As predicted, CISA chief Chris Krebs was fired by outgoing president Donald Trump. And Trump did it by tweet, appending a bunch of garbage disinformation to the firing announcement. Twitter added a factchecking label.
Chris Krebs was fired over statements debunking disinformation Trump was spreading about 2020 election "voter fraud," for which there is no evidence. — Read the rest
When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin.
Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs — at one point conspiring to get him arrested by sending him heroin via the Silk Road — has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. — Read the rest
Brian Krebs is a security expert and investigative journalist who has published numerous ground-breaking stories about the online criminal underground, much to the consternation of the criminal underground. Krebs has been the victim of much harassment, including a dangerous SWATting (where someone called a SWAT team to Krebs's door, having told them that an armed gunman was inside). — Read the rest
Last week, I blogged Brian Krebs's amazing piece on AsylumBooter, a cheesy denial-of-service-for-hire site apparently run by a 17-year-old Chicago-area honor-roll student named Chandler Downs, whose PayPal account was flush with more than $30,000 paid by people who'd launched more than 10,000 online attacks. — Read the rest
Last week, Brian Krebs (a respected security researcher and journalist who often publishes details about high-tech crime) was SWATted — that is, someone defrauded his local police department into sending a SWAT team to his house, resulting in his getting confronted by gun-wielding, hair-trigger cops who had him lie on the ground and cuffed him before it was all sorted out. — Read the rest
Students and staff at Stanford University, the University of California, the University of Colorado, and other institutions were warned to be on alert after a widespread security breach compromised personal data files during a nationwide cyberattack on the schools' computer systems. — Read the rest
Well perhaps unsurprisingly the accused Twitter hacker-Bitcoin thief's first (virtual) hearing was shut down within 25 minutes due to relentless Zoombombing. (It ended a minute after this when someone screenshared a Porn Hub video.) pic.twitter.com/fGiceq4WfN
The Zoom bond hearing for Graham Clark, 17, who is accused of hijacking famous people's Twitter accounts in a cryptocurrency scam, was interrupted this morning by Zoombombers "shouting racial slurs, playing music and showing pornographic images," according to ABC News. — Read the rest
The domain Corp.com is similar to an internal address used by Windows servers, and as a result whoever controls it gains access to a stream of private and proprietary data constantly fired at it by mistake. Its longtime owner decided to sell the domain, raising fears that nefarious agents might buy it and cause trouble. — Read the rest
The U.S. government will launch a program about a month from now to help state officials prevent ransomware attacks on voter registration databases and systems, ahead of the 2020 presidential election.
I got a fun reminder last night that there a lot of greasy people out there doing a whole lot of greasy shit unto others. Last night, I was taken on a walk down memory lane: I received an email with an old password I used to use in the subject line. — Read the rest
First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.
Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims' devices via a commercial program that steals photos and recordings from their devices.
When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. — Read the rest