The largest cyber security blog
Earlier this month, I wrote about an organized cybercrime gang that has been hacking into HR departments at organizations across the country and filing fraudulent tax refund requests with the IRS on employees of those victim firms. Today, we’ll look a bit closer at the activities of this crime gang, which appears to have targeted a large … Читать далее
An unusual number of physicians in several U.S. states are just finding out that they’ve been victimized by tax return fraud this year, KrebsOnSecurity has learned. An apparent spike in tax fraud cases against medical professionals is fueling speculation that the crimes may have been prompted by a data breach at some type of national organization that certifies … Читать далее
It looks like it’s time to update my Value of a Hacked Email Account graphic: Real estate and title agencies are being warned about a new fraud scheme in which email bandits target consumers who are in the process of purchasing a home. An alert sent by First American Title to its agents. In this scheme, … Читать далее
Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards. The disclosure, made jointly in a press release posted online and in a statement on the company’s Web site, offers the … Читать далее
In December 2013, an executive from big-three credit reporting bureau Experian told Congress that the company was not aware of any consumers who had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. This blog post examines the … Читать далее
In the wake of widespread media coverage of the Internet security debacle known as the Heartbleed bug, many readers are understandably anxious to know what they can do to protect themselves. Here’s a short primer. The Heartbleed bug concerns a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge … Читать далее
Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — … Читать далее
Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past year. The disclosure comes almost a month after the breach was first disclosed by KrebsOnSecurity. On Mar. 17, 2014, this blog published evidence showing … Читать далее
Many companies believe that if they protect their intellectual property and customers’ information, they’ve done a decent job of safeguarding their crown jewels from attackers. But in an increasingly common scheme, cybercriminals are targeting the Human Resources departments at compromised organizations and rapidly filing fraudulent federal tax returns on all employees. Last month, KrebsOnSecurity encountered … Читать далее
Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use … Читать далее