identity theft and scams
Welcome to
Your best source for presentations, workshops, consultation, news, videos, and information about identity theft, scams, data breaches, and other information security threats. For more information about our services, please click HERE.
 
Resources and Expertise to Combat Identity Theft, Scams, and Social Engineering
identitytheft.info
spacer
spacer
There Have Been 
 
 Identity Theft Victims Year-To-Date
CATEGORIES
Latest Identity Theft News
Massive' Identity Theft Ring Could Affect 1 in 20 Utahns, Police Say
Monday, February 20, 2017
deseretnews.com
The group is accused of obtaining personal information — including the Social Security numbers and dates of birth of more than 143,000 people. That means approximately 1 in every 20 Utahns has the potential of becoming victims of identity theft by members of this group, said Diana Hagen, the first assistant U.S. attorney for Utah.
5 Data Breach Threats Your Small Business Should Prepare For
Monday, February 20, 2017
businessnewsdaily.com
Securing sensitive information has never been more difficult with new malware threats that seem to pop up every single year. Data breaches affect even the most renowned companies like Yahoo, LinkedIn and Dropbox, to name a few. For small businesses, in particular, being ready for a data breach is essential to survival if — or more likely, when — one occurs.
IRS Warns of Video Relay Scam Targeting Deaf and Hard of Hearing
Monday, February 20, 2017
irs.gov
Every day scammers come up with new ways to steal taxpayers’ identities and personal information. Some scammers pretend to be from the IRS with one goal in mind: to steal money. Be aware that con artists will use video relay services (VRS) to try to scam deaf and hard of hearing individuals. Don’t become a victim. Deaf and hard of hearing taxpayers should avoid giving out personal and financial information to anyone they do not know. Always confirm that the person requesting personal information is who they say they are. Do not automatically trust calls just because they are made through VRS. VRS interpreters do not screen calls for validity.
Tax Scams via Video Relay Service [video]
Monday, February 20, 2017
irs.gov
The IRS warns the Deaf and hard of hearing community about an increasing number of tax scammers that use the Video Relay Services (VRS).
RSA Conference: Lessons From a Billion Breached Data Records
Monday, February 20, 2017
esecurityplanet.com
Troy Hunt sees more breached records than most of us, running the popular ethical data breach search service "Have I been pwned." In a session at the RSA Conference this week, Hunt entertained the capacity crowd with tales both humorous and frightening about breaches that he has been involved with.
Phishing Campaign Uses Yahoo Breach to Hook Email
Monday, February 20, 2017
csoonline.com
The Yahoo breach news is another opportunity for industrious criminals to prey on user concern about account security. Here's what to look for in the latest phishing hook.
Senator Seeks Answers on Border Cell Phone Searches
Monday, February 20, 2017
cnn.com
Can the government demand you unlock your phone at the airport? A senior Senate Democrat is demanding the Department of Homeland Security explain reports that it's doing just that. Oregon Sen. Ron Wyden, a senior member of the Senate Intelligence Committee and privacy hawk, is set to send a letter to DHS Secretary John Kelly calling reports that Americans were required to unlock their smartphones "deeply troubling," asking what legal authority allows for it.
Law Firm Cybersecurity: An Industry at Serious Risk
Monday, February 20, 2017
teachprivacy.com
Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.
Florida Man Gets 48 Months for $1.3M Spam Email Scheme
Saturday, February 18, 2017
darkreading.com
Florida resident Timothy Livingston has been sentenced by a US district court to 48 months in prison for computer hacking, identify theft, and email fraud. A US Department of Justice release said Livingston made more than $1.3 million in illegal profits through his hacking scheme.
The Seven Most Dangerous New Attack Techniques and What's Coming Next
Saturday, February 18, 2017
rsaconference.com
Which are the most dangerous new attack techniques? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced briefing provides answers from the three people best positioned to know the answers: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the US and the top expert on cyberattacks on industrial control systems.
Check That Czech Post Email! It Could Be a Smishing Scam
Saturday, February 18, 2017
tripwire.com
Phishing scams are a persistent threat to users’ inboxes. But that’s not all they target. Fraudsters have other ways of delivering their ploys to unsuspecting users. One of the more common techniques is known as smishing. It’s when a scammer sends a phishing ploy containing a suspicious link via SMS text message to a user’s phone.
The 2017 Phishing Trends & Intelligence Report Is Now Available
Saturday, February 18, 2017
info.phishlabs.com
As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening.
The Bright-Eyed Talking Doll That Just Might Be a Spy
Saturday, February 18, 2017
nytimes.com
Cayla is a blond, bright-eyed doll that chatters about horses and hobbies. She plays games and accurately answers questions about the world at large. She could also be eavesdropping on your child.
IRS Dirty Dozen: Phishing, Phone Cons and Identity Theft Lead Scam List for 2017
Saturday, February 18, 2017
networkworld.com
The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.
Tribal Members Warned of Data Breach After Hard Drive Theft
Saturday, February 18, 2017
nbcmontana.com
A Bureau of Indian Affairs spokeswoman says more than 20,000 members of two Montana American Indian tribes were notified of a potential data breach involving their personal information...The unencrypted device contained names, addresses, birthdates and tribal enrollment information for members of the Crow and Northern Cheyenne Tribes.
Brooklyn Gang Members Busted for Financial Fraud, Stealing From Banks
Saturday, February 18, 2017
nydailynews.com
A group of Brooklyn gang members were busted for stealing from various banks...Nine members of Folk Nation, Flatbush G-Stone Crips and a subset of the 8-Tray Crips gang called “Bosses in Business” allegedly deposited 241 counterfeit checks — then withdrew over $94,000 from 71 unsuspected financial institutions.
Ransomware Growth Fueled by Russian-Speaking Cybercriminals
Friday, February 17, 2017
darkreading.com
A study by security vendor Kaspersky Lab shows that Russian-speaking individuals and cybercrime groups are responsible for a major proportion of ransomware development and distribution activities globally.
