859.shtmlhttp://www.secuobs.com/revue/news/585859.shtml Secuobs.com : 2015-10-05 18:27:24 - Krebs on Security - The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels The acknowledgement comes roughly three months after this author first reported that multiple financial institutions suspected the hotels were compromised http://www.secuobs.com/revue/news/585713.shtmlhttp://www.secuobs.com/revue/news/585713.shtml Secuobs.com : 2015-10-02 21:17:13 - Krebs on Security - Welcome to Cybersecurity Breach Awareness Month Today's awareness lesson is brought to you by retail brokerage firm Scottrade, which just disclosed a breach involving contact information and possibly Social Security numbers on 46 million customers http://www.secuobs.com/revue/news/585531.shtmlhttp://www.secuobs.com/revue/news/585531.shtml Secuobs.com : 2015-10-02 18:42:21 - Krebs on Security - Kicking off National Cybersecurity Month with a bang, credit bureau and consumer data broker Experian North America disclosed Thursday that a breach of its computer systems exposed approximately 15 million Social Security numbers and other data on people who applied for financing from wireless provider T-Mobile USA Inc http://www.secuobs.com/revue/news/585514.shtmlhttp://www.secuobs.com/revue/news/585514.shtml Secuobs.com : 2015-09-29 14:44:24 - Krebs on Security - It's notable whenever cybercime spills over into real-world, physical attacks This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs http://www.secuobs.com/revue/news/585038.shtmlhttp://www.secuobs.com/revue/news/585038.shtml Secuobs.com : 2015-09-28 06:43:21 - Krebs on Security - A time-honored method of extracting cash from stolen credit cards involves reshipping scams, which manage the purchase, reshipment and resale of carded consumer goods from America to Eastern Europe -- primarily Russia A new study suggests that some 16 million credit and debit cards are used to commit at least 18 billion in reshipping fraud each year, and identifies some choke points for disrupting this lucrative money laundering activity http://www.secuobs.com/revue/news/584826.shtmlhttp://www.secuobs.com/revue/news/584826.shtml Secuobs.com : 2015-09-25 22:39:11 - Krebs on Security - Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States Hilton says it is investigating the claims http://www.secuobs.com/revue/news/584736.shtmlhttp://www.secuobs.com/revue/news/584736.shtml Secuobs.com : 2015-09-23 19:02:00 - Krebs on Security - A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of targeted attacks These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources http://www.secuobs.com/revue/news/584460.shtmlhttp://www.secuobs.com/revue/news/584460.shtml Secuobs.com : 2015-09-21 20:36:15 - Krebs on Security - Adobe has released a critical software update to fix nearly two-dozen security holes in its Flash Player browser plugin Separately, I want to take a moment to encourage users who have Adobe Shockwave Player installed to finally junk this program turns out Shockwave -- which comes with its own version of Flash -- is still woefully far behind in bundling the latest Flash fixes http://www.secuobs.com/revue/news/584201.shtmlhttp://www.secuobs.com/revue/news/584201.shtml Secuobs.com : 2015-09-21 06:29:36 - Krebs on Security - In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp hired security experts at Verizon to probe its networks for weaknesses The results of that confidential investigation -- until now never publicly revealed -- confirm what pundits have long suspected Once inside Target's network, there was nothing stop attackers from gaining direct and complete access to every single cash register in every Target store http://www.secuobs.com/revue/news/584100.shtmlhttp://www.secuobs.com/revue/news/584100.shtml Secuobs.com : 2015-09-17 06:13:17 - Krebs on Security - In the previous two stories, I documented the damage wrought by an organized crime gang in Mexico that has been systematically bribing ATM technicians to install Bluetooth skimming components that allow thieves to steal card and PIN data wirelessly What follows is a look at a mysterious new ATM company in Mexico that sources say may be tied to the skimming activity http://www.secuobs.com/revue/news/583773.shtmlhttp://www.secuobs.com/revue/news/583773.shtml Secuobs.com : 2015-09-15 06:05:39 - Krebs on Security - I spent four days last week in Mexico, tracking the damage wrought by an organized crime ring that is bribing ATM technicians to place Bluetooth skimmers inside of cash machines in and around the tourist areas of Cancun Today s piece chronicles the work of this gang in coastal regions farther south, following a trail of hacked ATMs from Playa Del Camen down to the ancient Mayan ruins in Tulum http://www.secuobs.com/revue/news/583489.shtmlhttp://www.secuobs.com/revue/news/583489.shtml Secuobs.com : 2015-09-14 06:18:30 - Krebs on Security - -Sept 9, 12 30 pm CT, Yucatan Peninsula, Mexico Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt There was some sort of checkpoint ahead by the Mexican Federal Police I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack http://www.secuobs.com/revue/news/583377.shtmlhttp://www.secuobs.com/revue/news/583377.shtml Secuobs.com : 2015-09-09 16:30:03 - Krebs on Security - Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company's former chief technology officer Raja Bhatia hacked into a rival firm in 2012 Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted http://www.secuobs.com/revue/news/582855.shtmlhttp://www.secuobs.com/revue/news/582855.shtml Secuobs.com : 2015-09-09 02:26:05 - Krebs on Security - Microsoft today released a