HackDig : Dig high-quality web security articles

Fintech Startup Offers $500 for Payroll Passwords

How much is your payroll data worth? Probably a lot more than you think. One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. Thi
Publish At:2021-05-10 14:24 | Read:130 | Comments:0 | Tags:A Little Sunshine Argyle argyle.com Bain Capital Billy Mards

Investment Scammer John Davies Reinvents Himself?

John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish
Publish At:2021-05-07 11:59 | Read:108 | Comments:0 | Tags:A Little Sunshine ABA Group & Associates LTD binary options

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is unflattering. In a world in which all databases — including
Publish At:2021-05-04 17:24 | Read:138 | Comments:0 | Tags:A Little Sunshine Ne'er-Do-Well News

Experian API Exposed Credit Scores of Most Americans

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness
Publish At:2021-04-29 08:09 | Read:224 | Comments:0 | Tags:A Little Sunshine Bill Demirkapi credit score lookup tool Ex

Experian’s Credit Freeze Security is Still a Joke

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me
Publish At:2021-04-26 21:24 | Read:219 | Comments:0 | Tags:A Little Sunshine Latest Warnings CreditLock Dune Thomas Equ

Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry. Earlier this month, a reader pointed my attention to the following notice from Gartner to clients wh
Publish At:2021-04-20 20:29 | Read:266 | Comments:0 | Tags:A Little Sunshine Gartner Inc. Magic Quadrant Medium Patreon

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious fi
Publish At:2021-04-16 09:45 | Read:273 | Comments:0 | Tags:A Little Sunshine CVE-2020-4006 Cybersecurity Infrastructure

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquit
Publish At:2021-03-30 16:16 | Read:324 | Comments:0 | Tags:A Little Sunshine Data Breaches Ubiquiti breach Ubiquiti Inc

No, I Did Not Hack Your MS Exchange Server

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me. The Shadowserver Foundation, a nonprofit that helps network owners identify and fix secu
Publish At:2021-03-28 16:05 | Read:479 | Comments:0 | Tags:A Little Sunshine Babydraco backdoor Babydraco shell David W

RedTorch Formed from Ashes of Norse Corp.

Remember Norse Corp., the company behind the interactive “pew-pew” cyber attack map shown in the image blow? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different vision: RedTorch, which for the past two years has mark
Publish At:2021-03-22 17:00 | Read:487 | Comments:0 | Tags:A Little Sunshine Cheetah Counter Surveillance Frigg Henry M

Fintech Giant Fiserv Used Unclaimed Domain

If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here’s the story of one such goof committed by Fiserv [NASDAQ:FISV], a $15 billion firm that provides online banki
Publish At:2021-03-17 23:54 | Read:539 | Comments:0 | Tags:A Little Sunshine Abraham Vegh CashEdge Credit One Bank defa

A Basic Timeline of the Exchange Mass-Hack

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan hors
Publish At:2021-03-08 21:30 | Read:334 | Comments:0 | Tags:A Little Sunshine Chopper web shell DEVCORE Dubex Orange Tsa

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky propositio
Publish At:2021-03-01 14:00 | Read:391 | Comments:0 | Tags:A Little Sunshine The Coming Storm chrome extensions chrome-

How $100M in Jobless Claims Went to Inmates

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that
Publish At:2021-02-25 18:50 | Read:417 | Comments:0 | Tags:A Little Sunshine Ne'er-Do-Well News Web Fraud 2.0 Blake Hal

What’s most interesting about the Florida water system hack? That we heard about it at all.

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect o
Publish At:2021-02-10 21:30 | Read:542 | Comments:0 | Tags:A Little Sunshine Andrew Hildick-Smith Applied Control Solut