Krebs – Page 31 – Computer Security Articles

Senators Urge FTC to Probe ID.me Over Selfie Data

May 18, 2022 admin A Little Sunshine, biometrics, blake hall, cyberscoop, Facial Recognition, Federal Trade Commission, ftc chair lina khan, id.me, Internal Revenue Service, sen. alex padilla, sen. cory booker, sen. edward markey, Sen. Ron Wyden, The Coming Storm, tonya riley

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 16:55:40 +0000

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.

Independent Krebs

When Your Smart ID Card Reader Comes With Malware

May 17, 2022 admin A Little Sunshine, cac reader, cert-cc, david dixon, michael danberry, militarycac.com, saicoo, The Coming Storm, u.s. general services administration, will dormann

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 01:07:59 +0000

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

Independent Krebs

DEA Investigating Breach of Law Enforcement Data Portal

May 12, 2022 admin A Little Sunshine, data breaches, Department of Justice, domain block list, Doxbin, drug enforcement administration, el paso intelligence center, emergency data request, Epic, esp.usdoj.gov, FBI, ICSI, kt, lapsus$, law enforcement inquiry and alerts, leia, national seizure system, Ne'er-Do-Well News, Nicholas Weaver, nss, spamhaus, The Coming Storm, u.s. drug enforcement agency

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Independent Krebs

Microsoft Patch Tuesday, May 2022 Edition

May 10, 2022 admin adobe, cve-2022-26925, cve-2022-26937, dustin childs, Greg Wiseman, local security authortity, microsoft patch tuesday may 2022, petitpotam, Rapid7, Satnam Narang, Tenable, Time to Patch, trend micro zero day initiative, windows print spooler

Credit to Author: BrianKrebs| Date: Wed, 11 May 2022 02:34:59 +0000

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

Independent Krebs

Your Phone May Soon Replace Many of Your Passwords

May 7, 2022 admin A Little Sunshine, apple, FIDO Alliance, google, johannes ullrich, microsoft, Nicholas Weaver, sampath srinivas, sans, Security Tools, spycloud, steve bellovin, World Wide Web Consortium

Credit to Author: BrianKrebs| Date: Sat, 07 May 2022 13:31:17 +0000

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Independent Krebs

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

May 2, 2022 admin A Little Sunshine, Ne'er-Do-Well News, russia's war on ukraine

Credit to Author: BrianKrebs| Date: Mon, 02 May 2022 21:29:34 +0000

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Independent Krebs

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

April 29, 2022 admin briansclub, google, michelle chang, Security Tools, Techcrunch

Credit to Author: BrianKrebs| Date: Fri, 29 Apr 2022 19:25:49 +0000

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.

Independent Krebs

Fighting Fake EDRs With ‘Credit Ratings’ for Police

April 27, 2022 admin A Little Sunshine, apple, AT&T, Coinbase, discord, emergency data request, FBI, GitHub, google, kodex, LinkedIn, matt donahue, meta, microsoft, snapchat, T-Mobile, The Coming Storm, TikTok, twilio, Twitter, Verizon, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.