dozen security updates for computers running supported versions of its Windows operating system Five of the patches fix flaws that could get PCs compromised with little to no help from users, and five of the bulletins have vulnerabilities that were publicly disclosed before today including one has been detected in exploits in the wild Separately, Adobe is pushing a security update for its Shockwave Player - a browser plugin that I've long urged readers to junk http://www.secuobs.com/revue/news/582768.shtmlhttp://www.secuobs.com/revue/news/582768.shtml Secuobs.com : 2015-09-07 15:31:48 - Krebs on Security - Authorities in Europe have arrested alleged key players behind the development and deployment of ultra-sophisticated banking malware, including Citadel and Dridex The arrests involved a Russian national and a Moldovan man, both of whom were traveling outside of their native countries and are now facing extradition to the United States http://www.secuobs.com/revue/news/582612.shtmlhttp://www.secuobs.com/revue/news/582612.shtml Secuobs.com : 2015-09-03 23:37:42 - Krebs on Security - Most of us know to keep our guard up when withdrawing cash from an ATM and to look for any signs that the machine may have been tampered with But ATM fraud experts say they continue to see criminal innovations with insert skimmers, wafer-thin data theft devices that fit inside the ATM's card acceptance slot and do not alter the outward appearance of a compromised cash machine http://www.secuobs.com/revue/news/582388.shtmlhttp://www.secuobs.com/revue/news/582388.shtml Secuobs.com : 2015-09-02 16:53:56 - Krebs on Security - The Office of Personnel Management OPM has awarded a 133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals But perhaps the agency should be offering the option to pay for the cost that victims may incur in freezing their credit files, a much more effective way of preventing identity theft http://www.secuobs.com/revue/news/582206.shtmlhttp://www.secuobs.com/revue/news/582206.shtml Secuobs.com : 2015-09-01 19:42:47 - Krebs on Security - A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company's eponymous chief executive -- Eugene Kaspersky -- who called the story complete BS and noted that his firm was a victim of such activity But according to interviews with the CEO of DrWeb -- Kaspersky's main competitor in Russia -- both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms http://www.secuobs.com/revue/news/582086.shtmlhttp://www.secuobs.com/revue/news/582086.shtml Secuobs.com : 2015-08-28 15:54:09 - Krebs on Security - Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad's Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time http://www.secuobs.com/revue/news/581743.shtmlhttp://www.secuobs.com/revue/news/581743.shtml Secuobs.com : 2015-08-28 03:37:42 - Krebs on Security - The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers According to the FBI, thieves stole nearly 750 million in such scams from more than 7,000 victim companies in the US between October 2013 and August 2015 http://www.secuobs.com/revue/news/581676.shtmlhttp://www.secuobs.com/revue/news/581676.shtml Secuobs.com : 2015-08-26 18:45:55 - Krebs on Security - AshleyMadisoncom, a site that helps married people cheat and whose slogan is Life is Short, have an Affair, recently put up a half million Canadian dollar bounty for information leading to the arrest and prosecution of the Impact Team, the name chosen by the hacker s who released data on more than 30 million Ashley Madison users Here is the first of likely several posts examining individuals who appear to be closely connected to this attack http://www.secuobs.com/revue/news/581478.shtmlhttp://www.secuobs.com/revue/news/581478.shtml Secuobs.com : 2015-08-24 21:32:36 - Krebs on Security - Hacked online cheating service AshleyMadisoncom is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company's CEO suggests that AshleyMadison's top leadership hacked into a competing dating service in 2012 http://www.secuobs.com/revue/news/581204.shtmlhttp://www.secuobs.com/revue/news/581204.shtml Secuobs.com : 2015-08-24 17:47:19 - Krebs on Security - AshleyMadisoncom, an online cheating service whose motto is Life is Short, Have an Affair, is offering a 500,000 reward for information leading to the arrest and prosecution of the individual or group of people responsible for leaking the highly personal information on the company's more than 30 million users http://www.secuobs.com/revue/news/581173.shtmlhttp://www.secuobs.com/revue/news/581173.shtml Secuobs.com : 2015-08-21 20:11:56 - Krebs on Security - People who cheat on their partners are always open to extortion by the parties involved But when the personal details of millions of cheaters get posted online for anyone to download as is the case with the recent hack of infidelity hookup site AshleyMadisoncom random blackmailers are bound to pounce on the opportunity According http://www.secuobs.com/revue/news/580986.shtmlhttp://www.secuobs.com/revue/news/580986.shtml Secuobs.com : 2015-08-21 05:00:32 - Krebs on Security - Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service IRS The arrests highlight the dramatic shift in gang activity in recent years from high-risk drug dealing to identity fraud -- a far less risky yet equally lucrative crime http://www.secuobs.com/revue/news/580911.shtmlhttp://www.secuobs.com/revue/news/580911.shtml Secuobs.com : 2015-08-19 05:16:08 - Krebs on Security - Many news sites and blogs are reporting that the data stolen last month from 37 million users of AshleyMadisoncom -- a site that facilitates cheating and extramarital affairs -- has finally