Latest Warnings

IndependentKrebs

Sextortion Scam Uses Recipient’s Hacked Passwords

Credit to Author: BrianKrebs| Date: Thu, 12 Jul 2018 14:19:53 +0000

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

Read More
IndependentKrebs

Plant Your Flag, Mark Your Territory

Credit to Author: BrianKrebs| Date: Thu, 28 Jun 2018 17:50:26 +0000

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.

Read More
IndependentKrebs

FBI: Kindly Reboot Your Router Now, Please

Credit to Author: BrianKrebs| Date: Mon, 28 May 2018 18:54:22 +0000

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

Read More
IndependentKrebs

Mobile Giants: Please Don’t Share the Where

Credit to Author: BrianKrebs| Date: Tue, 22 May 2018 16:05:50 +0000

Your mobile phone is giving away your approximate location all day long. This isn’t exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers in the United States — AT&T, Sprint, T-Mobile and Verizon — are selling this location information to third party companies — in real time — without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. It may be tough to put a price on one’s location privacy, but here’s something of which you can be sure: The mobile carriers are selling data about where you are at any time, without your consent, to third-parties for probably far less than you might be willing to pay to secure it.

Read More
IndependentKrebs

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

Credit to Author: BrianKrebs| Date: Fri, 18 May 2018 18:35:24 +0000

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber’s account in an elaborate scheme to steal the customer’s three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here’s what happened, and some tips on how you can protect yourself from a similar fate.

Read More
IndependentKrebs

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site

Credit to Author: BrianKrebs| Date: Thu, 17 May 2018 18:29:18 +0000

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.

Read More
IndependentKrebs

Microsoft Patch Tuesday, May 2018 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 May 2018 20:38:16 +0000

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness. First, the Flash Tuesday update, which brings Flash Player to v. 29.0.0.171. Some (present company included) would argue that Flash Player is in itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.

Read More