DomainTools – WindowsTechs.com

CISOs in 2025: Balancing security, compliance, and accountability

Posted on November 13, 2024 by Mirko Zorz

In this Help Net Security interview, Daniel Schwalbe, CISO at DomainTools, discusses the intensifying regulatory demands that have reshaped CISO accountability and daily decision-making. He outlines the skill sets future CISOs need, their key prioritie… Continue reading CISOs in 2025: Balancing security, compliance, and accountability→

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Posted on September 18, 2024 by BrianKrebs

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible. Continue reading Scam ‘Funeral Streaming’ Groups Thrive on Facebook→

Using Google Search to Find Software Can Be Risky

Posted on January 25, 2024 by BrianKrebs

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair. Continue reading Using Google Search to Find Software Can Be Risky→

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Posted on October 9, 2023 by BrianKrebs

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide. Continue reading Phishers Spoof USPS, 12 Other Natl’ Postal Services→

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Posted on July 18, 2023 by BrianKrebs

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.]

In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 — less than one month before unidentified hackers stole data on 37 million users — and launched LeakedSource three months later. Continue reading LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack→

Who’s Behind the DomainNetworks Snail Mail Scam?

Posted on July 3, 2023 by BrianKrebs

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it. Continue reading Who’s Behind the DomainNetworks Snail Mail Scam?→

Interview With a Crypto Scam Investment Spammer

Posted on May 23, 2023 by BrianKrebs

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code. Continue reading Interview With a Crypto Scam Investment Spammer→

SVB account holders targeted with phishing, scams

Posted on March 17, 2023 by Zeljka Zorz

After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts. Another reminder: just because caller ID says FDIC… Continue reading SVB account holders targeted with phishing, scams→

Who’s Behind the NetWire Remote Access Trojan?

Posted on March 9, 2023 by BrianKrebs

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years. Continue reading Who’s Behind the NetWire Remote Access Trojan?→

The Link Between AWM Proxy & the Glupteba Botnet

Posted on June 28, 2022 by BrianKrebs

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google. Continue reading The Link Between AWM Proxy & the Glupteba Botnet→