been posted online for the world to see In the past 48 hours, several huge dumps of data claiming to be the actual AshleyMadison database have turned up online But there are precious few details in them that would allow one to verify these claims, and the company itself says it so far sees no indication that the files are legitimate http://www.secuobs.com/revue/news/580646.shtmlhttp://www.secuobs.com/revue/news/580646.shtml Secuobs.com : 2015-08-19 00:17:12 - Krebs on Security - Microsoft today released an out-of-band software update to plug a critical security flaw in all supported versions of its Internet Explorer browser, from IE7 to IE 11 this flaw does not appear to be present in Microsoft Edge, the new browser from Redmond and intended to replace IE http://www.secuobs.com/revue/news/580622.shtmlhttp://www.secuobs.com/revue/news/580622.shtml Secuobs.com : 2015-08-18 07:38:37 - Krebs on Security - Probably the quickest way for a security company to prompt an overwhelmingly hostile response from the security research community is to claim that its products and services are unbreakable by hackers The second-fastest way to achieve that outcome is to have that statement come from an encryption company CEO who served several years in federal prison for running a 210 million Ponzi scheme Here's the story of a company that managed to accomplish both at the same time and is now trying to learn from and survive the experience http://www.secuobs.com/revue/news/580521.shtmlhttp://www.secuobs.com/revue/news/580521.shtml Secuobs.com : 2015-08-18 00:04:31 - Krebs on Security - The Internal Revenue Service IRS disclosed today that identity thieves abused a feature on the agency's Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015 -- two months after KrebsOnSecurity first raised alarms about the weakness http://www.secuobs.com/revue/news/580485.shtmlhttp://www.secuobs.com/revue/news/580485.shtml Secuobs.com : 2015-08-17 07:52:15 - Krebs on Security - The past few years have witnessed a rapid proliferation of cheap, Web-based services that troublemakers can hire to knock virtually any person or site offline for hours on end Such services succeed partly because they've enabled users to pay for attacks with PayPal But a collaborative effort by PayPal and security researchers has made it far more difficult for these services to transact with their would-be customers http://www.secuobs.com/revue/news/580383.shtmlhttp://www.secuobs.com/revue/news/580383.shtml Secuobs.com : 2015-08-14 07:54:32 - Krebs on Security - Earlier this month, KrebsOnSecurity featured the exclusive story of a Russian organized cybercrime gang that stole more than 100 million from small to mid-sized businesses with the help of phantom corporations on the border with China Today, we ll look at the stranger-than-fiction true tale of an American firm that lost 197,000 in a remarkably similar 2013 cyberheist, only to later recover most of the money after allegedly plying Chinese authorities with a carton of cigarettes and a hefty bounty for their trouble http://www.secuobs.com/revue/news/580152.shtmlhttp://www.secuobs.com/revue/news/580152.shtml Secuobs.com : 2015-08-12 01:07:18 - Krebs on Security - Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system Not to be left out of Patch Tuesday, Oracle's chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down http://www.secuobs.com/revue/news/579920.shtmlhttp://www.secuobs.com/revue/news/579920.shtml Secuobs.com : 2015-08-11 17:18:14 - Krebs on Security - Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine's card acceptance slot and used to read data directly off of chip-enabled credit or debit cards http://www.secuobs.com/revue/news/579862.shtmlhttp://www.secuobs.com/revue/news/579862.shtml Secuobs.com : 2015-08-07 22:30:18 - Krebs on Security - Networking firm Ubiquiti Networks Inc disclosed this week that cyber thieves recently stole 467 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers http://www.secuobs.com/revue/news/579610.shtmlhttp://www.secuobs.com/revue/news/579610.shtml Secuobs.com : 2015-08-05 23:46:12 - Krebs on Security - New research into a notorious Eastern European organized cybercrime gang accused of stealing than 100 million from banks and businesses worldwide provides an unprecedented, behind-the-scenes look at an exclusive business club that dabbled in cyber espionage and worked closely with phantom Chinese firms on Russia's far eastern border http://www.secuobs.com/revue/news/579427.shtmlhttp://www.secuobs.com/revue/news/579427.shtml Secuobs.com : 2015-08-04 14:25:02 - Krebs on Security - Hardly a week goes by without a news story about state-sponsored Chinese cyberspies breaking into Fortune 500 companies to steal intellectual property, personal data and other invaluable assets Now, researchers say they've unearthed evidence that some of the same Chinese hackers also have been selling access to compromised computers within those companies to help perpetuate future breaches http://www.secuobs.com/revue/news/579277.shtmlhttp://www.secuobs.com/revue/news/579277.shtml Secuobs.com : 2015-08-03 07:05:15 - Krebs on Security - This author has spent many years chronicling the exploits of black hat spammers who use hacked computers to relay junk email But I've dedicated comparatively little time delving into ways of email marketers who technically follow US anti-spam laws yet nevertheless engage in spammy practices The latter is able to ply their trade because there are thousands of Internet hosting companies operating on thin profit margins that are happy to accept spammy but lucrative clients This is the story of how one