Category Archives: The Coming Storm

COVID-19 ‘Breach Bubble’ Waiting to Pop?

Posted on by

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. Continue reading COVID-19 ‘Breach Bubble’ Waiting to Pop?

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Posted on by

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable via a new website by the same name, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals online. Continue reading ‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Posted on by

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.

A memo seen by KrebsOnSecurity that the Secret Service sent to field offices around the United States this week says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.” Continue reading U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

When in Doubt: Hang Up, Look Up, & Call Back

Posted on by

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse. Continue reading When in Doubt: Hang Up, Look Up, & Call Back

Sipping from the Coronavirus Domain Firehose

Posted on by

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. Continue reading Sipping from the Coronavirus Domain Firehose

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Posted on by

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives. But can this unprecedented level of collaboration survive the pandemic? Continue reading COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

Posted on by

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return. The question is, will those non-filers have a chance to claim their payments before fraudsters do? Continue reading New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Posted on by

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. And according to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a crazy number major corporations are setting up meetings without passwords enabled. Continue reading ‘War Dialing’ Tool Exposes Zoom’s Password Problems

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Posted on by

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access … Continue reading Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

The Web’s Bot Containment Unit Needs Your Help

Posted on by

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding. Continue reading The Web’s Bot Containment Unit Needs Your Help