Category Archives: Latest Warnings

How the Pwnedlist Got Pwned

May 2, 2016

Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet’s largest collections of compromised credentials.

Dental Assn Mails Malware to Members

April 28, 2016

63 Comments

The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of member dentists nationwide.

US-CERT to Windows Users: Dump Apple Quicktime

April 18, 2016

67 Comments

Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for the platform, warns the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely won’t be patched.

New Threat Can Auto-Brick Apple Devices

April 12, 2016

48 Comments

If you use an Apple iPhone, iPad or other iDevice, now would be an excellent time to ensure that the machine is running the latest version of Apple’s mobile operating system — version 9.3.1. Failing to do so could expose your devices to automated threats capable of rendering them unresponsive and perhaps forever useless.

Adobe Patches Flash Player Zero-Day Threat

April 8, 2016

36 Comments

Adobe Systems this week rushed out an emergency patch to plug a security hole in its widely-installed Flash Player software, warning that the vulnerability is already being exploited in active attacks.

FBI: $2.3 Billion Lost to CEO Email Scams

April 7, 2016

40 Comments

The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.

From Stolen Wallet to ID Theft, Wrongful Arrest

March 14, 2016

81 Comments

It’s remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victim’s wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids.

Seagate Phish Exposes All Employee W-2’s

March 6, 2016

71 Comments

Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away 2015 W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.

Breached Credit Union Comes Out of its Shell

February 25, 2016

61 Comments

Notifying people and companies about data breaches often can be a frustrating and thankless job. Despite my best efforts, sometimes a breach victim I’m alerting will come away convinced that I am not an investigative journalist but instead a scammer. This happened most recently this week, when I told a California credit union that its online banking site was compromised and apparently had been for nearly two months.

Phishers Spoof CEO, Request W2 Forms

February 24, 2016

40 Comments

With tax filing season in the United States well underway, scammers who specialize in tax refund fraud have a new trick up their sleeves: Spoofing emails from a target organization’s CEO, asking human resources and accounting departments for employee W-2 information.