hosting company heroically kicked out all of its email marketing customers at great expense and ended up building a stronger, more profitable company in the process http://www.secuobs.com/revue/news/579167.shtmlhttp://www.secuobs.com/revue/news/579167.shtml Secuobs.com : 2015-07-29 16:50:34 - Krebs on Security - Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant's latest operating system -- Windows 10 But there's a very important security caveat that users should know about before transitioning to the new OS Unless you opt out, Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype -- and, with an opt-in, your Facebook friends http://www.secuobs.com/revue/news/578756.shtmlhttp://www.secuobs.com/revue/news/578756.shtml Secuobs.com : 2015-07-27 18:35:17 - Krebs on Security - On the evening March 14, 2013, a heavily-armed police force surrounded my home in Annandale, Va, after responding to a phony hostage situation that someone had alerted authorities to at our address I ve recently received a notice from the US Justice Department stating that one of the individuals involving in that swatting incident had pleaded guilty to a felony conspiracy charge http://www.secuobs.com/revue/news/578485.shtmlhttp://www.secuobs.com/revue/news/578485.shtml Secuobs.com : 2015-07-22 17:16:44 - Krebs on Security - Several sources in the financial industry say they are seeing a spike in fraud on customer cards used at ATMs in Mexico The reason behind that apparent spike hopefully will be fodder for another story In this post, we'll take a closer look at a pair of ATM skimming devices that were recently found attached to a cash machine in Puerto Vallarta -- a popular tourist destination on Mexico's Pacific coast http://www.secuobs.com/revue/news/577990.shtmlhttp://www.secuobs.com/revue/news/577990.shtml Secuobs.com : 2015-07-21 20:15:58 - Krebs on Security - Big-three credit bureau Experian is the target of a class-action lawsuit just filed in California The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves http://www.secuobs.com/revue/news/577882.shtmlhttp://www.secuobs.com/revue/news/577882.shtml Secuobs.com : 2015-07-20 05:54:26 - Krebs on Security - Large caches of data stolen from online cheating site AshleyMadisoncom have been posted online by an individual or group that claims to have completely compromised the company s user databases, financial records and other proprietary information The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is Life http://www.secuobs.com/revue/news/577619.shtmlhttp://www.secuobs.com/revue/news/577619.shtml Secuobs.com : 2015-07-16 02:59:58 - Krebs on Security - By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode dot me, an English-language cybercrime forum that served as a breeding ground for botnets, malware and just about every other form of virtual badness This post is an attempt to distill several years' worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general http://www.secuobs.com/revue/news/577244.shtmlhttp://www.secuobs.com/revue/news/577244.shtml Secuobs.com : 2015-07-15 15:57:24 - Krebs on Security - A Vietnamese man who ran an online identity theft service that sold access to Social Security numbers and other personal information on more than 200 million Americans has been sentenced to 13 years in a US prison http://www.secuobs.com/revue/news/577175.shtmlhttp://www.secuobs.com/revue/news/577175.shtml Secuobs.com : 2015-07-14 22:14:07 - Krebs on Security - This being the second Tuesday of the month, it's officially Patch Tuesday But it's not just Windows users who need to update today Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online Separately, Oracle issued a critical patch update that plugs more than two dozen security holes in Java http://www.secuobs.com/revue/news/577073.shtmlhttp://www.secuobs.com/revue/news/577073.shtml Secuobs.com : 2015-07-13 21:26:17 - Krebs on Security - For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe's Flash Player browser plugin Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team -- an Italian security firm that sells software exploits to governments around the world http://www.secuobs.com/revue/news/576924.shtmlhttp://www.secuobs.com/revue/news/576924.shtml Secuobs.com : 2015-07-13 07:21:09 - Krebs on Security - Last week, hacktivists posted online 400 GB worth of internal emails, documents and other data stolen from Hacking Team, an Italian security firm that has earned the ire of privacy and civil liberties groups for selling spy software to governments worldwide New analysis of the leaked Hacking Team emails suggests that in 2013 the company used techniques perfected by spammers to hijack Internet address space from a spammer-friendly Internet service provider in a bid to regain control over a spy network it apparently had set up for the Italian National Military Police http://www.secuobs.com/revue/news/576844.shtmlhttp://www.secuobs.com/revue/news/576844.shtml Secuobs.com : 2015-07-11 07:28:53 - Krebs on Security - For the second time in a week, Adobe Systems Inc says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that s long been accused of helping repressive regimes spy on dissident groups http://www.secuobs.com/revue/news/576764.shtmlhttp://www.secuobs.com/revue/news/576764.shtml Secuobs.com : 2015-07-10 17:36:48 - Krebs on Security - An Estonian man who ran an organized cybercrime ring that infected more than 4 million PCs in over 100 countries with moneymaking malware has pleaded guilty in New York to wire fraud and computer intrusion charges http://www.secuobs.com/revue/news/576714.shtmlhttp://www.secuobs.com/revue/news/576714.shtml