Author Archives: BrianKrebs

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

May 22, 2017

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump.

A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

May 18, 2017

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Breach at DocuSign Led to Targeted Email Malware Campaign

May 15, 2017

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign.

Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

May 13, 2017

As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.

U.K. Hospitals Hit in Widespread Ransomware Attack

May 12, 2017

At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.

It remains unclear exactly how this ransomware strain is being disseminated and why it appears to have spread so quickly, but there are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft.

SSA.GOV To Require Stronger Authentication

May 10, 2017

The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In this post, we’ll parse this a bit more and look at some additional security options for SSA users.

Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday

May 9, 2017

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually issued an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs.

Last week, Google security researcher Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned.

Website Flaw Let True Health Diagnostics Users View All Medical Records

May 8, 2017

Over the past two weeks readers have pointed KrebsOnSecurity to no fewer than three different healthcare providers that failed to provide the most basic care to protect their patients’ records online. Only one of the three companies — the subject of today’s story — required users to be logged in order to view all patient records.

A week ago I heard from Troy Mursch, an IT consultant based in Las Vegas. A big fan of proactive medical testing, Mursch said he’s been getting his various lab results reviewed annually for the past two years with the help of a company based in Frisco, Texas called True Health Diagnostics.