Category Archives: Latest Warnings

TalkTalk, Script Kids & The Quest for ‘OG’

November 5, 2015

So you’ve got two-step authentication set up to harden the security of your email account (you do, right?). But when was the last time you took a good look at the security of your inbox’s recovery email address? That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity.

Earlier this week, I heard from Chris Blake, a longtime KrebsOnSecurity reader from the United Kingdom. Blake reached out because I’d recently written about a character of interest in the breach at British phone and broadband provider TalkTalk: an individual using the Twitter handle “@Fearful”. Blake proceeded to explain how that same Fearful account had belonged to him for some time until May 2015, when an elaborate social engineering attack on his Internet service provider (ISP) allowed the current occupant of the account to swipe it out from under him.

Flash, Java Patches Fix Critical Holes

October 20, 2015

22 Comments

Adobe has issued a patch to fix a zero-day vulnerability in its Flash Player software. Separately, Oracle today released an update to plug more than two-dozen flaws in its Java software. Both programs plug directly into the browser and are highly targeted by malicious software and malefactors. Although Flash and Java are both widely installed, most users could probably ditch each program with little to no inconvenience or regret.

Don’t Be Fooled by Fake Online Reviews Part II

October 19, 2015

66 Comments

In July I wrote about the dangers of blindly trusting online reviews, especially for high-dollar services like moving companies. That piece told the story of Full Service Van Lines, a moving company that had mostly five-star reviews online but whose owners and operators had a long history of losing or destroying their customers’ stuff and generally taking months to actually ship the damaged goods it delivered. Last week, federal regulators shut the company down.

What’s in a Boarding Pass Barcode? A Lot

October 6, 2015

124 Comments

The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

Experian Breach Affects 15 Million Consumers

October 2, 2015

74 Comments

Kicking off National Cybersecurity Month with a bang, credit bureau and consumer data broker Experian North America disclosed Thursday that a breach of its computer systems exposed approximately 15 million Social Security numbers and other data on people who applied for financing from wireless provider T-Mobile USA Inc.

Extortionists Target Ashley Madison Users

August 21, 2015

310 Comments

People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.

Tech Firm Ubiquiti Suffers $46M Cyberheist

August 7, 2015

48 Comments

Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.

Windows 10 Shares Your Wi-Fi With Contacts

July 29, 2015

250 Comments

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends!

Third Hacking Team Flash Zero-Day Found

July 13, 2015

77 Comments

For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world.

Adobe To Fix Another Hacking Team Zero-Day

July 11, 2015

44 Comments

For the second time in a week, Adobe Systems Inc. says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups.