krebs

The hacker who took over San Francisco's Muni got hacked

lenovo-victim

Last week, the San Francisco Municipal Light Rail system (the Muni) had to stop charging passengers to ride because a ransomware hacker had taken over its network and encrypted the drives of all of its servers. Read the rest

Two hackers are selling DDoS attacks from 400,000 IoT devices infected with the Mirai worm

mirai-spam-censored

The Mirai worm -- first seen attacking security journalist Brian Krebs with 620gbps floods, then taking down Level 3, Dyn and other hardened, well-provisioned internet giants, then spreading to every developed nation on Earth (and being used to take down some of those less-developed nations) despite being revealed as clumsy and amateurish (a situation remedied shortly after by hybridizing it with another IoT worm) -- is now bigger than ever, and you can rent time on it to punish journalists, knock countries offline, or take down chunks of the core internet. Read the rest

Internet of Things botnet threatens to knock the entire country of Liberia offline

un-liberia-png

The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services. Read the rest

China electronics maker will recall some devices sold in U.S. after massive IoT hack

000892a2-800

A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware

l3outage

Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

California DMV thinks "INFOS3C" is a dirty word

license_20161017210841_22288

The California DMV has rejected Opendns founder David Ulevitch's application for an "1NFOS3C" vanity license plate because it includes "a term of lust or depravity." Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

1476217504747570

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

1475518873610753

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

HP blinked! Let's keep the pressure on! [PLEASE SHARE!]

hp-drm-og_0-1

Only three days after EFF's open letter to HP over the company's deployment of a stealth "security update" that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can

idaho-l-0010_teton_dam_flood

On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

Deep Insert skimmers: undetectable, disposable short-lived ATM skimmers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1053

NCR reports in-the-wild sightings of "deep skimmers" (tiny, disposable card-skimmers that run on watch batteries and use crude radios to transmit to a nearby base-station) on ATMs around the world: "Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States." Read the rest

Ransomware hackers steal a hospital. Again.

methodhop

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest

Phishers make off with W2 tax forms for several thousand Seagate employees

w-2-red

Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest

Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network

FI9286P.png

Cheap Internet of Things devices like Foscam's home CCTVs are designed to covertly tunnel out of your home network, bypassing your firewall, so they can join a huge P2P network of 7 million other devices that is maintained and surveilled by their Chinese manufacturer. Read the rest

How fraudsters' call centers work

callme

Say you've just scammed someone out of all their financial details using an online fraud, but now you need to call up their bank and impersonate them, and you don't speak their language, have the wrong accent, or are of a different gender -- what do you do? Read the rest

Paypal rolls out the welcome mat for hackers

online_payment (2)

It's not bad enough that Paypal is prone to shutting down your account and seizing your dough if you have a particularly successful fundraiser -- they also have virtually no capacity to prevent hackers from changing the email address, password and phone numbers associated with your account, even if you're using their two-factor authentication fob. Read the rest

Someone snuck skimmers into Safeway stores

884e7ccba94f425b100ff63eca072ae1

Some Safeway customers in California and Colorado who used debit/credit cards have had their card numbers and PINs slurped up by criminals who then took the cards out for spending sprees. Read the rest

Next page