Secuobs.com : 2015-07-09 19:31:16 - Krebs on Security - Service Systems Associates, a company that serves gift shops at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems http://www.secuobs.com/revue/news/576600.shtmlhttp://www.secuobs.com/revue/news/576600.shtml Secuobs.com : 2015-07-08 21:07:01 - Krebs on Security - In a win for Internet trolls and teenage cybercriminals everywhere, a Finnish court has decided not to incarcerate a 17-year-old found guilty of more than 50,000 cybercrimes, including data breaches, payment fraud, operating a huge botnet and calling in bomb threats, among other violations http://www.secuobs.com/revue/news/576505.shtmlhttp://www.secuobs.com/revue/news/576505.shtml Secuobs.com : 2015-07-07 22:37:33 - Krebs on Security - Adobe Systems Inc said today it plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks The flaw was disclosed publicly over the weekend after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that's long been accused of helping repressive regimes spy on dissident groups http://www.secuobs.com/revue/news/576415.shtmlhttp://www.secuobs.com/revue/news/576415.shtml Secuobs.com : 2015-07-06 06:18:04 - Krebs on Security - The Internet is a fantastic resource for researching the reputation of companies with which you may wish to do business Unfortunately, this same ease-of-use can lull the unwary into falling for marketing scams originally perfected by spammers Namely, fake reviews and dodgy search engine manipulation techniques that seek to drown out legitimate, negative reviews in a sea of glowing but fake endorsements http://www.secuobs.com/revue/news/576222.shtmlhttp://www.secuobs.com/revue/news/576222.shtml Secuobs.com : 2015-07-01 20:08:55 - Krebs on Security - The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, appears to be the latest victim of a credit card breach, according to data shared by several US-based banks http://www.secuobs.com/revue/news/575976.shtmlhttp://www.secuobs.com/revue/news/575976.shtml Secuobs.com : 2015-06-29 17:00:17 - Krebs on Security - Cybercriminals have long relied on compromised Web sites to host malicious software for use in drive-by download attacks, but at least one crime gang is taking it a step further New research shows that crooks spreading the Dyre malware for use in cyberheists are leveraging hacked wireless routers to deliver their password-stealing crimeware http://www.secuobs.com/revue/news/575752.shtmlhttp://www.secuobs.com/revue/news/575752.shtml Secuobs.com : 2015-06-27 22:50:33 - Krebs on Security - We often hear about the impact of cybercrime, but too seldom do we read about the successes that law enforcement officials have in apprehending those responsible and bringing them to justice Last week was an especially busy time for cybercrime justice, with authorities across the globe bringing arrests, prosecutions and some cases stiff sentences in connection with a broad range of cyber crimes, including ATM and bank account cashouts, malware distribution and swatting attacks http://www.secuobs.com/revue/news/575669.shtmlhttp://www.secuobs.com/revue/news/575669.shtml Secuobs.com : 2015-06-24 20:18:51 - Krebs on Security - Hershey Park, a popular resort and amusement park in Hershey, Pa has hired a security firm to investigate reports from multiple financial institutions about a possible credit card breach, KrebsOnSecurity has learned http://www.secuobs.com/revue/news/575328.shtmlhttp://www.secuobs.com/revue/news/575328.shtml Secuobs.com : 2015-06-23 18:13:41 - Krebs on Security - Adobe Systems Inc today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible http://www.secuobs.com/revue/news/575149.shtmlhttp://www.secuobs.com/revue/news/575149.shtml Secuobs.com : 2015-06-23 14:47:39 - Krebs on Security - I've spent the better part of the last month running a little experiment to see how much I would miss Adobe's buggy and insecure Flash Player software if I removed it from my systems altogether Turns out, not so much http://www.secuobs.com/revue/news/575100.shtmlhttp://www.secuobs.com/revue/news/575100.shtml Secuobs.com : 2015-06-22 20:25:19 - Krebs on Security - Netflix, Hulu and a host of other content streaming services block non-US users from viewing their content As a result, many people residing in or traveling outside of the United States seek to circumvent such restrictions by using services that advertise free and open Web proxies capable of routing browser traffic through US-based computers and networks Perhaps unsurprisingly, new research suggests that most of these free offerings are anything but, and actively seek to weaken browser security and privacy http://www.secuobs.com/revue/news/574998.shtmlhttp://www.secuobs.com/revue/news/574998.shtml Secuobs.com : 2015-06-18 14:47:24 - Krebs on Security - A database supposedly from a sample of information stolen in the much publicized hack at the Office of Personnel Management OPM has been making the rounds in the cybercrime underground, with some ne'er-do-wells even offering to sell it as part of a larger package But a review of the information made available as a teaser indicates that the database is instead a list of users stolen from a different government agency -- Unicorgov, also known as Federal Prison Industries http://www.secuobs.com/revue/news/574516.shtmlhttp://www.secuobs.com/revue/news/574516.shtml Secuobs.com : 2015-06-17 19:26:00 - Krebs on Security - Normally, I don't cover vulnerabilities about which the user can do little or nothing to prevent, but two newly detailed flaws affecting hundreds of millions of Android, iOS and Apple products probably deserve special exceptions