Adobe and Microsoft each issued updates today to fix critical security problems with their software. Adobe’s patch updates 17 flaws in its Acrobat and PDF Reader products. Microsoft released nine update bundles to plug at least 22 security holes in Windows and associated software.
Crooks who make a living via identity theft schemes, dating scams and other con games often run into trouble when presented with a phone-based challenge that requires them to demonstrate mastery of a language they don’t speak fluently. Enter the criminal call center, which allows scammers to outsource those calls to multi-lingual men and women who can be hired to close the deal.
Cybercrime takes many forms, but one of the more insidious and perhaps less obvious manifestations is warranty fraud. This scheme involves con artists who assume the identity of a consumer, complain that a given product has ceased to operate as expected, and demand that the retailer replace the article in question. Such claims turn into a loss for targeted merchants when the scammer hacks an unwitting customer’s account and replaces the customer’s email address with his own address and demands that the retailer ship him a brand new device.
Virtually every aspect of cybercrime has been made into a service or plug-and-play product. That includes dating scams — among the oldest and most common of online swindles. Recently, I had a chance to review a package of dating scam emails, instructions, pictures, videos and love letter templates that are sold to scammers in the underground, and was struck by how commoditized this type of fraud has become.
You know you’re getting old when you can’t remember your own birthday (a reader tipped me off). Today is the sixth anniversary of this site’s launch! KrebsOnSecurity turns 6! I’m pretty sure that’s like middle age in Internet years.
Adobe has shipped a new version of its Flash Player browser plugin to close at least 19 security holes in the program, including one that is already being exploited in active attacks.
My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang that recruits for the terrorist group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.
Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations.
Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it.
New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device.
The U.S. Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers. LifeLock agreed to pay $100 million for violating a 2010 promise to cease deceptive advertising practices. Oracle’s legal troubles with the FTC stem from its failure to fully remove older, less secure versions of Java when consumers installed the latest Java software.
