Monday, July 6

Scams Fraud

The next cybersecurity headache: Employees know the rules but just don’t care
Breach Hack, Cyber Security, Free, Guide, Malware Ransomware, Phsihing Spam, Resources, Safety Security, Scams Fraud, Tools Apps Software

The next cybersecurity headache: Employees know the rules but just don’t care

Employees are still ignoring cybersecurity best practice despite being more aware of the risks. Cybersecurity has shot to the top of many IT leaders' priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice, according to new findings. Security firm Trend Micro surveyed more than 13,000 remote workers across 27 countries for its latest Head in the Clouds survey, which sought to understand individuals' attitudes towards risk in terms of cybersecurity. SEE: Mobile d...
Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com
Cyber Security, Free, Parents Family, Phsihing Spam, Privacy Data Protection, Safety Security, Scams Fraud, Tools Apps Software

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. Earlier this year, KrebsOnSecurity heard from the owners of Privnote.com, who complained that someone had set up a fake clone of their site that was fooling quite a few regular users of the service. And it’s not hard to see why: Privnotes.com is confusingly similar in name...
FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy
Breach Hack, Cyber Crime, Cyber Security, Free, Identity Theft, Resources, Safety Security, Scams Fraud, Tools Apps Software

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan arrested 29-year-old Justin Sean Johnson in connection with a 43-count indictment on charges of conspiracy, wire fraud and aggravated identity theft. Federal prosecutors in Pittsburgh allege that in 2013 and 2014 Johnson hacked into the Oracle PeopleSoft databases for UPMC, a $21 billion nonprofit health enterprise that includes more than 40 hospitals. According to the indictment, Johnson stole employee information on all 65...
Russian Cybercrime Boss Burkov Gets 9 Years
Breach Hack, Cyber Crime, Cyber Security, Identity Theft, Malware Ransomware, Safety Security, Scams Fraud

Russian Cybercrime Boss Burkov Gets 9 Years

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Photo: Andrei Shirokov / Tass via Getty Images. Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers. As KrebsOnSecurity not...
COVID-19 ‘Breach Bubble’ Waiting to Pop?
Breach Hack, Cyber Crime, Cyber Security, Free, How-to Tips, Malware Ransomware, Safety Security, Scams Fraud, Tools Apps Software, Virus

COVID-19 ‘Breach Bubble’ Waiting to Pop?

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. The economic laws of supply and demand hold just as true in the business world as they do in the cybercrime space. Global lockdowns from COVID-19 have resulted in far fewer fraudsters willing or able to visit retail stores to use their counterfeit cards, and the decreased demand has severely depressed prices in the underground for purloined card data. An ad for a site sell...
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Breach Hack, Cyber Crime, Cyber Security, Free, How-to Tips, Malware Ransomware, Reviews, Safety Security, Scams Fraud, Tools Apps Software, Virus

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs. Months into the COVID-19 pandemic,countless large and small businesses across the globe are operating in survival mode, focused on pushing through the storm. While companies concentrate on getting through each day and week, one at a time, we would be careless not to encourage them to scrutinize the potential bad actors — specifically, nation-states — that are looking to capitalize on the weaknesses created or exposed by the pandemic. According to a security vendor Radware, by the end of 2019, over a quarter of companies had experienced a foreign government/nation-state attack. In 2018, 19% of organizations believed they were attacked by a nation-state. That f...
COVID-19: Latest Security News & Commentary
Addiction, Breach Hack, Children Teens, Cyber Crime, Cyber Security, Free, Games, Guide, How-to Tips, Identity Theft, Malware Ransomware, Marketing, Parents Family, Phsihing Spam, Privacy Data Protection, Resources, Safety Security, Scams Fraud, Senior Aging, Social Media, Tools Apps Software, Virus

COVID-19: Latest Security News & Commentary

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic. ') } else document.write('') Image Source: CDC Newsroom Image library 07/01/2020Another COVID-19 Side Effect: Rising Nation-State Cyber ActivityWhile financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs. 06/30/2020COVID-19 Puts ICS Security Initiatives 'On Pause'Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk. CISA Issues Advisory on Home RoutersThe increase in work-from-home employees raises the importance of home router security. Profile of the Po...
Anatomy of a Long-Con Phish
Addiction, Children Teens, Cyber Security, Free, Identity Theft, Malware Ransomware, Parents Family, Phsihing Spam, Resources, Safety Security, Scams Fraud, Senior Aging, Social Media

Anatomy of a Long-Con Phish

A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.Phishing is one of the oldest fraud techniques online. Phishers often utilize a spray-and-pray method to hit as many potential victims as possible. The aim of such an attack is quick profit via the harvesting of user login or banking credentials. Once the victim surrenders his/her valuable information, the phisher moves on, either to the next victim or a different campaign altogether. But some phishing attacks are entirely different. For the lack of a better term, I call them "long-con phishing." I was on the receiving end of one such phishing scam recently. In March, I received this LinkedIn message: ') } else document.write('') Even...
Beware “secure DNS” scam targeting website owners and bloggers
Breach Hack, Cyber Security, Free, How-to Tips, Malware Ransomware, Phsihing Spam, Privacy Data Protection, Safety Security, Scams Fraud, Virus

Beware “secure DNS” scam targeting website owners and bloggers

If you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners. We certainly do – both Naked Security and our sister site Sophos News are hosted by WordPress VIP. That’s not a secret (nor is it meant to be), not least because most providers identify themselves in the HTTP headers they send back in their web replies, if only as a matter of courtesy: $ getheaders https://news.sophos.com Connecting... OK. TLS handshake... OK. ---headers--- server: nginx date: Mon, 29 Jun 2020 10:21:21 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header...
Google joins Apple in limiting web certificates to one year
Breach Hack, Cyber Security, Free, Identity Theft, Parents Family, Safety Security, Scams Fraud, Tools Apps Software

Google joins Apple in limiting web certificates to one year

Our chums over at online IT publication The Register just spotted an interesting code change in the Chromium browser from last week. Google, it seems, is joining Apple in limiting the maximum validity of web security certificates – those digitally signed blobs of data that put the S in TLS and the padlock in your address bar – to just one year. The code change is headlined Enforce 398-day validity for certificates issued on-or-after 2020-09-01, and it looks like this: Enforce publicly trusted TLS server certificates have a lifetime of 398 days or less, if they are issued on or after 2020-09-01. Certificates that violate this will be rejected with ERR_CERT_VALIDITY_TOO_LONG and will be treated as misissued. Apple announced back in February 2020 that it was going to start doing this i...