Other – Page 12 – Computer Security Articles

Microsoft, Adobe Ship Critical Fixes

Credit to Author: BrianKrebs| Date: Tue, 13 Jun 2017 19:47:31 +0000

Microsoft today released security updates to fix almost a hundred security flaws in its various Windows operating systems and related software. One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. Separately, Adobe has pushed critical updates for its Flash and Shockwave players, two programs most users would probably be better off without.

Independent Krebs

Following the Money Hobbled vDOS Attack-for-Hire Service

June 6, 2017 admin attack years, bitcoin, booter, Hackforums, New York University, Other, Paypal, stresser, vDos

Credit to Author: BrianKrebs| Date: Tue, 06 Jun 2017 12:12:47 +0000

A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. Last fall, two 18-year-old Israeli men were arrested for allegedly running a vDOS, perhaps the most successful booter service of all time. The pair were detained within hours of being named in a story on this blog as the co-proprietors of the service (this site would later suffer a three-day outage as a result of an attack that was alleged to have been purchased in retribution for my reporting on vDOS). That initial vDOS story was based on data shared by an anonymous source who had hacked vDOS and obtained its private user and attack database. The story showed how the service made approximately $600,000 over just two of the four years it was in operation. Most of those profits came in the form of credit card payments via PayPal. But prior to vDOS’s takedown in September 2016, the service was already under siege thanks to work done by a group of academic researchers who teamed up with PayPal to identify and close accounts that vDOS and other booter services were using to process customer payments. The researchers found that their interventions cut profits in half for the popular booter service, and helped reduce the number of attacks coming out of it by at least 40 percent.

Independent Krebs

OneLogin: Breach Exposed Ability to Decrypt Data

June 1, 2017 admin Alvaro Hoyos, motherboard, OneLogin breach, Other

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2017 12:55:33 +0000

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and identity management for cloud-base applications. OneLogin counts among its customers some 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers.

Independent Krebs

Credit Card Breach at Kmart Stores. Again.

May 31, 2017 admin Chris Brathwaite, Kmart credit card breach 2017, Other, Sears Holding

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2017 02:27:12 +0000

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems. Last week I began hearing from smaller banks and credit unions who said they strongly suspected another card breach at Kmart. Some of those institutions received alerts from the credit card companies about batches of stolen cards that all had one thing in comment: They were all used at Kmart locations. Ask to respond to rumors about a card breach, Kmart’s parent company Sears Holdings said some of its payment systems were infected with malicious software:

Independent Krebs

Trump’s Dumps: ‘Making Dumps Great Again’

May 25, 2017 admin dark web, DomainTools.com, Home Depot breach, Magento, McDumpals, OpenCart, Other, Powerfront, rescator, RiskIQ, rudneva-y@mail.ua, Sally Beauty breach, target breach, Tor, Trump's-Dumps, U.S. Secret Service, U.S. Senate GOP Senatorial Committee hack

Credit to Author: BrianKrebs| Date: Fri, 26 May 2017 04:45:24 +0000

It’s not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for these shops that run continuously on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald character from McDonald’s and caters to bulk buyers. Exhibit B: Uncle Sam’s dumps shop, which wants YOU! to buy American. Today, we’ll look at an up and coming credit card shop called Trump’s-Dumps, which invokes 45’s likeness and promises to “make credit card fraud great again.”

Independent Krebs

MolinaHealthcare.com Exposed Patient Records

May 25, 2017 admin Molina Healthcare breach, Other, True Health Group breach

Credit to Author: BrianKrebs| Date: Thu, 25 May 2017 18:08:21 +0000

Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare providers with similar website problems, and that the other two providers didn’t even require a login to view all patient records. Today we’ll examine such a flaw that was just fixed by Molina Healthcare, a Fortune 500 company that until recently was exposing countless patient medical claims to the entire Internet without requiring any authentication.

Independent Krebs

Should SaaS Companies Publish Customers Lists?

May 22, 2017 admin cxotalk.com, Google Docs phishing, Michael Krigsman, OAuth, Other, Workday.com

Credit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:53:32 +0000

A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making it relatively simple for attackers to chose their […]

Independent Krebs

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

May 22, 2017 admin AGI, Averlock Investigations, Diverseeducation.com, Donald J. Trump, FAFSA, irs, Jamaal Abdul-Alim, Other, S. Gina Garza, tax refund fraud, Timothy P. Camus, U.S. Attorney J. Walter Green

Credit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:11:27 +0000

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump. A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.