Yahoo May Pay a Steep Price for Data Breaches
Friday, February 17, 2017
nytimes.com
So how much does it cost when hackers have breached your corporate defenses and stolen information from at least a billion user accounts? For Yahoo, the answer is close to $300 million. That’s how much may soon be knocked off the price that Verizon, the telecom giant, will pay to acquire the fading internet pioneer, write Michael de la Merced and Vindu Goel.
Lone Hacker Rasputin Breaches 60 Universities, Federal Agencies
Friday, February 17, 2017
zdnet.com
Universities are a top target, with Cornell University, New York University (NYU), Purdue University, Michigan State University, the Rochester Institute of Technology, and the University of Washington among those affected in the US. Over in the UK, Rasputin has also targeted academic institutions including the University of Cambridge, University of Oxford, the University of Edinburgh, and the Architectural Association School of Architecture.
Security Breach Steals Tax Info for All Bloomington Public School Employees
Thursday, February 16, 2017
startribune.com
Personal information for 2,800 current and former Bloomington public school employees was stolen in an e-mail phishing scam, school district officials said. The school district is investigating the security breach, in which the 2016 federal W-2 tax forms of all employees were released...The information was released when an employee in the district's finance department responded to an e-mail Friday morning appearing to be from someone in the school district requesting the information.
Wendy's Should Face Data Breach Suit, Magistrate Says
Thursday, February 16, 2017
law360.com
A federal magistrate judge recommended on Monday that the district court reject Wendy's bid to dismiss a class action brought by 26 financial institutions against the fast-food giant for allegedly failing to thwart a data breach, saying the plaintiffs have adequately pled negligence and deceptive trade practices claims.
Who Ran Leakedsource.com?
Thursday, February 16, 2017
krebsonsecurity.com
Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn and Myspace. In a development that could turn out to be deeply ironic, it seems that the real-life identity of LeakedSource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.
Former Google CEO Says Everyone Forgot Criminals When Building the Internet
Thursday, February 16, 2017
money.cnn.com
When people built the internet, they forgot about the bad guys. At least, that's according to Eric Schmidt, executive chairman of Alphabet and former Google CEO. At the RSA security conference in San Francisco on Wednesday, Schmidt spoke about the early days of his career building a network and mail system in the late 1970s while in a Masters program at the University of California, Berkeley. He touched on why internet security is still an ongoing issue, and why it's not completely secure by default. "We now find ourselves back fixing it over and over again," Schmidt said. "You keep saying, 'Why didn't we think about this?' Well the answer is, it didn't occur to us that there were criminals."
You Can’t Depend on Antivirus Software Anymore
Thursday, February 16, 2017
slate.com
In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second. And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.
Retailers Push Back Against Plans to Boost Security of Online Shopping
Thursday, February 16, 2017
nakedsecurity.com
The European Union is set to insist on better security for online purchases, but a number of retailers are digging their heels in. The idea, which comes from the London-based European Banking Authority, consists of urging extra security for purchases over €10, such as a user-selected passcode number. Computer Business Review is among the publications suggesting that retailers believe any extra steps in a purchase process would reduce the amount of sales actually made. Visa Europe, for example, conducted a survey that suggested €11.2bn a year in online sales, some 2% of the whole market, would be put at risk. It also found that 61% of customers would abandon a purchase if there were an extra step involved.
What Real-Life Kidnappings Can Teach Us About Dealing With Digital Ones
Thursday, February 16, 2017
nbcnews.com
While the methods are literally as old as ancient history, cyber security experts are now looking to the kidnapping and ransom industry to better understand how to deal with the growing threat of ransomware, which is now a billion dollar a year industry.
Clinton Campaign Tested Staffers With Fake Phishing Emails
Thursday, February 16, 2017
darkreading.com
Email leaks notwithstanding, Hillary Clinton's campaign manager Robby Mook says the campaign conducted regular security training for staffers, which included sending fake phishing emails to campaign staffers to see how they'd be handled.
Valentine's Day Warning: Romance Scams Hit All-Time High
Tuesday, February 14, 2017
bobsullivan.net
Romance Scams — also known as Sweetheart Scams — continue to flourish. Yes, I know you’ve heard about them before, but you need to hear about them again. Loneliness drives people to do crazy things. There isn’t a soul on the planet who hasn’t suffered that fate. Keep a close eye on older, widowed family members who can’t get around much. And on yourself, too. Anyone can be fragile. And the scams are getting more and more clever.
Banks Look to Cellphones to Replace A.T.M. Cards
Tuesday, February 14, 2017
nytimes.com
Wallets can be lost, stolen or forgotten, but most people today wouldn’t be caught dead without their phones. Banks understand, and are grabbing on to that trend. Customers who don’t want to fumble around in their wallet for their A.T.M. card — or who have misplaced it for the umpteenth time — will soon be able to unlock cash dispensers’ coffers by using their phone.
Russell Simmons' RushCard Fined $13 Million for 2015 Outage
Tuesday, February 14, 2017
apnews.com
RushCard, the debit card company founded by hip-hop mogul Russell Simmons, is being fined and forced to pay millions in restitution to customers that were affected by a 2015 outage that cut users off from their money. The Consumer Financial Protection Bureau said Wednesday that it has ordered RushCard and its payment processor, MasterCard, to pay $10 million in restitution to customers as well as a $3 million fine.
ZeekRewards Founder Sentenced for Role in $850 Million Scam
Tuesday, February 14, 2017
abcnews.go.com
The founder of ZeekRewards has been sentenced to nearly 15 years behind bars for his lead role in an $850 million online Ponzi scheme that bilked nearly a million people in the U.S. and abroad.
