tsu doh nimh writes: Brian Krebs has a readable and ironic story about a phishing-as-a-service product that iPhone thieves can use to phish the Apple iCloud credentials from people who have recently had an iPhone lost or stolen. The phishing service — which charged as much as $120 for successful phishing attempts targeting iPhone 6s users — was poorly secured, and a security professional that Krebs worked with managed to guess several passwords for users on the service. From there, the story looks at how this phishing service works, how it tracks victims, and ultimately how one of its core resellers phished his own iCloud account and inadvertently gave his exact location as a result.
tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called "supply chain" malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. This intrusion would probably not be that notable if the software vendor didn't have a long list of Fortune 500 customers, and if the attackers hadn't also compromised the company's update servers — essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site — not linking to it anywhere. Brian Krebs went and digged it up.
tsu doh nimh writes: Two young Israeli men alleged to be the co-owners of a popular online attack-for-hire service were arrested in Israel on Thursday. The pair were arrested around the same time that KrebsOnSecurity.com published a story naming them as the masterminds behind a service that can be hired to knock Web sites and Internet users offline with powerful blasts of junk data. That earlier story was the subject of a Slashdot discussion here.
tsu doh nimh writes: The pwnedlist.com — a 5-year-old service that claims to have cataloged 866 million usernames and passwords from credentials posted to sites like Pastebin and other data dump sites — is closing its doors later this month. The May 16, 2016 planned closure comes just days after security journalist Brian Krebs showed how a simple authentication weakness in the site evaded Pwnedlist's account restrictions and exposed virtually all credentials housed by the service.
tsu doh nimh writes: Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive "distributed denial of service" (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked, Brian Krebs reports. "The entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus customer credentials, support tickets, credit card numbers and other sensitive data." Staminus' site is still displaying a message to customers to get updates via the company's social media accounts.
tsu doh nimh writes: Brian Krebs has something of a scoop about Norse Corp., the cyber intelligence company that became famous for its interactive attack map. From the story: Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the company's board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the company's investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do." Krebs's story looks into the history of the company's founders, includes interviews with former Norse employees, and concludes that this was probably inevitable.
tsu doh nimh writes: Brian Krebs has something of a scoop about Norse Corp., the cyber intelligence company that became famous for its interactive attack map. From the story: Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the companyâ(TM)s board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the companyâ(TM)s investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do." Krebs's story looks into the history of the company's founders, includes interviews with former Norse employees, and concludes that this was probably inevitable.
tsu doh nimh writes: The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies â" mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help âoecritical infrastructureâ companies shore up their computer and network defenses against real-world adversaries. And itâ(TM)s all free of charge (well, on the U.S. taxpayerâ(TM)s dime). Brian Krebs examines some of the pros and cons, and the story has some interesting feedback from some banks and others who have apparently taken DHS up on its offer.
tsu doh nimh writes: One of the more common and destructive computer crimes to emerge over the past few years involves "ransomware," malicious code that quietly scrambles all of the infected user's documents and files with very strong encryption. A ransom, to be paid in Bitcoin, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site's files, pages and images for ransom. KrebsOnSecurity interviews one recent victim and points to resources for regular users and site administrators. Meanwhile, Lawrence Abrams at BleepingComputer writes about one ransomware variant so riddled with programming flaws that even victims who pay the ransom can't possibly get their files back.
tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.
tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids.
tsu doh nimh writes: If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view you current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.
tsu doh nimh writes: The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community's bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.
tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345'. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.
tsu doh nimh writes: A new report from the U.S. Treasury Department found that nearly $24 million in bank account takeovers by and other cyber theft over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through the Tor anonymity network. Brian Krebs cites from the non-public report, which relied on an analysis of suspicious activity reports filed by banks over the past decade: "Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor related filings were rapidly rising. Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses." Meanwhile, the Tor Project continues to ask for assistance in adapting the technology to an Internet that is increasingly blocking users who visit from Tor.