A Little Sunshine – Page 14

Sounding the Alarm on Emergency Alert System Flaws

Posted on August 12, 2022 by BrianKrebs

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. Continue reading Sounding the Alarm on Emergency Alert System Flaws→

It Might Be Our Data, But It’s Not Our Breach

Posted on August 11, 2022 by BrianKrebs

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company. Continue reading It Might Be Our Data, But It’s Not Our Breach→

The Security Pros and Cons of Using Email Aliases

Posted on August 10, 2022 by BrianKrebs

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website. Continue reading The Security Pros and Cons of Using Email Aliases→

Class Action Targets Experian Over Account Security

Posted on August 6, 2022 by BrianKrebs

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address. Continue reading Class Action Targets Experian Over Account Security→

No SOCKS, No Shoes, No Malware Proxy Services!

Posted on August 2, 2022 by BrianKrebs

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. Continue reading No SOCKS, No Shoes, No Malware Proxy Services!→

911 Proxy Service Implodes After Disclosing Breach

Posted on July 29, 2022 by BrianKrebs

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy software with other titles, including “free” utilities and pirated software. Continue reading 911 Proxy Service Implodes After Disclosing Breach→

Breach Exposes Users of Microleaves Proxy Service

Posted on July 28, 2022 by BrianKrebs

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can — such as by secretly bundling it with other software. Continue reading Breach Exposes Users of Microleaves Proxy Service→

A Retrospective on the 2015 Ashley Madison Breach

Posted on July 27, 2022 by BrianKrebs

It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of AshleyMadison mentions across Russian cybercrime forums and far-right underground websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny. Continue reading A Retrospective on the 2015 Ashley Madison Breach→

Massive Losses Define Epidemic of ‘Pig Butchering’

Posted on July 21, 2022 by BrianKrebs

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out. Continue reading Massive Losses Define Epidemic of ‘Pig Butchering’→

A Deep Dive Into the Residential Proxy Service ‘911’

Posted on July 18, 2022 by BrianKrebs

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route malicious traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. The proxy service says its network is made up entirely of users who voluntarily install the proxy software. But new research shows 911 has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which 911 operated on its own. Continue reading A Deep Dive Into the Residential Proxy Service ‘911’→