Tax Fraud Gang Targeted Healthcare Firms

Earlier this month, I wrote about an organized cybercrime gang that has been hacking into HR departments at organizations across the country and filing fraudulent tax refund requests with the IRS on employees of those victim firms. Today, we’ll look a bit closer at the activities of this crime gang, which appears to have targeted a large … Читать далее

States: Spike in Tax Fraud Against Doctors

An unusual number of physicians in several U.S. states are just finding out that they’ve been victimized by tax return fraud this year, KrebsOnSecurity has learned. An apparent spike in tax fraud cases against medical professionals is fueling speculation that the crimes may have been prompted by a data breach at some type of national organization that certifies … Читать далее

3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches

Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards. The disclosure, made jointly in a press release posted online and in a statement on the company’s Web site, offers the … Читать далее

An Allegation of Harm

In December 2013, an executive from big-three credit reporting bureau Experian told Congress that the company was not aware of any consumers who had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. This blog post examines the … Читать далее

Heartbleed Bug: What Can You Do?

In the wake of widespread media coverage of the Internet security debacle known as the Heartbleed bug, many readers are understandably anxious to know what they can do to protect themselves. Here’s a short primer. The Heartbleed bug concerns a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge … Читать далее

Critical Java Update Plugs 37 Security Holes

Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — … Читать далее

Hardware Giant LaCie Acknowledges Year-Long Credit Card Breach

Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past year. The disclosure comes almost a month after the breach was first disclosed by KrebsOnSecurity. On Mar. 17, 2014, this blog published evidence showing … Читать далее

Crimeware Helps File Fraudulent Tax Returns

Many companies believe that if they protect their intellectual property and customers’ information, they’ve done a decent job of safeguarding their crown jewels from attackers. But in an increasingly common scheme, cybercriminals are targeting the Human Resources departments at compromised organizations and rapidly filing fraudulent federal tax returns on all employees. Last month, KrebsOnSecurity encountered … Читать далее

‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys

Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use … Читать далее