http://www.secuobs.com/revue/news/574421.shtmlhttp://www.secuobs.com/revue/news/574421.shtml Secuobs.com : 2015-06-16 06:38:20 - Krebs on Security - LastPass, a company that offers users a way to centrally manage all of their passwords online with a single master password, disclosed Monday that intruders had broken into its databases and made off with user email addresses and password reminders, among other data http://www.secuobs.com/revue/news/574176.shtmlhttp://www.secuobs.com/revue/news/574176.shtml Secuobs.com : 2015-06-15 18:02:47 - Krebs on Security - I heard from many readers last week who were curious why I had not weighed in on the massive and apparently still unfolding data breach at the US Office of Personnel Management OPM Turns out, the easiest way for a reporter to make sure everything hits the fan from a cybersecurity perspective is to take a two week vacation to the other end of the world What follows is a timeline that helped me get my head on straight about the events the preceded this breach, followed by some analysis and links to other perspectives on the matter http://www.secuobs.com/revue/news/574118.shtmlhttp://www.secuobs.com/revue/news/574118.shtml Secuobs.com : 2015-06-13 02:50:09 - Krebs on Security - Fred's Inc, a discount general merchandise and pharmacy chain that operates 650 stores in more than a dozen states, disclosed today that it is investigating a potential credit card breach http://www.secuobs.com/revue/news/573896.shtmlhttp://www.secuobs.com/revue/news/573896.shtml Secuobs.com : 2015-06-11 00:33:35 - Krebs on Security - Missing Link Networks Inc, a credit card processor and point-of-sale vendor that serves a number of wineries in Northern California and elsewhere, disclosed today that a breach of its networks exposed card data for transactions it processed in the month of April 2015 http://www.secuobs.com/revue/news/573652.shtmlhttp://www.secuobs.com/revue/news/573652.shtml Secuobs.com : 2015-06-09 14:54:00 - Krebs on Security - Last week, KrebsOnSecurity ran an interview with Julie Magee, Alabama s chief tax administrator, to examine what the states are doing in tandem with the IRS and others to make it harder for ID thieves to commit tax refund fraud a 6 billion a year problem Today we ll hear from John Valentine, chair of Utah s State Tax Commission, about the challenges his state faced this year, as well as the prospect that tax preparation firms could be forced return to the US Treasury any profits they make from processing fraudulent tax refunds http://www.secuobs.com/revue/news/573464.shtmlhttp://www.secuobs.com/revue/news/573464.shtml Secuobs.com : 2015-06-08 08:22:54 - Krebs on Security - If you ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data Even if you haven t noticed or maybe you just haven t actually received a breach notice , I m here to tell you that if you re an American, your basic personal data is already for sale What follows is a primer on what you can do to avoid becoming a victim of identity theft as a result of all this data s pillage http://www.secuobs.com/revue/news/573303.shtmlhttp://www.secuobs.com/revue/news/573303.shtml Secuobs.com : 2015-06-02 08:54:32 - Krebs on Security - When identity thieves filed a phony 7,7700 tax refund request in the name of Joe Garrett, Alabama s deputy tax commissioner, they didn t get all of the money they requested A portion of the cash went to more than a half dozen US companies that each grab a slice of the fraudulent refund, including banks, payment processing firms, tax preparation companies and e-commerce giants http://www.secuobs.com/revue/news/572737.shtmlhttp://www.secuobs.com/revue/news/572737.shtml Secuobs.com : 2015-06-02 08:54:32 - Krebs on Security - With the 2014 tax filing season squarely in the rearview mirror, state tax authorities are struggling to incorporate new approaches to identifying and stopping fraudulent tax refund requests, a 6 billion-a-year problem that's hit many states particularly hard this year But some states say they are encountering resistance to those efforts on nearly every front, from Uncle Sam to online tax vendors and from the myriad of financial firms that profit handsomely from processing phony tax refunds http://www.secuobs.com/revue/news/572736.shtmlhttp://www.secuobs.com/revue/news/572736.shtml Secuobs.com : 2015-06-01 00:27:58 - Krebs on Security - What makes one novel strain of malicious software more dangerous or noteworthy than another Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it Most experts probably would say it s important to consider attribution insofar as it is knowable, but it s remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools http://www.secuobs.com/revue/news/572565.shtmlhttp://www.secuobs.com/revue/news/572565.shtml Secuobs.com : 2015-05-28 17:52:08 - Krebs on Security - Cybercriminals who specialize in phishing -- or tricking people into giving up usernames and passwords at fake bank and ecommerce sites -- aren't generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah That's most definitely the case with a phishing gang that calls itself the Manipulaters Team , whose Web site boasts that it specializes in brand research and development http://www.secuobs.com/revue/news/572288.shtmlhttp://www.secuobs.com/revue/news/572288.shtml Secuobs.com : 2015-05-27 19:09:29 - Krebs on Security - Mobile spyware maker mSpy has expended a great deal of energy denying and then later downplaying a breach involving data stolen from tens of thousands of mobile devices running its software Unfortunately for victims of this breach, mSpy's lackadaisical response has left millions of