tsu doh nimh - Slashdot User

Submission + - Proxy Service 911[.]re Closes After Disclosing Breach (krebsonsecurity.com)

Submitted by tsu doh nimh on Saturday July 30, 2022 @11:04AM

tsu doh nimh writes: 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations, KrebsOnSecurity reports.

"On July 28th, a large number of users reported that they could not log in the system," the statement continues. "We found that the data on the server was maliciously damaged by the hacker, resulting in the loss of data and backups. Its [sic] confirmed that the recharge system was also hacked the same way. We were forced to make this difficult decision due to the loss of important data that made the service unrecoverable."

Operated largely out of China, 911 was an enormously popular service across many cybercrime forums, and it became something akin to critical infrastructure for this community after two of 911's longtime competitors — malware-based proxy services VIP72 and LuxSock — closed their doors in the past year.

911 wasn't the only major proxy provider disclosing a breach this week tied to unauthenticated APIs: On July 28, KrebsOnSecurity reported that internal APIs exposed to the web had leaked the customer database for Microleaves, a proxy service that rotates its customers' IP addresses every five to ten minutes. That investigation showed Microleaves — like 911 — had a long history of using pay-per-install schemes to spread its proxy software.

Submission + - IT Gulag: Russia to Rent Tech-Savvy Prisoners to Corporate IT (krebsonsecurity.com) 1

Submitted by tsu doh nimh on Monday May 02, 2022 @08:56PM

tsu doh nimh writes: Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Submission + - Experian API Exposed Credit Scores of Most Americans (krebsonsecurity.com)

Submitted by tsu doh nimh on Thursday April 29, 2021 @01:20PM

tsu doh nimh writes: Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Submission + - Three Top Russian Cybercrime Forums Hacked (krebsonsecurity.com)

Submitted by tsu doh nimh on Thursday March 04, 2021 @01:12PM

tsu doh nimh writes: Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.

Submission + - Why So Many Top Hackers Come from Russia (krebsonsecurity.com)

Submitted by tsu doh nimh on Saturday June 24, 2017 @02:19PM

tsu doh nimh writes: Brian Krebs has an interesting piece this week on one reason that so many talented hackers (malicious and benign) seem to come from Russia and the former Soviet States: It's the education, stupid. Krebs's report doesn't look at the socioeconomic reasons, but instead compares how the US and Russia educate students from K-12 in subjects which lend themselves to a master in coding and computers — most notably computer science. The story shows that the Russians have for the past 30 years been teaching kids about computer science and then testing them on it starting in elementary school and through high school. The piece also looks at how kids in the US vs. Russia are tested on what they are supposed to have learned.

Submission + - OneLogin Says Breach Exposed Ability to Unecrypt Customer Data (krebsonsecurity.com)

Submitted by tsu doh nimh on Thursday June 01, 2017 @12:04PM

tsu doh nimh writes: OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data, KrebsOnSecurity reports. "A breach that allowed intruders to decrypt customer data could be extremely damaging for affected customers. After OneLogin customers sign into their account, the service takes care of remembering and supplying the customer's usernames and passwords for all of their other applications."

Submission + - Inside a Phishing Gang that Targets Victims of iPhone Theft (krebsonsecurity.com)

Submitted by tsu doh nimh on Wednesday March 15, 2017 @01:36PM

tsu doh nimh writes: Brian Krebs has a readable and ironic story about a phishing-as-a-service product that iPhone thieves can use to phish the Apple iCloud credentials from people who have recently had an iPhone lost or stolen. The phishing service — which charged as much as $120 for successful phishing attempts targeting iPhone 6s users — was poorly secured, and a security professional that Krebs worked with managed to guess several passwords for users on the service. From there, the story looks at how this phishing service works, how it tracks victims, and ultimately how one of its core resellers phished his own iCloud account and inadvertently gave his exact location as a result.

Submission + - Software Vendor Who Hid Supply Chain Breach Outed (krebsonsecurity.com)

Submitted by tsu doh nimh on Wednesday February 22, 2017 @01:14PM

tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called "supply chain" malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation's largest companies. This intrusion would probably not be that notable if the software vendor didn't have a long list of Fortune 500 customers, and if the attackers hadn't also compromised the company's update servers — essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site — not linking to it anywhere. Brian Krebs went and digged it up.

Comment Not operating for decades (Score 3, Informative) 74

by tsu doh nimh on Friday September 09, 2016 @08:24AM (#52853839) Attached to: Israeli DDoS Provider 'vDOS' Earned $600,000 In Two Years

The summary is wrong. The author didn't say the service has been operating for decades. It said its likely to have been responsible for several decades' worth of attacks, which this service measured in seconds. Since the service allows many concurrent attacks, Krebs said that in four months time the site was responsible for 8 years ("DDoS years) worth of attacks.

Submission + - DHS Offering Free Vulnerability Scans, Penetration Tests (krebsonsecurity.com)

Submitted by tsu doh nimh on Tuesday December 01, 2015 @01:20PM

tsu doh nimh writes: The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies â" mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help âoecritical infrastructureâ companies shore up their computer and network defenses against real-world adversaries. And itâ(TM)s all free of charge (well, on the U.S. taxpayerâ(TM)s dime). Brian Krebs examines some of the pros and cons, and the story has some interesting feedback from some banks and others who have apparently taken DHS up on its offer.

Submission + - Tracking a Bluetooth ATM Skimming Gang in Mexico

Submitted by tsu doh nimh on Friday September 18, 2015 @10:17AM

tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn't have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs's series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity.

Submission + - Extortionists Begin Targeting AshleyMadison Users, Demand Bitcoin

Submitted by tsu doh nimh on Friday August 21, 2015 @02:37PM

tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids.

Submission + - Sign Up at irs.gov Before Crooks Do It For You (krebsonsecurity.com)

Submitted by tsu doh nimh on Monday March 30, 2015 @11:27AM

tsu doh nimh writes: If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view you current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.

Submission + - Evolution Market's Admins Are Gone, Along with $12M in Bitcoin (krebsonsecurity.com)

Submitted by tsu doh nimh on Wednesday March 18, 2015 @01:11AM

tsu doh nimh writes: The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community's bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.

Submission + - Lizard Stresser DDoS-for-Hire Service Built on Hacked Home Routers (krebsonsecurity.com) 2

Submitted by tsu doh nimh on Friday January 09, 2015 @01:50PM

tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345'. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.

Slashdot Top Deals