Krebs on Security

In-depth security news and investigation
  1. Trump Hotels Hit By 3rd Card Breach in 2 Years
    Maybe some of you missed this amid all the breach news recently (I know I did), but Trump International Hotels Management LLC last week announced its third credit-card data breach in the past two years. I thought it might be useful to see these events plotted on a timeline, because it suggests that virtually anyone who used a credit card at a Trump property in the past two years likely has had their card data stolen and put on sale in the cybercrime underground as a result.
  2. Experts in Lather Over ‘gSOAP’ Security Flaw
    Axis Communications -- a maker of high-end security cameras whose devices can be found in many high-security areas -- recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices. The problem wasn't specific to Axis, which seems to have reacted far more quickly than competitors to quash the bug. Rather, the vulnerability resides in open-source, third-party computer code that has been used in countless products and technologies (including a great many security cameras), meaning it may be some time before most vulnerable vendors ship out a fix -- and even longer before users install it.
  3. Porn Spam Botnet Has Evil Twitter Twin
    Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting "online dating" programs -- affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of more than 80,000 automated female Twitter accounts has been pimping the same dating scheme and ginning up millions of clicks from Twitter users in the process.
  4. Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’
    A greater number of ATM skimming incidents now involve so-called "insert skimmers," wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. New evidence suggests that at least some of these insert skimmers -- which record card data and store it on a tiny embedded flash drive are -- equipped with technology allowing it to transmit stolen card data wirelessly via infrared, the same technology built into a television remote control.
  5. Adobe, Microsoft Push Critical Security Fixes
    It's Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe's got a new version of its Flash Player available that addresses at least three vulnerabilities.
  6. Self-Service Food Kiosk Vendor Avanti Hacked
    Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company has acknowledged. The breach may have jeopardized customer credit card accounts as well as biometric data, Avanti warned.
  7. B&B Theatres Hit in 2-Year Credit Card Breach
    B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems. The acknowledgment comes just days after KrebsOnSecurity reached out to the company for comment on reports from financial industry sources who said they suspected the cinema chain has been leaking customer credit card data to cyber thieves for the past two years.
  8. Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’?
    In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things (IoT) devices like security cameras and Internet routers for use in large-scale cyberattacks. Investigators haven’t yet released the man’s name, but news reports suggest he may be better known by the hacker handle “Bestbuy.” This post will follow a trail of clues back to one likely real-life identity of Bestbuy.
  9. Is it Time to Can the CAN-SPAM Act?
    Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful.
  10. So You Think You Can Spot a Skimmer?
    This week marks the 50th anniversary of the automated teller machine -- better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the ATM. Think you're good at spotting the various scams? A newly released ATM fraud inspection guide may help you test your knowledge.

Is Your Network At Risk?

  • Is Your Network an Easy Target? Search Networks That Can Be Breached

Cyber Security Associations

Cyber Security Tips

  • Microsoft Windows Update+

    Microsoft goes to great lengths to provide security patches through "Windows Update". Apply these patches on a weekly basis to…
  • Virus Protection+

    Make sure to install Virus Protection software and run updates on a weekly basis to catch new threats.…
  • 1