Krebs on Security

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

“ BriansClub ,” one of the largest underground stores for buying stolen credit card data, has itself been hacked.

Sales 284

MyPayrollHR CEO Arrested, Admits to $70M Fraud

Krebs on Security

Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers.

Interview With the Guy Who Tried to Frame Me for Heroin Possession

Krebs on Security

In April 2013, I received via U.S. mail more than a gram of pure heroin as part of a scheme to get me arrested for drug possession. But the plan failed and the Ukrainian mastermind behind it soon after was imprisoned for unrelated cybercrime offenses.

Man Who Hired Deadly Swatting Gets 15 Months

Krebs on Security

An Ohio teen who recruited a convicted serial “swatter “to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison. Image: FBI.gov.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies.

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned.

IT 285

Spam In your Calendar? Here’s What to Do.

Krebs on Security

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working.

Ransomware Bites Dental Data Backup Firm

Krebs on Security

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct , an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Cybersecurity Firm Imperva Discloses Breach

Krebs on Security

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based

Phishers are Angling for Your Cloud Providers

Krebs on Security

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers.

Cloud 283

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states.

Sales 285

Forced Password Reset? Check Your Assumptions

Krebs on Security

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

‘Satori’ IoT Botnet Operator Pleads Guilty

Krebs on Security

A 21-year-old man from Vancouver, Wash.

IoT 274

The Rise of “Bulletproof” Residential Networks

Krebs on Security

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers.

Retail 284

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests.

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Who Owns Your Wireless Service? Crooks Do.

Krebs on Security

Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary.

The Risk of Weak Online Banking Passwords

Krebs on Security

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process.

Patch Tuesday, August 2019 Edition

Krebs on Security

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out.

What We Can Learn from the Capital One Hack

Krebs on Security

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One.

Capital One Data Theft Impacts 106M People

Krebs on Security

Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms.

Cloud 285

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned.

Neo-Nazi SWATters Target Dozens of Journalists

Krebs on Security

Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views.

What You Should Know About the Equifax Data Breach Settlement

Krebs on Security

Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans.

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Krebs on Security

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days.

The Unsexy Threat to Election Security

Krebs on Security

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news.

Patch Tuesday, September 2019 Edition

Krebs on Security

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software.

IT 248

Who’s Behind the GandCrab Ransomware?

Krebs on Security

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims.

Is ‘REvil’ the New GandCrab Ransomware?

Krebs on Security

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims.

No Jail Time for “WannaCry Hero”

Krebs on Security

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication.

Breach at Cloud Solution Provider PCM Inc.

Krebs on Security

A digital intrusion at PCM Inc. , a major U.S.-based based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. El Segundo, Calif.

Cloud 285