Collaborate Disseminate
Verodin announced its new Threat Actor Assurance Program (TAAP), which will combine industry-leading threat intelligence from Anomali, Flashpoint, and Intel 471 with Verodin’s proven capability to validate cybersecurity effectiveness. This powerful pro… Continue reading Anomali, Flashpoint, and Intel 471 join Verodin to launch Threat Actor Assurance Program
Law enforcement may have just ruined what’s become a holiday tradition for cybercriminals who spend Christmas knocking gaming websites offline. The U.S. Department of Justice announced on Thursday officials had seized 15 internet domains that made it possible for web users to launch distributed denial-of-service attacks, which render software inaccessible by flooding targets with fake traffic. The sites involved in the takedown were known as “booter” and “stresser” websites, which enabled users to easily launch DDoS attacks like the kinds that have hit Sony’s PlayStation and Microsoft’s Xbox services in recent Christmas seasons. Prosecutors also filed charged against two men with conspiring to violate the Computer Fraud and Abuse Act by allegedly operating DDoS-for-hire services known as Downthem and Ampnode. In another case, investigators charged a 23-year-old Pennsylvania man with operating a criminal service that was used to launch more than 50,000 attacks in 2018 alone. “The attack-for-hire websites targeted […]
The post Justice Department hopes to disrupt ‘dumbest tradition ever’ with latest DDoS seizure appeared first on CyberScoop.
If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers. Continue reading That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, but in truth it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that. Continue reading How Do You Fight a $12B Fraud Problem? One Scammer at a Time
An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely. Continue reading Hanging Up on Mobile in the Name of Security
The wiper malware affecting 9,000 workstations and 500 servers inside Chile’s largest financial institution turns out to have been a distraction. Continue reading Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist
Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the major search engines. Continue reading Further Down the Trello Rabbit Hole
In December 2017, the U.S. Department of Justice announced indictments and guilty pleas by three men in the United States responsible for creating and using Mirai, a malware strain that enslaves poorly-secured “Internet of Things” or IoT devices like security cameras and digital video recorders for use in large-scale cyberattacks.
The FBI and the DOJ had help in their investigation from many security experts, but this post focuses on one expert whose research into the Dark Web and its various malefactors was especially useful in that case. Allison Nixon is director of security research at Flashpoint, a cyber intelligence firm based in New York City. Nixon spoke with KrebsOnSecurity at length about her perspectives on IoT security and the vital role of law enforcement in this fight. Continue reading Expert: IoT Botnets the Work of a ‘Vast Minority’
If bitcoin is a roller coaster ride with dizzying heights and rapid drops, one thing is clear: The original cryptocurrency carnival keeps attracting new riders. The price is up, trade volume is rising and new money buys in daily. As a result, the business of bitcoin surveillance is booming. Governments are just barely coming to terms with how bitcoin works, but they want track newer cryptocurrencies like Monero and Zcash that were designed for anonymity beyond what’s available with bitcoin. Elliptic, a United Kingdom-based financial technology startup, launched with one basic goal: Trace bitcoins, identify illegal activity and sell ongoing visibility to governments and private companies to track the currency’s movement. This is possible because bitcoin is inherently transparent, with every unique transaction published on a public ledger, known as the blockchain, that anyone can access. Successfully analyzing the blockchain has become big business. Police use Elliptic’s technology to investigate crime. […]
The post As cryptocurrencies grow, so does the demand to track their users appeared first on Cyberscoop.
Continue reading As cryptocurrencies grow, so does the demand to track their users
An ad-hoc alliance of tech firms has managed to seriously cripple an Android-based botnet that was being actively used to DDoS multiple content providers. The botnet, dubbed WireX by the researchers, consisted of Android devices with malicious apps installed. In fact, in the wake of the discovery, Google has pulled some 300 such apps from Google Play, began removing them remotely from affected users’ devices, and blocked them from being installed. The malicious apps The … More → Continue reading Tech firms band together to take down Android DDoS botnet