New Phone Scam Poses as Department of Health Services
Tuesday, February 14, 2017
ktar.com
The Arizona Department of Health Services is warning citizens to beware of a new phone scam. According to a release from the department, the AZDHS received an usual number of phone calls on Monday morning from individuals complaining of a telephone scam. People from nearly 40 different states told the department that they received calls from people asking for personal information, and that the caller ID showed the agency’s phone number.
Woman Warns of IRS Tax Scam
Tuesday, February 14, 2017
kdvr.com
It is tax season and scammers are at it again, posing as the IRS in an effort to steal personal information. Nancy Moore of Greeley says scammers called her and threatened to take her to court if she didn’t pay them thousands of dollars.
'Shock And Awe' Ransomware Attacks Multiply
Tuesday, February 14, 2017
darkreading.com
The data-hostage crisis isn't going away anytime soon: In fact, it's starting to get a lot scarier and destructive, and with a more unpredictable outcome.
Verizon Data Breach Digest Triangulates Humanity Inside Security
Tuesday, February 14, 2017
darkreading.com
If the whole security management services thing doesn't work out, Verizon may want to consider getting into the techno-thriller mystery writing business. Its newly released Data Breach Digest is chockablock with stories of online shenanigans (with some identifying details altered) that would be right at home in an episode of Mr. Robot. The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
Alleged Russian Hacker With Ties to ‘Notorious Cybercriminals’ Arrested in LA
Monday, February 13, 2017
darkreading.com
Law enforcement authorities in Los Angeles have arrested a Russian-born individual on charges that he stole money from thousands of U.S. bank accounts in a cybercrime career dating back to at least 2008. In court papers filed in connection with the February 1 arrest, prosecuting attorneys described Alexander Tverdokhlebov as a well-connected member of several elite Russian-speaking cybercrime forums engaged in extensive money laundering services, selling stolen personal data, and malware tools. The four-count indictment against Tverdokhlebov charges him of using a botnet of around 10,000 infected computers to steal passwords and login credentials to online bank accounts which he and an accomplice, Vadim Polyakov, then used to make fraudulent purchases and illegal withdrawals.
Expert: Line Between Cyber Crooks and Cyber Spies Getting More Blurry
Monday, February 13, 2017
networkworld.com
Cybercriminals acting on behalf of national governments and nation-backed espionage agents carrying out cybercrimes for cash on the side is the future of security threats facing corporations and governments, says the former top U.S. attorney in charge of the Department of Justice’s national security division.
Polish Bank Malware Targets IP Addresses in 31 Countries - Symantec
Monday, February 13, 2017
finextra.com
Hackers who succeeded in penetrating the Websites of several Polish banks last week appear to be behind a wave of malware attacks that have targeted banks in 31 countries since the end of last year.
Data Breach at PIP Printing Company Leaks Thousands of Sensitive Documents
Monday, February 13, 2017
nbcnews.com
An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands.
DHS to Demo Cyber Defenses at RSA
Monday, February 13, 2017
gcn.com
The Department of Homeland Security will be showcasing a number of new cybersecurity technologies at the RSA Conference from Feb. 14 to 16 in San Francisco. This year, the DHS Science and Technology Directorate will demonstrate 12 government-funded solutions that are ready for pilot deployment and commercialization.
Seniors Targeted in Massive Fake Lottery Operation
Monday, February 13, 2017
mynewsla.com
Bullock promised mostly elderly victims that they had won large lottery or sweepstakes prizes and, in order to obtain their “winnings,” would need to send money to pay for taxes, fees and other expenses, according to the U.S. Attorney’s Office. Hoping to collect the winnings, victims sent money via wire transfer, money orders and cash, prosecutors said.
Why the CSO Needs to Be Involved in Active Shooter Prep
Monday, February 13, 2017
csoonline.com
The sad reality of today’s modern world is that companies and employees need to start planning for potential emergency situations. It’s no longer just getting them out of the building in case of a fire or earthquake - today’s emergency planning also needs to account for active shooter and terrorism scenarios. While most of today’s CSOs concentrate on protecting a company’s data, there are still some who need to worry about physical security at their companies.
Credit Card Skimmers Lead to Identity Theft at the Gas Pump
Monday, February 13, 2017
minnesota.cbslocal.com
One of the fastest growing areas for identity theft is happening at the gas pump. Credit card skimmers that are installed into the gas pump allow thieves to steal your information when you fill up your vehicle.
Sentencing of Hacker in $55M Scam Is a Rare Win for Feds
Friday, February 10, 2017
abcnews.go.com
According to prosecutors, Findikoglu masterminded three complex financial crimes by hacking into different credit card processors, eliminating the limits on prepaid cards and then sending PIN information and access codes to crews of so-called "cashers" who within hours withdrew thousands of dollars from ATMs. Managers of the crews either hand-delivered the cash or wired funds to Findikoglu and others in Turkey, prosecutors said. In one December 2012 hack, they say, 5,000 cashers in 20 countries withdrew a total of $5 million — including $400,000 in 700 transactions from 140 New York ATMs — in less than three hours, according to court papers.
FBI Official: No Immediate Changes to Encryption Policy Under Trump
Thursday, February 09, 2017
thehill.com
Encryption is a hot-button issue in the ongoing debate about privacy and the federal government’s access to secured communications. While the use of encryption is broadly recognized as important to privacy and cybersecurity, it has created problems for federal investigators as they pursue criminal and counterterrorism cases. The issue took center stage last year in the legal fight between Apple and the FBI as the bureau fought to access an iPhone used by one of the attackers in the San Bernardino, Calif., shooting in December 2015.
Programmer Releases Bot Army to Crush Windows Support Scammers
Thursday, February 09, 2017
zdnet.com
One developer has declared war on these types of scammers and wants to wipe them out entirely with the help of a bot army. Programmer Roger Anderson from the Jolly Roger Telephone Company recently revealed that he created a slew of bots programmed to waste as much of the operator's time as possible. Anderson, known for the Jolly Roger bot which intercepts scam robocalls and creates never-ending loops to keep the calls away from legitimate people, has stocked the bot army with a variety of pre-recorded conversations and responses.
