The Coming Storm – Page 18 – WindowsTechs.com

Supply Chain Security 101: An Expert’s View

Posted on October 13, 2018 by BrianKrebs

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology sold to a number of American companies. Continue reading Supply Chain Security 101: An Expert’s View→

Naming & Shaming Web Polluters: Xiongmai

Posted on October 10, 2018 by BrianKrebs

Naming & Shaming Web Polluters: Xiongmai

Posted on October 10, 2018 by BrianKrebs

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras. Continue reading Naming & Shaming Web Polluters: Xiongmai→

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Posted on October 2, 2018 by BrianKrebs

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the stolen data. But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks. Continue reading When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?→

Voice Phishing Scams Are Getting More Clever

Posted on October 1, 2018 by BrianKrebs

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly). Continue reading Voice Phishing Scams Are Getting More Clever→

Beware of Hurricane Florence Relief Scams

Posted on September 24, 2018 by BrianKrebs

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.

For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc. Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds. Continue reading Beware of Hurricane Florence Relief Scams→

U.S. Mobile Giants Want to be Your Online Identity

Posted on September 12, 2018 by BrianKrebs

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf. Continue reading U.S. Mobile Giants Want to be Your Online Identity→

In a Few Days, Credit Freezes Will Be Fee-Free

Posted on September 11, 2018 by BrianKrebs

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle. If that accurately describes your views on the matter, this post may well change your mind. Continue reading In a Few Days, Credit Freezes Will Be Fee-Free→

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Posted on August 28, 2018 by BrianKrebs

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Continue reading Fiserv Flaw Exposed Customer Data at Hundreds of Banks→

Experts Urge Rapid Patching of ‘Struts’ Bug

Posted on August 23, 2018 by BrianKrebs

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside. Continue reading Experts Urge Rapid Patching of ‘Struts’ Bug→