Other – Page 16 – Computer Security Articles

Alleged vDOS Owners Poised to Stand Trial

March 27, 2017 admin FBI, Federal Bureau of Investigation, itay huri, Other, Perach Aroch, Recorded Future, themarker.com, vDos, yarden bidani

Credit to Author: BrianKrebs| Date: Mon, 27 Mar 2017 13:56:31 +0000

Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline. On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attracted tens of thousands of paying customers and facilitated countless distributed denial-of-service (DDoS) attacks. That story named two young Israelis — Yarden Bidani and Itay Huri — as the likely owners and operators of vDOS, and within hours of its publication the two were arrested by Israeli police, placed on house arrest for 10 days, and forbidden from using the Internet for a month.

Independent Krebs

Phishing 101 at the School of Hard Knocks

March 24, 2017 admin 2fa, BGSU, Bowling Green State University, irs, Matt Haschak, multi-factor authentication, Other, phishing, tax refund fraud, two-factor authentication

Credit to Author: BrianKrebs| Date: Fri, 24 Mar 2017 16:03:21 +0000

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Independent Krebs

eBay Asks Users to Downgrade Security

March 22, 2017 admin eBay 2FA, eBay security, eBay two-factor authentication, National Institute for Standards and Technology, NIST, Other, Paypal 2-factor authentication, Ryan Moore, SS7, Symantec, Verisign

Credit to Author: BrianKrebs| Date: Wed, 22 Mar 2017 17:59:44 +0000

Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option.

Independent Krebs

Student Aid Tool Held Key for Tax Fraudsters

March 21, 2017 admin FAFSA, Free Application for Federal Financial Aid, Get Transcript, irs, IRS Data Retrieval Tool, Other, The Wall Street Journal, U.S. Department of Education, w-2 phishing

Credit to Author: BrianKrebs| Date: Tue, 21 Mar 2017 19:07:14 +0000

Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of the tool has created unexpected hurdles for many families hoping to qualify for financial aid, but the action also eliminated a key source of data that fraudsters could use to conduct tax refund fraud. Last week, the IRS and the Department of Education said in a joint statement that they were temporarily shutting down the IRS’s Data Retrieval Tool. The service was designed to make it easier to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

Independent Krebs

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

March 17, 2017 admin Accenture, data loss prevention, Defense Point Security, DLP, George McKenzie, IP PIN, Other, security freeze, tax refund fraud, U.S. Immigration and Customs Enforcement, w-2 phishing

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 22:02:02 +0000

Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLP — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.

Independent Krebs

Google Points to Another POS Vendor Breach

March 16, 2017 admin 24/7 Hospitality, Brian's Dump, Home Depot breach, Jr, Other, pos breach, POSeidon, rescator, Select Restaurants, target breach, Todd Baker

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 00:11:57 +0000

For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.

Independent Krebs

Four Men Charged With Hacking 500M Yahoo Accounts

March 15, 2017 admin Alexsey Alexseyevich Belan, Central Intelligence Agency, Cia, Dmitry Dokuchaev, Forb, Igor Sushchin, Karim Baratov, Karim Taloverov, Other, Yahoo hack

Credit to Author: BrianKrebs| Date: Thu, 16 Mar 2017 00:49:07 +0000

The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI’s point of contact in Moscow on cybercrime cases. Here’s a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case — Dmitry Dokuchaev, 33, and Igor Sushchin, 43 — to hack into the email accounts of thousands of individuals. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case — Dmitry Dokuchaev, 33, and Igor Sushchin, 43 — to hack into the email accounts of thousands of individuals.

Independent Krebs

If Your iPhone is Stolen, These Guys May Try to iPhish You

March 13, 2017 admin Alexis Cadena, demoniox12, Ecuador, hostingyaa, icloud phishing, Jonatan Rodriguez, Other, Yantzaza

Credit to Author: BrianKrebs| Date: Tue, 14 Mar 2017 05:17:33 +0000

KrebsOnSecurity recently featured the story of a Brazilian man who was peppered with phishing attacks trying to steal his Apple iCloud username and password after his wife’s phone was stolen in a brazen daylight mugging. Today, we’ll take an insider’s look at an Apple iCloud phishing gang that appears to work quite closely with organized crime rings — within the United States and beyond — to remotely unlock and erase stolen Apple devices. Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone — just by visiting Apple’s site and entering their iCloud username and password. Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim’s stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services.