HackDig : Dig high-quality web security articles for hacker

Got Robocalled? Don’t Get Mad; Get Busy.

Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who chose to hang on the line and see where one of these robocalls
Publish At:2017-06-25 22:45 | Read:153 | Comments:0 | Tags:Other Do Not Call registry Farsight Security Federal Communi

FBI: Extortion, CEO Fraud Among Top Online Fraud Complaints in 2016

Online extortion, tech support scams and phishing attacks that spoof the boss were among the most costly cyber scams reported by consumers and businesses last year, according to new figures from the FBI’s Internet Crime Complaint Center (IC3). The IC3 report released Thursday correctly identifies some of the most prevalent and insidious forms of cyberc
Publish At:2017-06-23 15:30 | Read:152 | Comments:0 | Tags:Other bleepingcomputer.com Catalin Cimpanu ceo fraud extorti

Why So Many Top Hackers Hail from Russia

Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented I
Publish At:2017-06-22 21:05 | Read:173 | Comments:0 | Tags:Other Alan Paller Frost & Sullivan informatics ISACA ISC2 mi

Credit Card Breach at Buckle Stores

The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data. The disclosure came hours after KrebsOnSecurity contacted the company regarding reports from sources in the financial sector about a possible breach at the ret
Publish At:2017-06-17 12:10 | Read:202 | Comments:0 | Tags:Other credit card breach EMV Experian POS malware The Buckle

Inside a Porn-Pimping Spam Botnet

For several months I’ve been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I’ve unearthed so far to see if this dovetails with any other research out there. In late October 2016, an anonymous source shared with Kreb
Publish At:2017-06-15 23:20 | Read:169 | Comments:0 | Tags:Other 55687349 AmateurMatch cecash CyberErotica Deniro Marke

Microsoft, Adobe Ship Critical Fixes

Microsoft today released security updates to fix almost a hundred security flaws in its various Windows operating systems and related software. One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. Separately, Adobe has pushed critical updates for its Flash and Shoc
Publish At:2017-06-13 16:05 | Read:193 | Comments:0 | Tags:Other Adobe Flash Player update June 2017 CVE-2017-8543 Edge

Following the Money Hobbled vDOS Attack-for-Hire Service

A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. Last fall, two 18-year-old Israeli men were arrested for allegedly running vDOS, perhaps the most successful booter s
Publish At:2017-06-06 18:20 | Read:201 | Comments:0 | Tags:Other attack years Bitcoin booter Hackforums New York Univer

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and identity management for cloud-base applications. OneLogin count
Publish At:2017-06-01 20:45 | Read:183 | Comments:0 | Tags:Other Alvaro Hoyos Motherboard OneLogin breach

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems.  Last week I began hearing from smaller banks and credit unions who said they strongly suspected another card breach at Kmart. Some of those institutions received alerts from the credit card companies about batch
Publish At:2017-06-01 02:20 | Read:237 | Comments:0 | Tags:Other Chris Brathwaite Kmart credit card breach 2017 Sears H

Trump’s Dumps: ‘Making Dumps Great Again’

It’s not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for their shops that run incessantly on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald character from McDonald’s and caters to bulk buyer
Publish At:2017-05-26 17:30 | Read:437 | Comments:0 | Tags:Other Dark Web DomainTools.com Home Depot breach Magento McD

MolinaHealthcare.com Exposed Patient Records

Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare providers with similar website problems, and that the other two pro
Publish At:2017-05-25 23:05 | Read:305 | Comments:0 | Tags:Other Molina Healthcare breach True Health Group breach

Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator
Publish At:2017-05-22 21:25 | Read:294 | Comments:0 | Tags:Other AGI Averlock Investigations Diverseeducation.com Donal

Should SaaS Companies Publish Customers Lists?

A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making it relatively simple for attackers to chose their targets. Thi
Publish At:2017-05-22 21:25 | Read:366 | Comments:0 | Tags:Other cxotalk.com Google Docs phishing Michael Krigsman OAut

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees a
Publish At:2017-05-19 01:10 | Read:474 | Comments:0 | Tags:Other avivah litan Equifax Gartner Inc. ICSI identity theft

Breach at DocuSign Led to Targeted Email Malware Campaign

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerou
Publish At:2017-05-16 17:55 | Read:318 | Comments:0 | Tags:Other DocuSign breach DocuSign phishing macro exploit Micros

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud