Other – Page 19 – Computer Security Articles

IRS: Scam Blends CEO Fraud, W-2 Phishing

February 2, 2017 admin ceo fraud, FBI, FTC, irs, John Koskinen, Other, tax refund fraud, tax return fraud, W-2 fraud, w-2 phishing

Most regular readers here are familiar with CEO fraud — e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. Loyal readers also have heard an earful about W-2 phishing, in which crooks impersonate the boss and request a copy of all employee tax forms. According to a new “urgent alert” issued by the U.S. Internal Revenue Service, scammers are now combining both schemes and targeting a far broader range of organizations than ever before.

Independent Krebs

Shopping for W2s, Tax Data on the Dark Web

January 31, 2017 admin Federal Trade Commission, Kirai Restaurant Group, Kirsta Grauberger, Other, seagate technology, Sunrun, tax refund fraud, The Payroll Professionals, W-2 fraud

The 2016 tax season is now in full swing in the United States, which means scammers are once again assembling vast dossiers of personal data and preparing to file fraudulent tax refund requests on behalf of millions of Americans. But for those lazy identity thieves who can’t be bothered to phish or steal the needed data, there is now another option: Buying stolen W-2 tax forms from other crooks who have phished the documents wholesale from corporations.

Independent Krebs

A Shakeup in Russia’s Top Cybercrime Unit

January 28, 2017 admin chronopay, crutop, FBI, FSB, Humpty Dumpty, idefense, Indrik, kaspersky lab, Kimberly Zenz, King Servers, Other, pavel vrublevsky, Ruslan Stoyanov, Sergey Mikhaylov, Spam Nation, ThreatConnect, Шалтай-Болтай

A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russia’s top cybercrime investigators, and the slow but steady leak of unflattering data on some of Russia’s most powerful politicians.

Independent Krebs

ATM ‘Shimmers’ Target Chip-Based Cards

January 27, 2017 admin atm shimmer, atm shimming, iCVV, NCR Corp, Other

Several readers have called attention to warnings coming out of Canada about a supposed new form of ATM skimming called “shimming.” Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Here’s a brief primer on shimming attacks, and why they succeed.

Independent Krebs

Adobe, Microsoft Push Critical Security Fixes

January 23, 2017 admin Adobe Flash Player update, chrome, Microsoft Edge, Microsoft Patch Tuesday January 2017, Other

Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software.

Independent Krebs

Who is Anna-Senpai, the Mirai Worm Author?

January 23, 2017 admin Allison Nixon, Ammar Zuberi, anime, anna-senpai, applej4ck, BASHLITE, BlazingFast, bulletproof hoster, CJ Sculti, datawagon, ddos, ddos-for-hire, dox, dreadiscool, exfocus, Fastreturn, Fracisco Dias, Frantech, Golang, Hackforums, Hypixel, Incapsula, Jesse Wu, Josiah White, lelddos, LiteSpeed, Minecraft, Minetime, Mirai Nikki, Namecentral, OG_Richard_Stallman, ogexfocus, ogmemes123123@gmail.com, Other, p1st0, Paras Jha, Pierre Lamy, ProTraf, Protraf Solutions, ProxyPipe, Qbot, Richard Stallman, Robert Coelho, Rutgers University DDoS, Supermicro, SWATting, switchnet.io, vDos, Verisign, Vyp0r

On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack — using the name “Anna Senpai” — released the source code for Mirai, spawning dozens of copycat attack armies online. After months of digging, KrebsOnSecurity is now confident to have uncovered Anna Senpai’s real-life identity, and the identity of at least one co-conspirator who helped to write and modify the malware.

Independent Krebs

DNI: Putin Led Cyber, Propaganda Effort to Elect Trump, Denigrate Clinton

January 23, 2017 admin CrowdStrike, Daily Beast, dcleaks.com, DHS, DNC, DNI, FBI, Guccifer 2.0, Jonanthan Zdziarksi, Kevin Poulsen, Los Angeles Times, New York Times, Nina Agrawal, Officer of the Director of National Intelligence, Other, RT, russia today, Vladimir Putin, Voice of America, wired

Russian President Vladimir Putin directed a massive propaganda and cyber attack operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday.

Independent Krebs

Krebs’s Immutable Truths About Data Breaches

January 23, 2017 admin Cybercriminal Code of Ethics, immutable truths of data breaches, Other

I’ve had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction.