tsu doh nimh writes: Brian Krebs has something of a scoop about Norse Corp., the cyber intelligence company that became famous for its interactive attack map. From the story: Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the company's board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the company's investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do." Krebs's story looks into the history of the company's founders, includes interviews with former Norse employees, and concludes that this was probably inevitable.
tsu doh nimh writes: Brian Krebs has something of a scoop about Norse Corp., the cyber intelligence company that became famous for its interactive attack map. From the story: Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the companyâ(TM)s board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the companyâ(TM)s investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do." Krebs's story looks into the history of the company's founders, includes interviews with former Norse employees, and concludes that this was probably inevitable.
tsu doh nimh writes: The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies â" mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help âoecritical infrastructureâ companies shore up their computer and network defenses against real-world adversaries. And itâ(TM)s all free of charge (well, on the U.S. taxpayerâ(TM)s dime). Brian Krebs examines some of the pros and cons, and the story has some interesting feedback from some banks and others who have apparently taken DHS up on its offer.
tsu doh nimh writes: One of the more common and destructive computer crimes to emerge over the past few years involves "ransomware," malicious code that quietly scrambles all of the infected user's documents and files with very strong encryption. A ransom, to be paid in Bitcoin, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site's files, pages and images for ransom. KrebsOnSecurity interviews one recent victim and points to resources for regular users and site administrators. Meanwhile, Lawrence Abrams at BleepingComputer writes about one ransomware variant so riddled with programming flaws that even victims who pay the ransom can't possibly get their files back.
tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.
tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids.
tsu doh nimh writes: If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view you current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.
tsu doh nimh writes: The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community's bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.
tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345'. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.
tsu doh nimh writes: A new report from the U.S. Treasury Department found that nearly $24 million in bank account takeovers by and other cyber theft over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through the Tor anonymity network. Brian Krebs cites from the non-public report, which relied on an analysis of suspicious activity reports filed by banks over the past decade: "Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor related filings were rapidly rising. Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses." Meanwhile, the Tor Project continues to ask for assistance in adapting the technology to an Internet that is increasingly blocking users who visit from Tor.
tsu doh nimh writes: A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.
tsu doh nimh writes: KrebsOnSecurity looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.The service allows companies to attack competitors by raising their costs or exhausting their ad budgets early in the day. Advertised on YouTube and run by a guy boldly named “GoodGoogle,” the service employs a combination of custom software and hands-on customer service, and promises clients the ability to block the appearance of competitors’ ads. From the story: "The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely."
tsu doh nimh writes: In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company’s recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software. Some anti-spam experts who worked very closely on Canada’s Anti-Spam Law (CASL) say they are baffled by Microsoft’s response to a law which has been almost a decade in the making. Indeed, an exception in the law says it does not apply to commercial electronic messages that solely provide “warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.” Several people have observed that Microsoft likely is using the law as a convenient excuse for dumping an expensive delivery channel.
tsu doh nimh writes: Nationwide chain P.F. Chang’s China Bistro said Tuesday that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide.On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014.The ad for the Ronald Reagan batch of cards also includes guidance for potential customers who wish to fund their accounts via Western Union or MoneyGram wire transfers, advice that strongly suggests those involved in this apparent heist are once again from Russia and Eastern Europe: "Western Union transfers will be received in the next 48-72 hours! Money Gram transfers will be received 10-11 of June. Please note: 12, 13, 14, 15 of June are the government holidays in the drops country and Money Gram transfers will be received starting Monday June 16th." June 12 is "Russia Day," a national holiday in Russia since 1992 that celebrates the declaration of state sovereignty of the Russian Soviet Federative Socialist Republic on June 12, 1990.
tsu doh nimh writes: The U.S. Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than $100 million in losses from online banking account takeovers. The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, a.k.a. "Slavik."