As predicted, CISA chief Chris Krebs was fired by outgoing president Donald Trump. And Trump did it by tweet, appending a bunch of garbage disinformation to the firing announcement. Twitter added a factchecking label.
Chris Krebs was fired over statements debunking disinformation Trump was spreading about 2020 election "voter fraud," for which there is no evidence. — Read the rest
When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin.
In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.
Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs — at one point conspiring to get him arrested by sending him heroin via the Silk Road — has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. — Read the rest
Brian Krebs is a security expert and investigative journalist who has published numerous ground-breaking stories about the online criminal underground, much to the consternation of the criminal underground. Krebs has been the victim of much harassment, including a dangerous SWATting (where someone called a SWAT team to Krebs's door, having told them that an armed gunman was inside). — Read the rest
Last week, I blogged Brian Krebs's amazing piece on AsylumBooter, a cheesy denial-of-service-for-hire site apparently run by a 17-year-old Chicago-area honor-roll student named Chandler Downs, whose PayPal account was flush with more than $30,000 paid by people who'd launched more than 10,000 online attacks. — Read the rest
Last week, Brian Krebs (a respected security researcher and journalist who often publishes details about high-tech crime) was SWATted — that is, someone defrauded his local police department into sending a SWAT team to his house, resulting in his getting confronted by gun-wielding, hair-trigger cops who had him lie on the ground and cuffed him before it was all sorted out. — Read the rest
Students and staff at Stanford University, the University of California, the University of Colorado, and other institutions were warned to be on alert after a widespread security breach compromised personal data files during a nationwide cyberattack on the schools' computer systems. — Read the rest
The Zoom bond hearing for Graham Clark, 17, who is accused of hijacking famous people's Twitter accounts in a cryptocurrency scam, was interrupted this morning by Zoombombers "shouting racial slurs, playing music and showing pornographic images," according to ABC News. — Read the rest
Simon Chandler writes on Forbes:
— Read the rest
Gun advocacy and conservative groups are responsible for astroturfing the reopen America campaign that has swept the US in recent days, according to research from cybersecurity experts.
Since April 15, protests against coronavirus lockdown measures have been sweeping across various American states.
The domain Corp.com is similar to an internal address used by Windows servers, and as a result whoever controls it gains access to a stream of private and proprietary data constantly fired at it by mistake. Its longtime owner decided to sell the domain, raising fears that nefarious agents might buy it and cause trouble. — Read the rest
The U.S. government will launch a program about a month from now to help state officials prevent ransomware attacks on voter registration databases and systems, ahead of the 2020 presidential election.
Insider attacks, cell-site simulators, SIM-swap attacks, thriving markets in super-cheap, fine-grained location data, robocalls, fictitious coverage maps, and more: does the fact that all this terrible shit keeps happening, and only gets worse, mean that mobile companies and the FCC just don't give a fuck if your mobile phone is a crime wave you carry around with you on your pocket?
I got a fun reminder last night that there a lot of greasy people out there doing a whole lot of greasy shit unto others. Last night, I was taken on a walk down memory lane: I received an email with an old password I used to use in the subject line. — Read the rest
First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.
OG Users is a forum for people who steal login credentials for online services, mostly to sell desirable login-names for popular services like Instagram; it attained notoriety when Motherboard's Lorenzo Franceschi-Bicchierai linked the forum to an epidemic of SIM-swapping attacks; a few months later, the Reply All podcast devoted an episode to the forum.
Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims' devices via a commercial program that steals photos and recordings from their devices.
"Change your Facebook password right now" is the instructive title of a news story at Wired today, sourced to a report at Krebs on Security.
A San Juan county assault case has been thrown out after it was revealed that Sheriff Ron Krebs had used the courtroom's cameras to zoom in on the notes of the defense attorney and a juror.
When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. — Read the rest