Phishing Scam Targets Gmail Users
Friday, February 10, 2017
kare11.com
A phishing scam is targeting Gmail users. It looks very similar to the log in page but it’s actually a link to a page that hackers use to steal your username and password.
Google Let Scammers Post a Perfectly Spoofed Amazon Ad in Its Search Results
Thursday, February 09, 2017
zdnet.com
Anyone who used Google search to look for Amazon, the internet retail giant, on Wednesday was likely served a malicious ad -- and didn't even realize it. The good news is that unlike other rogue ads, your machine wasn't infected or served malware in any way. But anyone who clicked on it would not have been sent to Amazon.com as they would have hoped, but instead, they were pointed to a fake Windows support scam posing as Microsoft. From there, scammers would have tried to trick the user into calling a number for fear that their computer was in fact infected with malware.
Beware: Most Mobile VPNs Aren’t as Safe as They Seem
Friday, February 10, 2017
wired.com
Before you use a VPN to hide your online shopping from the IT department at your company—or help protect yourself from state surveillance—know that not all mobile VPNs are created equal. In fact, some are actively harmful.
‘Top 10 Spammer’ Indicted for Wire Fraud
Friday, February 10, 2017
krebsonsecurity.com
The Justice Department says Persaud sent well over a million spam emails to recipients in the United States and abroad. Prosecutors charge that Persaud often used false names to register the domains, and he created fraudulent “From:” address fields to conceal that he was the true sender of the emails. The government also accuses Persaud of “illegally transferring and selling millions of email addresses for the purpose of transmitting spam.”
Woman With History of Identity Theft Arrested Again
Friday, February 10, 2017
thedenverchannel.com
In the past, Morris has used other people’s identity to apply for and create accounts at Walmart, Lowe’s, Kohl’s, Amazon.com, among others...Morris used the fake accounts she created to buy jewelry, cooking pots, makeup, children’s clothes and items from Victoria’s Secret.
Email Scam Sent to University of Alabama Community Members
Friday, February 10, 2017
cw.ua.edu
An email sent to many UA employees, students and alumni was a phishing attempt to steal account information through a PDF attachment and link.
House Passes Long-Sought Email Privacy Bill
Wednesday, February 08, 2017
krebsonsecurity.com
The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.
Criminals Release Fewer New Types of Malware, Double Down on Ransomware
Wednesday, February 08, 2017
cio.com
Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks. The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall.
Study: 1 in 3 Website Visitors Is an Attack Bot
Wednesday, February 08, 2017
csoonline.com
For the 5th straight year, impersonator bots were the most active bad bots, making up 24.3 percent of all bot activity. Both cheap and effective, impersonator bots are most commonly used to launch DDoS attacks, including October’s attack against DNS provider Dyn.
Michigan's Unemployment Agency Confiscates Money From Innocent ID Theft Victim
Wednesday, February 08, 2017
wzzm13.com
A months-long WZZM 13 Watchdog investigation found a local woman among many people in the state of Michigan victimized by identity theft and unable to gain the trust of Michigan's Unemployment Insurance Agency, or UIA. The identity theft caused Michigan's UIA to incorrectly confiscate income tax return money from innocent people who had never filed for unemployment.
Identity Theft Hit an All-Time High in 2016
Wednesday, February 08, 2017
usatoday.com
Despite years of battling by the financial industry and a massive change in the way Americans use debit and credit cards, the rate of identity theft soared during 2016, a new report has found. In fact, it hit an all-time high.
Man Pleads Guilty in Bradley University Data Breach
Wednesday, February 08, 2017
centralillinoisproud.com
A Chicago man pleads guilty to stealing money in a tax fraud scheme using personal information of Bradley University employees...Court documents reveal the scheme resulted in an estimated $700,000 loss.
Federal Judge Orders Review of Target’s 2015 Data Breach Settlement
Wednesday, February 08, 2017
247wallst.com
The Eighth U.S. Circuit Court of Appeals last week ordered a federal judge in Minneapolis to hold hearings to determine all customers were treated fairly in Target Corp.’s 2015 settlement of claims related to a massive data breach in 2013. Nearly 42 million customers had credit/debit card data stolen in the cybercrime and another 60 million had personal information stolen.
Youth Charged in Three Robberies, Burglary in Online Scam
Wednesday, February 08, 2017
washingtonpost.com
Last weekend, as many Washingtonians were preparing to watch the Super Bowl, one person wielding a gun and posing as a seller of items offered online, moved around the city, carrying out two robberies and a burglary, according to the D.C. police.
Hackers Are Seeking out Company Insiders on the Black Market
Tuesday, February 07, 2017
csoonline.com
If you’re the CEO of a company, here’s another threat you need to worry about: hackers trying to recruit your employees for insider-related crimes. Researchers at security firms RedOwl and IntSights have noticed growing activity from online black market dealers trying to recruit company employees for insider trading and cashing out stolen credit card numbers.
Head of NSA to Brief Senators on Cyber Threats
Tuesday, February 07, 2017
thehill.com
Senators on the Armed Services Committee will be briefed by a top intelligence official on cyber threats Tuesday morning. The hearing, which will be closed to the public, will feature testimony from Adm. Michael Rogers, who holds the dual-leadership role at U.S. Cyber Command and the National Security Agency (NSA). The closed-door briefing will give lawmakers an opportunity to press Rogers on the intelligence community’s recent findings about Russia’s cyber attacks aimed at the U.S. presidential election.
Just 21 Percent of Banks and Insurers Are Confident They Can Detect a Data Breach
Tuesday, February 07, 2017
esecurityplanet.com
Notably, although only three percent of consumers believe their own bank has been breached, 26 percent of financial institutions acknowledged having been the victim of a breach...Sixty-five percent of consumers said trust in data privacy and security is an extremely significant factor when choosing their bank, and 74 percent said they would change providers in the event of a data breach.
