tsu doh nimh writes: The pwnedlist.com — a 5-year-old service that claims to have cataloged 866 million usernames and passwords from credentials posted to sites like Pastebin and other data dump sites — is closing its doors later this month. The May 16, 2016 planned closure comes just days after security journalist Brian Krebs showed how a simple authentication weakness in the site evaded Pwnedlist's account restrictions and exposed virtually all credentials housed by the service.
tsu doh nimh writes: Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive "distributed denial of service" (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked, Brian Krebs reports. "The entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus customer credentials, support tickets, credit card numbers and other sensitive data." Staminus' site is still displaying a message to customers to get updates via the company's social media accounts.
tsu doh nimh writes: Brian Krebs has something of a scoop about Norse Corp., the cyber intelligence company that became famous for its interactive attack map. From the story: Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the company's board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the company's investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do." Krebs's story looks into the history of the company's founders, includes interviews with former Norse employees, and concludes that this was probably inevitable.
tsu doh nimh writes: Brian Krebs has something of a scoop about Norse Corp., the cyber intelligence company that became famous for its interactive attack map. From the story: Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the companyâ(TM)s board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the companyâ(TM)s investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do." Krebs's story looks into the history of the company's founders, includes interviews with former Norse employees, and concludes that this was probably inevitable.
tsu doh nimh writes: The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies â" mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help âoecritical infrastructureâ companies shore up their computer and network defenses against real-world adversaries. And itâ(TM)s all free of charge (well, on the U.S. taxpayerâ(TM)s dime). Brian Krebs examines some of the pros and cons, and the story has some interesting feedback from some banks and others who have apparently taken DHS up on its offer.
tsu doh nimh writes: One of the more common and destructive computer crimes to emerge over the past few years involves "ransomware," malicious code that quietly scrambles all of the infected user's documents and files with very strong encryption. A ransom, to be paid in Bitcoin, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site's files, pages and images for ransom. KrebsOnSecurity interviews one recent victim and points to resources for regular users and site administrators. Meanwhile, Lawrence Abrams at BleepingComputer writes about one ransomware variant so riddled with programming flaws that even victims who pay the ransom can't possibly get their files back.
tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.
tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids.
tsu doh nimh writes: If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view you current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.
tsu doh nimh writes: The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community's bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.
tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345'. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.
tsu doh nimh writes: A new report from the U.S. Treasury Department found that nearly $24 million in bank account takeovers by and other cyber theft over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through the Tor anonymity network. Brian Krebs cites from the non-public report, which relied on an analysis of suspicious activity reports filed by banks over the past decade: "Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor related filings were rapidly rising. Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses." Meanwhile, the Tor Project continues to ask for assistance in adapting the technology to an Internet that is increasingly blocking users who visit from Tor.
tsu doh nimh writes: A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.
tsu doh nimh writes: KrebsOnSecurity looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.The service allows companies to attack competitors by raising their costs or exhausting their ad budgets early in the day. Advertised on YouTube and run by a guy boldly named “GoodGoogle,” the service employs a combination of custom software and hands-on customer service, and promises clients the ability to block the appearance of competitors’ ads. From the story: "The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely."
tsu doh nimh writes: In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company’s recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software. Some anti-spam experts who worked very closely on Canada’s Anti-Spam Law (CASL) say they are baffled by Microsoft’s response to a law which has been almost a decade in the making. Indeed, an exception in the law says it does not apply to commercial electronic messages that solely provide “warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.” Several people have observed that Microsoft likely is using the law as a convenient excuse for dumping an expensive delivery channel.