The largest cyber security blog
In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims. Sunnyvale, Calif. based security firm Proofpoint said it recently detected a four-week spam … Читать далее
Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google’s Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others. On Feb. 23, google.com.vn briefly redirected visitors … Читать далее
The FBI this week announced it is offering a USD $3 million bounty for information leading to the arrest and/or conviction of one Evgeniy Mikhailovich Bogachev, a Russian man the government believes is responsible for building and distributing the ZeuS banking Trojan. Bogachev is thought to be a core architect of ZeuS, a malware strain that … Читать далее
Intuit: Anti-fraud Improvements by IRS Fuel Up To 3700 Percent Rise in Phony State Filings Scam artists stole billions of dollars last year from the U.S. Treasury by filing phony federal tax refund requests on millions of Americans. But as Uncle Sam has made this type of fraud harder for thieves to profit from, the crooks have massively shifted … Читать далее
I am pleased to announce that my new book, Spam Nation: The Inside Story of Organized Cybercrime, from Global Epidemic to Your Front Door, has been honored with a 2015 PROSE Award in the Media & Cultural Studies category. The PROSE Awards are given by the Professional and Scholarly Publishing Division of the Association of American … Читать далее
I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off “one of the largest bank heists ever.” Turns out, I reported on this gang’s activities in December 2014, although my story ran minus many of … Читать далее
Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion. The Wall Street Journal reported last … Читать далее
I recall the first time I encountered an armed security guard at a local store. I remember feeling a bit concerned about the safety of the place because I made a snap (and correct) assumption that it must have been robbed recently. I get a similar feeling each time I fuel up my car at a … Читать далее
TurboTax owner Intuit Inc. said Thursday that it is temporarily suspending the transmission of state e-filed tax returns in response to a surge in complaints from consumers who logged into their TurboTax accounts only to find crooks had already claimed a refund in their name. “During this tax season, Intuit and some states have seen … Читать далее
For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks. The newest update, version 16.0.0.305, addresses a critical security bug (CVE-2015-0313) present in the version of Flash that Adobe released … Читать далее