Former Tenet Executive Indicted in $400 Million Fraud Scheme
Tuesday, February 07, 2017
healthcareinfosecurity.com
The U.S. Department of Justice has indicted a former senior executive at Tenet Healthcare for his alleged role in a $400 million healthcare fraud scheme that took place over 13 years and involved circumventing the company's internal controls.
Federal Magistrate Orders Google to Turn Over Foreign Email
Tuesday, February 07, 2017
govinfosecurity.com
A federal magistrate has ordered Google to turn over emails stored on servers outside the U.S., a ruling that is at odds with a recent federal appeals court decision favoring Microsoft.
FBI: Cybercrime Gang Stole $1.2 Million via Bank Malware
Tuesday, February 07, 2017
bankinfosecurity.com
Using malware to infect individuals' PCs and drain their bank accounts continues to be a lucrative source of income for criminals, but such cybercrime has never been a risk-free undertaking.
Identity Theft on the Rise Despite High-Tech Help
Tuesday, February 07, 2017
abcnews.go.com
A new report indicates fraud was up 16% last year to record high levels.
Beware of Phone Scam Triggered by Question ‘Can You Hear Me Now?’
Tuesday, February 07, 2017
khon2.com
A phone scam has surfaced which relies on your voice to answer a simple question — “Can you hear me now”? Those are the words to watch out for as scammers are trying to bait callers into simply answering “yes.”
OCR Issues Penalty for Noncompliance With HIPAA Privacy and Security Rules
Monday, February 06, 2017
huntonprivacyblog.com
The U.S. Department of Health and Human Services’ Office for Civil Rights announced a $3.2 million civil monetary penalty against Children’s Medical Center of Dallas for alleged ongoing violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules, following two consecutive breaches of patient electronic protected health information...Both breaches involved the loss or theft of unencrypted devices containing patient ePHI.
29,000 Taxpayers Affected by W-2 Scams, IRS Issues New Warning
Monday, February 06, 2017
csoonline.com
Last week, the Internal Revenue Service (IRS) issued a new warning to employers, urging them to stay alert as reports of compromised W-2 records started to climb. This newest advisory aligns with the agency's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud. The IRS also informed employers the W-2 scam has moved beyond corporations, expanding to include schools, tribal organizations, and nonprofits.
InterContinental Confirms Payment Card Breach at 12 U.S. Hotels
Monday, February 06, 2017
reuters.com
Malware in the servers searched for track data – the cardholder's name, card number, expiration date and the verification code – on the cards used at the hotels between August and December last year, the company said in a press statement. InterContinental said only payment cards used at the restaurants and bars of the 12 hotels were affected and that cards used at the front desk of the hotels were not affected.
Spam Now Makes Up Nearly Two-Thirds of All Email
Monday, February 06, 2017
darkreading.com
Spam now accounts for 65% of all email worldwide, and up to one-fifth of spam is malicious, according to new data from Cisco Systems.
Ransomware Completely Shuts Down Ohio Town Government
Monday, February 06, 2017
techcrunch.com
In another interesting example of what happens when you don’t manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.
A Sobering Forecast on Healthcare Security Breaches
Monday, February 06, 2017
hiewatch.com
Forrester Research is predicting serious security issues for healthcare organizations as provider consolidation creates gaps in security and increasingly large and tempting data targets for cyber criminals.
Paypal Scam Uses Account Fraud Scare Tactics to Phish Personal Data
Monday, February 06, 2017
scmagazine.com
A phishing email scam that warns PayPal users of possible fraudulent account activity in hopes of scaring personally identifiable information out of them is currently making the rounds.
Bank Teller Stole $1.25 Million Over 10 Years
Friday, February 03, 2017
nbcnews.com
Some bank robberies are committed with a gun, others with a ledger. A Texas woman plead guilty Tuesday to hiding a million-dollar bank robbery committed very, very, gradually.
Data Breach Costs Exceed 20% of Revenue
Friday, February 03, 2017
computerweekly.com
The cost of data breaches amounted to more than 20% of revenue, on top of substantial loss of customers and opportunities, for more than a third of organizations breached in 2016, a report has revealed.
Small Business Owners: From Victims of Fraud to Victors Over Cyberattacks
Friday, February 03, 2017
cio.com
Small business owners operate in an online world of opportunities — and threats. Those dangers are the effect of fraudsters, thieves, hackers and bots with a singular mission: To deceive customers, thereby depriving a company of a sale, while reaping the rewards of their own game of misdirection and corruption.
IRS: Scam Blends CEO Fraud, W-2 Phishing
Friday, February 03, 2017
krebsonsecurity.com
The IRS said phishers are off to a much earlier start this year than in tax years past, trying to siphon W-2 data that can be used to file fraudulent refund requests on behalf of taxpayers. The agency warned that thieves also appear to be targeting a wider range of organizations in these W-2 phishing schemes, including school districts, healthcare organizations, chain restaurants, temporary staffing agencies, tribal organizations and nonprofits.
Trump Abruptly Punts on Order to Hold Cabinet Accountable for Cyber Failures
Friday, February 03, 2017
politico.com
Confusion reigned Tuesday as the Trump administration abruptly delayed an executive order meant to put the onus on Cabinet officials to secure data at their respective agencies.
Watchdog: IRS Should Improve Handling of ID Theft Cases
Friday, February 03, 2017
thehill.com
The IRS should take steps to improve its handling of identity-theft cases, the Government Accountability Office [GAO] said in a report made public Tuesday. "Protecting federal dollars, while enhancing IRS’s case management and protecting taxpayer dependents, can help bolster the public’s confidence in the tax system," GAO said.