screenshots taken from those devices wide open and exposed to the Internet via its own Web site http://www.secuobs.com/revue/news/572143.shtmlhttp://www.secuobs.com/revue/news/572143.shtml Secuobs.com : 2015-05-27 00:37:21 - Krebs on Security - In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service IRS were using the IRS's own Web site to pull taxpayer data needed to complete the phony requests Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year http://www.secuobs.com/revue/news/572030.shtmlhttp://www.secuobs.com/revue/news/572030.shtml Secuobs.com : 2015-05-26 07:02:38 - Krebs on Security - The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade And there is some evidence that ne'er-do-wells are actively trading this data and planning to abuse it for financial gain http://www.secuobs.com/revue/news/571896.shtmlhttp://www.secuobs.com/revue/news/571896.shtml Secuobs.com : 2015-05-21 15:42:55 - Krebs on Security - CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 11 million customers There are indications that the same attack methods may have been used in this intrusion as with breaches at Anthem and Premera, incidents that collectively involved data on more than 90 million Americans http://www.secuobs.com/revue/news/571528.shtmlhttp://www.secuobs.com/revue/news/571528.shtml Secuobs.com : 2015-05-21 02:37:14 - Krebs on Security - Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online mSpy has since been quoted twice by other publications denying a breach of its systems Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers http://www.secuobs.com/revue/news/571465.shtmlhttp://www.secuobs.com/revue/news/571465.shtml Secuobs.com : 2015-05-20 06:51:46 - Krebs on Security - A security firm made headlines last week when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks But a closer look at the details behind that report suggests that the actors in question were relatively unsophisticated Nigerian phishers who'd simply registered a bunch of new fake bank Web sites http://www.secuobs.com/revue/news/571318.shtmlhttp://www.secuobs.com/revue/news/571318.shtml Secuobs.com : 2015-05-18 23:37:25 - Krebs on Security - The St Louis Federal Reserve today sent a message to the banks it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office http://www.secuobs.com/revue/news/571156.shtmlhttp://www.secuobs.com/revue/news/571156.shtml Secuobs.com : 2015-05-18 18:45:15 - Krebs on Security - When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus Hardly a week goes by when I don't hear from readers about a breathless story proclaiming that yet another household brand name company has been hacked Upon closer inspection, the stories usually are based on little more than anecdotal evidence from customers who had their online loyalty or points accounts hijacked and then drained of value http://www.secuobs.com/revue/news/571120.shtmlhttp://www.secuobs.com/revue/news/571120.shtml Secuobs.com : 2015-05-14 23:11:44 - Krebs on Security - mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked Last week, a huge trove of data apparently stolen from the company's servers was posted on the Dark Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy users http://www.secuobs.com/revue/news/570786.shtmlhttp://www.secuobs.com/revue/news/570786.shtml Secuobs.com : 2015-05-11 05:58:43 - Krebs on Security - Not long ago I heard from a reader who wanted advice on how to stop someone from scanning his home network, or at least recommendations about to whom he should report the person doing the scanning I couldn't believe that people actually still cared about scanning, and I told him as much These days there are countless entities -- some benign and research-oriented, and some less benign -- that are continuously mapping and cataloging virtually every devices that's put online http://www.secuobs.com/revue/news/570287.shtmlhttp://www.secuobs.com/revue/news/570287.shtml Secuobs.com : 2015-05-08 02:55:11 - Krebs on Security - This week, nationwide beauty products chain Sally Beauty disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data That investigation is ongoing, but I recently had an opportunity to interview a former Sally Beauty IT technician who provided a first-hand look at how the first breach in 2014 breach went down http://www.secuobs.com/revue/news/570100.shtmlhttp://www.secuobs.com/revue/news/570100.shtml Secuobs.com : 2015-05-06 07:46:40 - Krebs on Security - Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment Increasingly, however, these accounts are showing up for sale at Payivy dot com, an open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts http://www.secuobs.com/revue/news/569835.shtmlhttp://www.secuobs.com/revue/news/569835.shtml Secuobs.com : 2015-05-04 17:04:22 - Krebs on Security - For the second time in a year, nationwide beauty products chain Sally Beauty Holdings Inc says it is investigating reports of unusual credit and debit card activity at some of its US stores Last week, KrebsOnSecurity began hearing from multiple financial institutions about a pattern of fraudulent charges on cards that were all recently used http://www.secuobs.com/revue/news/569614.shtmlhttp://www.secuobs.com/revue/news/569614.shtml Secuobs.com : 2015-05-04 06:27:30 - Krebs on Security - Credit and debit card skimmers secretly attached to gas pumps are an increasingly common scourge throughout the United States But the tables can be turned when these fraud devices are discovered, as evidenced by one California police department that has eschewed costly and time-consuming stakeouts in favor of affixing GPS tracking devices to the skimmers and then waiting