Author - admin

Hackers Sell Access to Bait-and-Switch Empire

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, [...]

Booter Boss Interviewed in 2014 Pleads Guilty

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son’s online activities. Sergiy P. Usatyuk of Orland Park, Ill. pleaded guilty this week to one count of conspiracy to cause damage to Internet-connected computers and for his role in owning, [...]

Crypto Mining Service Coinhive to Call it Quits

Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month. A message posted to the Coinhive blog on Tuesday, Feb. 26, 2019. In March 2018, Coinhive was listed by many security firms as the top malicious threat to Internet users, thanks to the tendency for Coinhive’s [...]

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men — a former Russian cyber intelligence official and an executive at Russian security firm Kaspersky Lab — were reportedly prosecuted for their part in an investigation into Pavel Vrublevsky, a convicted cybercriminal who ran one of the world’s biggest spam networks and was a major focus of my 2014 [...]

Payroll Provider Gives Extortionists a Payday

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the process of restoring service to customers. Roswell, Ga. based Apex HCM is a cloud-based payroll software company that serves some 350 payroll service bureaus that in turn provide payroll services to small and mid-sized [...]

New Breed of Fuel Pump Skimmer? Not Really

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message. KrebsOnSecurity has since learned those claims simply don’t hold water. An earlier version of this story cited an alert sent by the U.S. Secret Service and interviews with a company that helps merchants secure their payment terminals. The claims were that a circular device found on the side of a [...]

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...]

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web [...]

Patch Tuesday, February 2019 Edition

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday. It also bundles fixes to quash threats relevant to end users, including critical updates for Adobe Flash Player and Microsoft Office, as well as a zero-day bug [...]

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever. Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. The first signs of the attack came on the morning of [...]