Author Archives: BrianKrebs

Carders Park Piles of Cash at Joker’s Stash

March 21, 2016

A steady stream of card breaches at retailers, restaurants and hotels has flooded underground markets with a historic glut of stolen debit and credit card data. Today there are at least hundreds of sites online selling stolen account data, yet only a handful of them actively court bulk buyers and organized crime rings. Faced with a buyer’s market, these elite shops set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service.

Spammers Abusing Trust in US .Gov Domains

March 17, 2016

37 Comments

Spammers are abusing U.S. dot-gov (.gov) link shorteners and ill-advised features on state government domains to promote spammy sites that are hidden behind short links ending in”usa.gov”.

Thieves Phish Moneytree Employee Tax Data

March 16, 2016

38 Comments

Payday lending firm Moneytree is the latest company to alert current and former employees that their tax data — including Social Security numbers, salary and address information — was accidentally handed over directly to scam artists.

From Stolen Wallet to ID Theft, Wrongful Arrest

March 14, 2016

81 Comments

It’s remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victim’s wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids.

Hackers Target Anti-DDoS Firm Staminus

March 11, 2016

51 Comments

Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data.

eero: A Mesh WiFi Router Built for Security

March 9, 2016

108 Comments

Consumer-friendly and secure. Hardly anyone would pick either word to describe the vast majority of wireless routers in use today. So naturally I was intrigued a year ago when I had the chance to pre-order a eero, a new WiFi system billed as easy-to-use, designed with security in mind, and able to dramatically extend the range of a wireless network without compromising speed. Here’s a brief review of the eero system I received and installed a week ago.

Adobe, Microsoft Push Critical Updates

March 8, 2016

27 Comments

Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software. Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site.

IRS Suspends Insecure ‘Get IP PIN’ Feature

March 7, 2016

70 Comments

Citing ongoing security concerns, the Internal Revenue Service (IRS) has suspended a service offered via its Web site that allowed taxpayers to retrieve so-called IP Protection PINs (IP PINs), codes that the IRS has assigned to some 2.7 million taxpayers to help prevent those individuals from becoming victims of tax refund fraud two years in a row. The move comes just days after KrebsOnSecurity first exposed how ID thieves were abusing the service to revisit tax refund on innocent taxpayers two years running.

Seagate Phish Exposes All Employee W-2’s

March 6, 2016

71 Comments

Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away 2015 W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.

Credit Unions Feeling Pinch in Wendy’s Breach

March 2, 2016

95 Comments

A number of credit unions say they have experienced an unusually high level of debit card fraud from the breach at nationwide fast food chain Wendy’s, and that the losses so far eclipse those that came in the wake of huge card breaches at Target and Home Depot.