A new twist on an old email scam making the rounds addresses its recipients by name and uses an actual password (hopefully deprecated). They attempt to blackmail victims, and it's definitely a little anxiety-inducing to see an old password written out.
Representatives from 8 of America's largest technology companies met with U.S. intelligence officials in May to talk about how to respond to the ongoing Russian cyber-attacks and foreign influence campaigns that affected our 2016 elections, and could alter the course of year's midterms. — Read the rest
Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security was terrible, and their service would be trivial to hack and abuse).
If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report.
.cm is the top-level domain for Cameroon, and the major use-case for .cm domains is typosquatting — registering common .com domains as .cm domains (like microsoft.cm or apple.cm), in the hopes of nabbing traffic from users who fatfinger while typing a domain, and sometimes serving them malware or directing them to scams.
The use of fake cellphone towers, known as Stingrays or IMSI catchers, plays well with the nation's spy agencies and in some police jurisdictions. The authorities just can't get enough of being able to locate or listen in on private phone calls! — Read the rest
On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers.
This is fascinating: Millions of clocks across Europe have lost time, because of a dispute over electricity generation.
Citizens across Europe had been noticing that clocks in certain devices — LED-style alarm clocks, stoves, and microwaves — had been gradually losing time over the last few weeks. — Read the rest
Lower Days Ahead is an Amazon print on demand paperback book filled with nonsense sentences, the kind found in spam email to make its way past Bayesian filters. The author is "Patrick Reames" but when Reames received a 1099 form from Amazon he made $24,000 selling the book he was surprised, because he didn't write it or get any money from the sale of the book. — Read the rest
Amazon reported to the IRS that Patrick Reames had made $24,000 selling books on its Createspace self-publishing platform, but Patrick Reames never got a dime of that money; it appears that a money-launderer who had Reames's Social Security Number used a fake book to cash out money from stolen credit cards by buying the garbage book repeatedly and pocketing the 70% from each sale.
The marbled crayfish (Procambarus virginalis) is a mutant slough crayfish (Procambarus fallax) an American species; the mutation that allowed slough crayfish to reproduce asexually by cloning itself occurred a mere 25 years ago, and it came to Germany as an aquarium pet in 1995, sold as "Texas crayfish."
A secret American spy satellite code-named Zuma didn't reach orbit in Sunday's failed SpaceX rocket launch. The cost of the missing U.S. government asset, which officially doesn't exist and officially hasn't been lost, is estimated to be in the billions of dollars. — Read the rest
Swatting is the practice of tricking police SWAT teams into storming your victim's home by phoning in fake hostage situations; it's especially prominent among cybercriminals, gamers and was a favored tactic of Gamergater trolls.
Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business.
The US Department of Education's Free Application for Federal Student Aid program requires any student applying for federal aid for college or university to turn over an enormous amount of compromising personal information, including current and previous addresses, driver's license numbers, Green Card numbers, marital details, drug convictions, educational history, tax return details, total cash/savings/checking balances, net worth of all investments, child support received, veterans' benefits, children's details, homelessness status, parents details including SSNs, and much, much more.
Equifax division TALX has a product called The Work Number, where prospective employers can verify job applicants' work history and previous salaries (it's also used by mortgage lenders and others): you can create an account on this system in anyone's name, provided you have their date of birth and Social Security Number. — Read the rest
Oklahoma Senator James Lankford (@SenatorLankford; (405) 231-4941) sounded the alarm about Russian trolls spreading discord about NFL athletes kneeling for the national anthem, citing as evidence a Twitter account called "Boston Antifa" whose "location" field had been filled in "Vladivostok, Russia."
Say you're worried that Equifax has just destroyed your life with its callous disregard for the dossier it compiled on you and your finance; maybe you'll contact an Equifax competitor like Experian and ask them to "freeze" your credit so no one can use that data to open a new account in your name.
Equifax's world-beating breach of 143 million Americans' sensitive personal and financial information was the result of the company's failure to patch a two-month-old bug in Apache Struts, despite multiple reports of the bug being exploited in the wild.
This credit-card skimmer was removed from a New York gas pump; it uses components scavenged from a cellular phone and a T-Mobile SIM to send the credit card details it harvests to its owners, who can retrieve them from anywhere in the world.