Tax Identity Theft Awareness Week
Friday, February 03, 2017
us-cert.gov
US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service (IRS) publication Taxes.Security.Together. and the US-CERT Tip on Identity Theft. Users can also check out these events on avoiding tax identity theft hosted by the Federal Trade Commission (FTC), IRS, Department of Veterans Affairs, and other agencies.
Physicists, Lasers, and an Airplane: Taking Aim at Quantum Cryptography
Friday, February 03, 2017
wired.com
For decades, experts have claimed that if executed properly, quantum cryptography will be more secure than any encryption technique used today. They also say it will be one of the lines of defense when quantum computers crack every existing algorithm. But it’s hard to pull off; quantum cryptography requires precise control of individual photons over a long distance.
Identity Theft, Fraud Cost Consumers More Than $16 Billion
Thursday, February 02, 2017
cnbc.com
Some 15.4 million consumers were victims of identity theft or fraud last year, according to a new report from Javelin Strategy & Research. That's up 16 percent from 2015, and the highest figure recorded since the firm began tracking fraud instances in 2004. "All of the underlying types of fraud we measure are up," said Al Pascual, a senior vice president and research director for Javelin.
Security Flaws in Pentagon Systems "Easily" Exploited by Hackers
Thursday, February 02, 2017
zdnet.com
Hackers are likely exploiting the easy-to-find vulnerabilities, according to the security researcher who warned the Pentagon of the flaws months ago.
Colorado Announces Multi-Million Dollar Settlement With Western Union for Failing to Protect Consumers From Scams
Thursday, February 02, 2017
stopfraudcolorado.gov
The settlement resolves a multistate investigation into the Colorado company which focused on complaints from consumers who used Western Union’s wire transfer service to send money to third parties involved in schemes to defraud consumers. In addition to Colorado, 48 states and the District of Columbia participated in this settlement.
Acer Fined $115K for Breach
Thursday, February 02, 2017
scmagazine.com
Following a breach, the Taiwan-based computer manufacturer Acer will pay $115,000 and improve its security practices in a settlement with the New York State Attorney General (NYSAG) Eric T. Schneiderman.
In Treason Case, Russia Alleges Security Experts Aided US
Thursday, February 02, 2017
csoonline.com
Two officers of the Russian Federal Security Service (FSB) and a cybercrime investigator from Kaspersky Lab have reportedly been charged with treason for helping U.S. intelligence services.
Data From Pacemaker Used to Arrest Man for Arson, Insurance Fraud
Thursday, February 02, 2017
zdnet.com
Suspicions were aroused when Compton's statements did not seem to match up with how the blaze begun, especially after he told a 911 dispatcher that after spotting the fire, he packed a number of suitcases and threw them out of his bedroom window after breaking the glass with a walking stick.
Credit Card Thieves Move Online as Chips Thwart In-Store Fraud
Thursday, February 02, 2017
bloomberg.com
The adoption of credit card chip technology by U.S. retailers is having an unintended consequence: Criminals are moving from brick-and-mortar stores to the internet. The use of stolen card data to pay for merchandise on websites, in mobile apps and by dialing call centers surged 40 percent last year, according to a report from Javelin Strategy & Research released Wednesday. That’s forcing merchants to spend billions on online fraud protection in an effort to detect when a crook is using someone else’s card number.
Two Arrested in London for Hacking CCTV Cameras Ahead of Trump Inauguration
Thursday, February 02, 2017
softpedia.com
Two hackers were reportedly arrested in London under the suspicion that they were behind the cyber attack that took down CCTV cameras in Washington DC ahead of President Trump’s inauguration last month.
Privacy Shield: Impact of Trump’s Executive Order
Monday, January 30, 2017
huntonprivacyblog.com
On January 25, 2017, President Trump issued an Executive Order entitled “Enhancing Public Safety in the Interior of the United States.” While the Order is primarily focused on the enforcement of immigration laws in the U.S., Section 14 declares that “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” This provision has sparked a firestorm of controversy in the international privacy community, raising questions regarding the Order’s impact on the Privacy Shield framework, which facilitates lawful transfers of personal data from the EU to the U.S. While political ramifications are certainly plausible from an EU-U.S. perspective, absent further action from the Trump Administration, Section 14 of the Order should not impact the legal viability of the Privacy Shield framework.
Hong Kong Securities Firms Warned of Cyberattacks
Tuesday, January 31, 2017
darkreading.com
The Securities and Futures Commission of Hong Kong has issued a circular to licensed firms, warning them of possible distributed denial-of-service (DDoS) attacks and asking them to gear up their IT systems, Reuters reports. This alert was sounded soon after SFC received feedback from Hong Kong police that brokers in the country had been target of DDoS attacks.
Telemarketer Leaks 400K Records, 17K Phone Calls, Most With Credit Card Data
Monday, January 30, 2017
softpedia.com
Over 400,000 records, including 17,000 phone call recordings have been leaked online by VICI Marketing, a Florida marketing company, in what seems to be a security blunder. The recordings include names, addresses, phone numbers and credit card information, which translates into a heap of danger for the people at the other end of the line.
Former NSA Lawyer Says US Border Plans to Demand Tourists' Browser History, Phone Data Would Be Unlawful
Monday, January 30, 2017
zdnet.com
A former senior lawyer for the National Security Agency has called plans to force visitors to the US to turn over contacts lists, browsing histories, and social media data "tremendously intrusive" and "grossly overbroad." April Doss, former associate general counsel for intelligence law at the National Security Agency, argued in a phone call that such a move would almost certainly be unlawful.
Ransomware Locked Hotel out of Its Electronic Key Lock System
Tuesday, January 31, 2017
networkworld.com
A 4-star hotel in the Austrian Alps, the Romantik Seehotel Jaegerwirt, admitted to bowing to extortion after ransomware locked up the computer running the hotel’s electronic key lock system.
Data Privacy Day Stresses Online Safety Tips
Tuesday, January 31, 2017
mercurynews.com
Data Privacy Day is an international event dedicated to increasing awareness for everyone, including children, adults, businesses and government.