for thieves to come collect their bounty http://www.secuobs.com/revue/news/569556.shtmlhttp://www.secuobs.com/revue/news/569556.shtml Secuobs.com : 2015-05-01 08:09:36 - Krebs on Security - Last week, Allentown, Pa based point-of-sale POS maker Harbortouch disclosed that a breach involving a small number of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants KrebsOnSecurity has recently heard from a major US card issuer that says the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide http://www.secuobs.com/revue/news/569358.shtmlhttp://www.secuobs.com/revue/news/569358.shtml Secuobs.com : 2015-04-28 20:01:49 - Krebs on Security - Chinese government censors at the helm of the Great Firewall of China appear to have errantly blocked Chinese Web surfers from visiting pages that call out to connectfacebooknet, a resource used by Facebook's like buttons While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks -- effectively preventing millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored http://www.secuobs.com/revue/news/569064.shtmlhttp://www.secuobs.com/revue/news/569064.shtml Secuobs.com : 2015-04-28 07:08:09 - Krebs on Security - When your credit card gets stolen because a merchant you did business with got hacked, it's often quite easy for investigators to figure out which company was victimized The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed through a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach http://www.secuobs.com/revue/news/568979.shtmlhttp://www.secuobs.com/revue/news/568979.shtml Secuobs.com : 2015-04-27 23:16:08 - Krebs on Security - Sendgrid, an email service used by tens of thousands of companies -- including Silicon Valley giants as well as Bitcoin exchange Coinbase -- said attackers compromised a Sendgrid employee's account, which was then used to steal the usernames, email addresses and hashed passwords of customer and employee accounts The announcement comes several weeks after Sendgrid sought to assure customers that the breach was limited to a single customer account http://www.secuobs.com/revue/news/568954.shtmlhttp://www.secuobs.com/revue/news/568954.shtml Secuobs.com : 2015-04-27 06:36:07 - Krebs on Security - Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum think '15 pieces of flair' When the phrase security maturity came to mind, I thought for sure I'd conceived of an original idea and catchy phrase It turns out this is already a thing And a really notable thing at that http://www.secuobs.com/revue/news/568846.shtmlhttp://www.secuobs.com/revue/news/568846.shtml Secuobs.com : 2015-04-20 09:38:17 - Krebs on Security - I ve been doing quite a bit of public speaking lately usually about cybercrime and underground activity and there s one question that nearly always comes from the audience Why are these fraud Web sites allowed to operate, and not simply taken down This post is intended to serve as the go-to spot for answering http://www.secuobs.com/revue/news/567866.shtmlhttp://www.secuobs.com/revue/news/567866.shtml Secuobs.com : 2015-04-15 17:11:09 - Krebs on Security - PoSeidon, a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale POS devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud http://www.secuobs.com/revue/news/567490.shtmlhttp://www.secuobs.com/revue/news/567490.shtml Secuobs.com : 2015-04-14 21:18:04 - Krebs on Security - Get your patch chops on people, because chances are you're running software from Microsoft, Adobe or Oracle that received critical security updates today Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication http://www.secuobs.com/revue/news/567341.shtmlhttp://www.secuobs.com/revue/news/567341.shtml Secuobs.com : 2015-04-13 14:59:13 - Krebs on Security - In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a suspected breach of point-of-sale systems at 10 locations http://www.secuobs.com/revue/news/567093.shtmlhttp://www.secuobs.com/revue/news/567093.shtml Secuobs.com : 2015-04-10 12:54:14 - Krebs on Security - China has been actively diverting unencrypted Web traffic destined for its top online search service -- Baiducom -- so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week http://www.secuobs.com/revue/news/566821.shtmlhttp://www.secuobs.com/revue/news/566821.shtml Secuobs.com : 2015-04-07 20:41:46 - Krebs on Security - The Federal Bureau of Investigation FBI is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams ISIS are mass-defacing Websites using known vulnerabilities in WordPress The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web http://www.secuobs.com/revue/news/566393.shtmlhttp://www.secuobs.com/revue/news/566393.shtml Secuobs.com : 2015-04-06 16:16:06 - Krebs on Security - Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs However, an increasingly common form of ATM fraud -- physical destruction -- costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs http://www.secuobs.com/revue/news/566186.shtmlhttp://www.secuobs.com/revue/news/566186.shtml Secuobs.com : 2015-04-01 23:03:16 - Krebs on Security - In October 2014, KrebsOnSecurity examined a novel replay attack that sought to exploit implementation weaknesses at US financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards Today's post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud http://www.secuobs.com/revue/news/565726.shtmlhttp://www.secuobs.com/revue/news/565726.shtml Secuobs.com : 2015-03-30 06:41:40 - Krebs on Security - If you re an American and haven t yet created an account at irsgov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his http://www.secuobs.com/revue/news/565257.shtmlhttp://www.secuobs.com/revue/news/565257.shtml