Legal Threats Make Powerful Phishing Lures

17 hours 22 minutes ago
Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days -- or else. Here's a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
BrianKrebs

Account Hijacking Forum OGusers Hacked

4 days 23 hours ago
Ogusers[.]com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.
BrianKrebs

Feds Target $100M ‘GozNym’ Cybercrime Network

6 days 14 hours ago
Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.
BrianKrebs

A Tough Week for IP Address Scammers

1 week ago
In the early days of the Internet, there was a period when Internet Protocol 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With the value of a single IP hovering between $15-$25, those registries are now fighting a wave of shady brokers who specialize in securing new IP address blocks under false pretenses and then reselling to spammers. Here's the story of one broker who fought back in the courts, and lost spectacularly. On May 14, South Carolina U.S. Attorney Sherri Lydon filed criminal wire fraud charges against Amir Golestan, alleging he and his Charleston, S.C. based company Micfo LLC orchestrated an elaborate network of phony companies and aliases to gather more than 735,000 IPs from the American Registry for Internet Numbers (ARIN), a nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.
BrianKrebs

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

1 week 1 day ago
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The vulnerability (CVE-2019-0709) resides in the "remote desktop services" component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.
BrianKrebs

Nine Charged in Alleged SIM Swapping Ring

1 week 5 days ago
Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target's phone number and diverting all texts and phone calls to the attacker's mobile device. From there, the attackers simply start requesting password reset links via text message for a variety of accounts tied to the hijacked phone number. All told, the government said this gang -- allegedly known to its members as "The Community" -- made more than $2.4 million stealing cryptocurrencies and extorting people for restoring access to social media accounts that were hijacked after a successful SIM-swap.
BrianKrebs

What’s Behind the Wolters Kluwer Tax Outage?

2 weeks 1 day ago
Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access. Shortly after that report, the CCH file directory for tax software downloads was taken offline. As of this publication, several readers have reported outages affecting multiple CCH Web sites. These same readers reported being unable to access their clients' tax data in CCH's cloud because of the ongoing outages.
BrianKrebs

Feds Bust Up Dark Web Hub Wall Street Market

2 weeks 5 days ago
Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world's largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) -- in exchange for not publishing details of the transactions.
BrianKrebs

Credit Union Sues Fintech Giant Fiserv Over Security Claims

2 weeks 5 days ago
A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that "baffling" security vulnerabilities in the company's software are "wreaking havoc" on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about a glaring security weakness a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites.
BrianKrebs

Data: E-Retail Hacks More Lucrative Than Ever

3 weeks 1 day ago
For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores. But new data suggests that over the past year, the economics of supply-and-demand have helped to double the average price fetched by card-not-present data, meaning cybercrooks now have far more incentive than ever to target e-commerce stores.
BrianKrebs

P2P Weakness Exposes Millions of IoT Devices

3 weeks 5 days ago
A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.
BrianKrebs

Who’s Behind the RevCode WebMonitor RAT?

1 month ago
The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.
BrianKrebs

Wipro Intruders Targeted Other Major IT Firms

1 month ago
The criminals responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India's third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant -- two other large technology consulting companies, new evidence suggests.
BrianKrebs

How Not to Acknowledge a Data Breach

1 month ago
I'm not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally it seems necessary to publish such accounts when companies respond to a breach report in such a way that it's crystal clear that they wouldn't know what to do with a breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.
BrianKrebs

Experts: Breach at IT Outsourcing Giant Wipro

1 month 1 week ago
Indian information technology (IT) outsourcing and consulting giant Wipro [NYSE:WIT] is investigating reports from multiple security experts that Wipro's systems have been hacked and are being used to launch attacks against the company's customers, multiple sources tell KrebsOnSecurity. The company has refused to respond to questions about the alleged incident.
BrianKrebs

‘Land Lordz’ Service Powers Airbnb Scams

1 month 1 week ago
Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called "Land Lordz," which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.
BrianKrebs

Android 7.0+ Phones Can Now Double as Google Security Keys

1 month 1 week ago
Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google's various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft.
BrianKrebs

Patch Tuesday Lowdown, April 2019 Edition

1 month 1 week ago
Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player.
BrianKrebs

A Year Later, Cybercrime Groups Still Rampant on Facebook

1 month 2 weeks ago
Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching turned up more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis found some 74 cybercrime groups operating openly on Facebook with more than 385,000 members.
BrianKrebs
Checked
6 hours 41 minutes ago
In-depth security news and investigation
Subscribe to Krebs on Security feed