Hackers Infected DC Police Cameras Before Inauguration
Tuesday, January 31, 2017
thehill.com
Hackers infected police surveillance cameras in Washington, D.C., eight days before President Trump’s inauguration...Ransomware affected 123 of the city's 187 network video recorders, city officials said, according to the Washington Post. As a result of the attack, the infected cameras were unable to record between Jan. 12 and Jan. 15.
ATM ‘Shimmers’ Target Chip-Based Cards
Tuesday, January 31, 2017
krebsonsecurity.com
Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Here’s a brief primer on shimming attacks, and why they succeed.
Police Department Loses Years Worth of Evidence in Ransomware Incident
Friday, January 27, 2017
bleepingcomputer.com
Police in Cockrell Hill, Texas admitted yesterday in a press release that they lost years worth of evidence after the department's server was infected with ransomware. Lost evidence includes all body camera video, some in-car video, some in-house surveillance video, some photographs, and all Microsoft Office documents.
Ransomware Makes California Nursing School Feel Ill
Friday, January 27, 2017
csoonline.com
An instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.
Work-at-Home Business Scams
Friday, January 27, 2017
consumer.ftc.gov
Want to be your own boss? Earn thousands of dollars a month from home? Ads promote many different work-at-home jobs and businesses, but often the message is the same: they promise you’ll earn a great living from home, even in your spare time. Don’t take their word for it — many of these “jobs” are scams, or don’t deliver on the claims they make. So do some research, and learn about common work-at-home scams.
Saudi Arabia Warns of New Crippling Cyberattack
Friday, January 27, 2017
money.cnn.com
Five years ago Saudi Arabia suffered the world's biggest cyberattack. Now it's on red alert for a repeat.
Man Guilty of Hacking Celeb Accounts Gets Nine Months Behind Bars
Friday, January 27, 2017
darkreading.com
Names of his celebrity victims were not officially confirmed but investigations began after actresses Jennifer Lawrence, Kirsten Dunst and Gabrielle Union and model Kate Upton complained of their private photos being leaked online. Majerczyk confessed to obtaining login details of his victims through phishing attacks and accessing their iCloud backups, but no evidence of him being behind the actual leak of photos and videos was found.
Cyber Lessons From NSA’s Admiral Michael Rogers
Friday, January 27, 2017
darkreading.com
Earlier this month, during a Senate Armed Service Committee hearing, Admiral Michael S. Rogers, the director of the National Security Agency, told us what we need to do to fix the problem, recognizing two different kinds of cybersecurity.
SEC Investigating Yahoo Over Breach
Tuesday, January 24, 2017
thehill.com
The Securities and Exchange Commission opened a formal investigation into the record-breaking data breach at Yahoo, The Wall Street Journal reports. The investigation is said to focus on why it took until September 2016 to report a breach that took place in 2014. The Yahoo breach included the pilfering of information on half-a-billion accounts.
Lloyds Bank Hit by DDoS Attack
Tuesday, January 24, 2017
darkreading.com
UK’s Lloyds Bank customers were unable to log onto its online business between January 11 and 13 while the bank was reportedly hit by a distributed denial-of-service (DDoS) attack, Motherboard says. The hacker, who told Motherboard on January 13 he was behind the attack, said he had demanded a $93,600 "consultancy fee" from Lloyds to be paid in bitcoin for normal services to be restored. The payment apparently was not made.
St. Louis' Public Library Computers Hacked for Ransom
Wednesday, January 25, 2017
money.cnn.com
Hackers have infected every public computer in the St. Louis Public Library system, stopping all book borrowing and cutting off internet access to those who rely on it for computers.
How to Create an Anonymous Email Account
Wednesday, January 25, 2017
pcmag.com
What do you do if you want to set up an email address that is completely secret and nameless, with no obvious connection to you whatsoever without the the hassle of setting up your own servers?
It’s About to Get Even Easier to Hide on the Dark Web
Wednesday, January 25, 2017
wired.com
Changes coming to the anonymity tools underlying the darknet promise to make a new kind of online privacy possible. Soon anyone will be able to create their own corner of the internet that’s not just anonymous and untraceable, but entirely undiscoverable without an invite.
How to Block Unwanted Scam Calls
Wednesday, January 25, 2017
scamawareness.org
The FTC has put together a list of ways on how to block robocalls and other unwanted scam calls.
IRS to Delay Tax Refunds as a Security Precaution
Wednesday, January 25, 2017
csoonline.com
Refunds for more than 40 million low-income families could be delayed by the IRS this year, as the tax agency looks to leverage the extra time to combat identity theft and fraud.
DHS Issues Updated National Cyber Incident Response Plan
Monday, January 23, 2017
huntonprivacyblog.com
On January 18, 2017, the Department of Homeland Security issued an updated National Cyber Incident Response Plan as directed by Obama’s Presidential Policy Directive 41, issued this past summer, and the National Cybersecurity Protection Act of 2014. The Plan applies to cyber incidents, and particularly focuses on significant cyber incidents that are likely to result in demonstrable harm to the United States’ national security interests, foreign relations or economy, or to the public confidence, civil liberties or public health and safety of the American people.
The Emergence of the 'Cyber Cold War'
Monday, January 23, 2017
money.cnn.com
It's now clear, according to American intelligence agencies, that the Russian government engaged in a campaign of hacking, email leaks and fake news in an attempt to undermine the American political process -- and steer the presidential election to Donald Trump. Russia has repeatedly denied the allegation. But many are now asking: Are we at cyberwar?
Woman Scammed out of $270,000 From Match.com Relationship
Friday, January 06, 2017
today.com
Believing in long-distance love, Betty Davies fell victim to a romance scam on Match.com. Davies wired a “love interest” scammer her life savings, a whopping $270,000, which left her with nothing.
