alex holden – Page 4 – WindowsTechs.com

773M Password ‘Megabreach’ is Years Old

Posted on January 17, 2019 by BrianKrebs

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old. Continue reading 773M Password ‘Megabreach’ is Years Old→

In a Few Days, Credit Freezes Will Be Fee-Free

Posted on September 11, 2018 by BrianKrebs

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle. If that accurately describes your views on the matter, this post may well change your mind. Continue reading In a Few Days, Credit Freezes Will Be Fee-Free→

When Identity Thieves Hack Your Accountant

Posted on April 11, 2018 by BrianKrebs

The Internal Revenue Service has been urging tax preparation firms to step up their cybersecurity efforts this year, warning that identity thieves and hackers increasingly are targeting certified public accountants (CPAs) in a bid to siphon oodles of sensitive personal and financial data on taxpayers. This is the story of a CPA in New Jersey whose compromise by malware led to identity theft and phony tax refund requests filed on behalf of his clients. Continue reading When Identity Thieves Hack Your Accountant→

Look-Alike Domains and Visual Confusion

Posted on March 8, 2018 by BrianKrebs

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using.

For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name:

https://www.са.com/

Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian.

Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain): Continue reading Look-Alike Domains and Visual Confusion→

Anti-Skimmer Detector for Skimmer Scammers

Posted on December 5, 2017 by BrianKrebs

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology. Continue reading Anti-Skimmer Detector for Skimmer Scammers→

2nd Breach at Verticalscope Impacts Millions

Posted on November 3, 2017 by BrianKrebs

For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts. Evidence of the breach was discovered just before someone began using that illicit access as a commercial for a new paid search service that indexes consumer information exposed in corporate data breaches. Continue reading 2nd Breach at Verticalscope Impacts Millions→

Ayuda! (Help!) Equifax Has My Data!

Posted on September 12, 2017 by BrianKrebs

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may not yet be complete: According to information […] Continue reading Ayuda! (Help!) Equifax Has My Data!→

Website Flaw Let True Health Diagnostics Users View All Medical Records

Posted on May 9, 2017 by BrianKrebs

Over the past two weeks readers have pointed KrebsOnSecurity to no fewer than three different healthcare providers that failed to provide the most basic care to protect their patients’ records online. Only one of the three companies — the subject of today’s story — required users to be logged in order to view all patient records.

A week ago I heard from Troy Mursch, an IT consultant based in Las Vegas. A big fan of proactive medical testing, Mursch said he’s been getting his various lab results reviewed annually for the past two years with the help of a company based in Frisco, Texas called True Health Diagnostics. Continue reading Website Flaw Let True Health Diagnostics Users View All Medical Records→

San Francisco Rail System Hacker Hacked

Posted on November 29, 2016 by BrianKrebs

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location. Continue reading San Francisco Rail System Hacker Hacked→

Visa Alert and Update on the Oracle Breach

Posted on August 13, 2016 by BrianKrebs

Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle’s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices. Visa also published a list of Internet addresses that may have been involved in the Oracle breach and are thought to be closely tied to an Eastern European organized cybercrime gang. Continue reading Visa Alert and Update on the Oracle Breach→