Hoax Email Blast Abused Poor Coding in FBI Website

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online … Читать далее

Обвинительное заключение, судебные иски оживляют историю Трампа с Альфа-банком

В октябре 2016 года СМИ сообщили, что данные, собранные самыми известными в мире экспертами по кибербезопасности, выявили частые и необъяснимые переписки между сервером электронной почты, используемым организацией Трампа, и Альфа-банком, одним из крупнейших российских финансовых учреждений. Эти публикации породили спекуляции о возможном секретном обратном канале связи, а также серию судебных исков и расследований, кульминацией которых … Читать далее

Требуются: Недовольные сотрудники для распространения программ-вымогателей

Преступные хакеры готовы пойти практически на все, чтобы проникнуть на прибыльное предприятие и получить миллионные выплаты за заражение вымогательским ПО. По-видимому, теперь это включает в себя рассылку электронных писем непосредственно сотрудникам и их просьбу запустить вредоносное ПО в сети их работодателя в обмен на процент от суммы выкупа, выплачиваемого компанией-жертвой. Изображение: Abnormal Security. Крейн Хассольд, … Читать далее

How to Tell a Job Offer from an ID Theft Trap

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer … Читать далее

Adventures in Contacting the Russian FSB

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual … Читать далее

Try This One Weird Trick Russian Hackers Hate

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or … Читать далее

Task Force Seeks to Disrupt Ransomware Payments

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 81-page report delivered to the Biden administration this week, top executives from Amazon, … Читать далее

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file … Читать далее

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account … Читать далее

U.S. Indicts North Korean Hackers in Theft of $200 Million

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted … Читать далее