International Computer Science Institute

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Posted on September 22, 2023 by BrianKrebs

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. Continue reading LastPass: ‘Horse Gone Barn Bolted’ is Strong Password→

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Posted on June 8, 2023 by BrianKrebs

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Continue reading Barracuda Urges Replacing — Not Patching — Its Email Security Gateways→

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Posted on February 28, 2023 by BrianKrebs

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. Continue reading Hackers Claim They Breached T-Mobile More Than 100 Times in 2022→

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Posted on August 6, 2020 by BrianKrebs

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned. Continue reading Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims→

U.S. Mobile Giants Want to be Your Online Identity

Posted on September 12, 2018 by BrianKrebs

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf. Continue reading U.S. Mobile Giants Want to be Your Online Identity→

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Posted on May 18, 2017 by BrianKrebs

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses. Continue reading Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division→

The Lowdown on the Apple-FBI Showdown

Posted on February 22, 2016 by BrianKrebs

Many readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the U.S. Justice Department, which last week convinced a judge in California to order Apple to unlock an iPhone used by one of assailants in the recent San Bernardino massacres. I don’t have much original reporting to contribute on this important debate, but I’m visiting it here because it’s a complex topic that deserves the broadest possible public scrutiny. Continue reading The Lowdown on the Apple-FBI Showdown→