Author Archives: BrianKrebs

Stolen Passwords Fuel Cardless ATM Fraud

January 5, 2017

Some financial instutitions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime.

The FTC’s Internet of Things (IoT) Challenge

January 4, 2017

58 Comments

One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

The Download on the DNC Hack

January 3, 2017

145 Comments

Over the past few weeks, I’ve been inundated with questions from readers asking why I haven’t written much about two stories that have consumed the news media of late: The alleged Russian hacking attacks against the Democratic National Committee (DNC) and, more recently, the discovery of malware on a laptop at a Vermont power utility that has been attributed to Russian hacker groups. I’ve avoided covering these stories mainly because I don’t have any original reporting to add to them, and because I generally avoid chasing the story of the day — preferring instead to focus on producing original journalism on cybercrime and computer security.

Happy Seventh Birthday, KrebsOnSecurity!

December 29, 2016

131 Comments

Hard to believe it’s time to celebrate another go ’round the Sun for KrebsOnSecurity! Today marks exactly seven years since I left The Washington Post and started this here solo thing. And what a remarkable year 2016 has been!

Holiday Inn Parent IHG Probes Breach Claims

December 28, 2016

49 Comments

InterContinental Hotels Group (IHG), the parent company for more than 5,000 hotels worldwide including Holiday Inn, says it is investigating claims of a possible credit card breach at some U.S. locations.

Before You Pay that Ransomware Demand…

December 22, 2016

58 Comments

A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to whacked by a banking trojan that stole all your passwords and credit card numbers. These days if your mobile or desktop computer is infected what gets installed is likely to be “ransomware” — malicious software that locks your most prized documents, songs and pictures with strong encryption and then requires you to pay for a key to unlock the files.

Report: $3-5M in Ad Fraud Daily from ‘Methbot’

December 20, 2016

98 Comments

New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

My Yahoo Account Was Hacked! Now What?

December 15, 2016

103 Comments

Many readers are asking what they should be doing in response to Yahoo’s disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format.

Yahoo: One Billion More Accounts Hacked

December 14, 2016

81 Comments

Just months after disclosing a breach that compromised the passwords for a half billion of its users, Yahoo now says a separate incident has jeopardized data from at least a billion more user accounts. The company also warned attackers have figured out a way to log into targeted Yahoo accounts without even supplying the victim’s password.

New Critical Fixes for Flash, MS Windows

December 14, 2016

31 Comments

Both Adobe and Microsoft on Tuesday issued patches to plug critical security holes in their products. Adobe’s Flash Player patch addresses 17 security flaws, including one “zero-day” bug that is already actively being exploited by attackers. Microsoft’s bundle of updates tackles at least 42 security weaknesses in Windows and associated software.