Author Archives: BrianKrebs

ZIP Codes Show Extent of Sally Beauty Breach

March 25, 2014

Earlier this month, beauty products chain Sally Beauty acknowledged that a hacker break-in compromised fewer than 25,000 customer credit and debit cards. My previous reporting indicated that the true size of the breach was at least ten times larger. While the number of cards known to be compromised so far pales in comparison to the 40 million cards exposed by the breach at some 1,800 Target locations, new analysis suggests that the Sally Beauty breach may have impacted far more stores –virtually all 2,600+ Sally Beauty locations nationwide.

Microsoft: 0Day Exploit Targeting Word, Outlook

March 24, 2014

89 Comments

Microsoft warned today that attackers are exploiting a previously unknown security hole in Microsoft Word that can be used to foist malicious code if users open a specially crafted text file, or merely preview the message in Microsoft Outlook.

Sources: Credit Card Breach at California DMV

March 22, 2014

140 Comments

The California Department of Motor Vehicles appears to have suffered a wide-ranging credit card data breach involving online payments for DMV-related services, according to banks in California and elsewhere that received alerts this week about compromised cards that all had been previously used at California DMV locations.

Sony Pictures Plans Movie About Yours Truly

March 21, 2014

273 Comments

Sony Pictures is reportedly planning to make a big screen movie based at least in part on my (mis)adventures over the past few years as an independent investigative reporter writing about cybercrime. Some gumshoe I am: This took me by complete surprise.

Are Credit Monitoring Services Worth It?

March 19, 2014

146 Comments

In the wake of one data breach after another, millions of Americans each year are offered credit monitoring services that promise to shield them from identity thieves. Although these services can help true victims step out from beneath the shadow of ID theft, the sad truth is that most services offer little in the way of real preventative protection against the fastest-growing crime in America.

Sally Beauty Confirms Card Data Breach

March 17, 2014

43 Comments

Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had broken into its networks and stolen credit card data from stores. The admission comes nearly two weeks after KrebsOnSecurity first reported that the company had likely been compromised… Read More »

The Long Tail of ColdFusion Fail

March 17, 2014

60 Comments

Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today’s post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions.

Blogs of War: Don’t Be Cannon Fodder

March 13, 2014

52 Comments

On Wednesday, KrebsOnSecurity was hit with a fairly large attack which leveraged a feature in more than 42,000 blogs running the popular WordPress content management system (this blog runs on WordPress). This post is an effort to spread the word to other WordPress users to ensure their blogs aren’t used in attacks going forward.

NoMoreRack.com Probes Possible Card Breach

March 12, 2014

54 Comments

For the second time since Aug. 2013, online retailer NoMoreRack.com has hired a computer forensics team after being notified by Discover about a potential breach of customer card data, KrebsOnSecurity has learned.

Adobe, Microsoft Push Security Updates

March 11, 2014

44 Comments

Adobe and Microsoft today each released software updates to fix serious security flaws in their products. Adobe pushed an update that plugs a pair of holes in its Flash Player software. Microsoft’s patch batch includes five updates, including one that addresses a zero-day vulnerability in Internet Explorer that attackers have been exploiting of late.