Why Ransomware Is Only Going to Get Worse
Friday, January 06, 2017
darkreading.com
Ransomware is perhaps the most ingenious cybercrime in the history of the Internet in terms of its simplicity and effectiveness. It has caused absolute terror in nearly every industry, affecting almost 50% of organizations in 2016, and is considered one of the top cyberthreats to the enterprise for 2017.
Stolen Passwords Fuel Cardless ATM Fraud
Friday, January 06, 2017
krebsonsecurity.com
Some financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime.
Ransomware Scheme Targets Schools, Colleges and Head Teachers
Friday, January 06, 2017
zdnet.com
Cybercriminals are pretending to be government officials as part of a ransomware scheme which is targeting schools and demanding payments of up to £8,000 to unencrypt the locked files. Action Fraud, the UK's fraud and cybercrime centre, and the City of London police, have issued a warning over the activity, which begins with criminals contacting the targeted schools with a phone call.
FTC Sues Maker of Routers, Baby Monitors Over Security
Friday, January 06, 2017
money.cnn.com
American regulators are stepping up their crackdown on makers of devices - like baby monitors - that can easily be hacked.
Ransomware Has Evolved, and Its Name Is Doxware
Wednesday, January 04, 2017
darkreading.com
The latest form of malware holds computers hostage and compromises the privacy of conversations, photos, and sensitive files.
NIST Finalizes Cyberattack Recovery Guidance
Wednesday, January 04, 2017
gcn.com
Preventing all cyberattacks is a good, but unrealistic, goal. That’s why preparing for recovery from a cyber incident can be just as important as prevention, according to the National Institute of Standards and Technology. The agency’s Guide for Cybersecurity Event Recovery provides a single resource to help organizations develop strategies to contain an opponent and restore operations quickly.
Before You Pay That Ransomware Demand…
Monday, January 02, 2017
krebsonsecurity.com
A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to get whacked by a banking trojan that stole all your passwords and credit card numbers. These days if your mobile or desktop computer is infected what gets installed is likely to be “ransomware” — malicious software that locks your most prized documents, songs and pictures with strong encryption and then requires you to pay for a key to unlock the files. Here’s some basic advice about where to go, what to do — and what not to do — when you or someone you know gets hit with ransomware.
Transition to Trump Administration: The Cyber Risks
Monday, January 02, 2017
healthcareinfosecurity.com
As the Trump administration begins, expect a ramp-up in cyber espionage as well as more "test attacks" by nation-states, says cybersecurity specialist Brad Medairy of the consultancy Booz Allen Hamilton. "We're really in a transitional state right now," Medairy says in an interview with Information Security Media Group. "We're shifting from the Obama administration to the new Trump administration ... The new administration's policies around cyber are still being defined." This lack of definitive cybersecurity policies makes the U.S. particularly vulnerable, he contends.
Cyber Threat Awareness Education: A Priority for 2017
Monday, January 02, 2017
bankinfosecurity.com
Because cyber threats are becoming increasingly sophisticated, bolstering employee and customer awareness and training about ransomware, phishing and other cyber risks must be a top priority in 2017, says Curt Kwak, CIO of Proliance Surgeons, which operates more than 100 care centers in the state of Washington.
Phone Scams Reach Record 10.2 Billion
Wednesday, January 04, 2017
blog.credit.com
Does it feel like you’ve had more than your fair share of robocalls this year? If so, you’re not alone. Phone scammers were extra busy in 2016, making a record 10.2 billion robocalls to Americans, offering them everything from fake cruises and gift cards to opportunities to support bogus charities, according to a new report from Hiya, a company providing caller ID and call-blocker apps.
Russian Operation Hacked a Vermont Utility, Showing Risk to U.S. Electrical Grid Security, Officials Say
Saturday, December 31, 2016
washingtonpost.com
A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.
US Government Subcontractor Leaks Confidential Military Personnel Data
Saturday, December 31, 2016
zdnet.com
A Pentagon subcontractor has exposed reams of highly sensitive details belonging to active military healthcare professionals online, some of which hold top-secret security clearances...Many of the victims involved in the data leak are part of the US Special Operations Command (SOCOM), which includes those both formerly employed by US military branches, such as the Army, Navy, and Air Force, and those presumably still on active deployment...Names, contract types, Social Security numbers, and duty start dates -- dating back to 1998 -- as well as billet numbers that detail the living quarters for when staff are not on active duty, are all included in the information leak. Unit assignments and places of work, which include military bases and their postings worldwide, were also in the documents.
How Smartphones Are Becoming Hacking Targets
Wednesday, January 04, 2017
consumerreports.org
In the wake of last month's "Gooligan" attacks, which targeted more than a million Android devices and gained access to the users' Google accounts, experts are suggesting that a flood of similar smartphone hacking incidents may be on the way in 2017.
Corporate Boards Aren't Prepared for Cyberattacks
Wednesday, January 04, 2017
networkworld.com
Major cyberattacks against organizations of all sizes seem to happen almost weekly. On Dec. 14, Yahoo announced the largest-ever data breach, involving more than 1 billion customer accounts. Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.
3 Men Made Millions by Hacking Merger Lawyers, U.S. Says
Saturday, December 31, 2016
nytimes.com
Federal prosecutors in Manhattan have charged three Chinese citizens with making more than $4 million by trading on information they got by hacking into some of the top merger-advising law firms in New York. The three men targeted at least seven New York law firms to try to obtain information about deals in the works, according to an indictment.
Stop Calling Everything a "Hack"
Friday, December 30, 2016
zdnet.com
Nevada state government's website was leaking thousands of social security numbers, and highly sensitive personal data. They said it was a hack. Spoiler alert: It wasn't.
The Great A.I. Awakening
Friday, December 30, 2016
nytimes.com
How Google used artificial intelligence to transform Google Translate, one of its more popular services — and how machine learning is poised to reinvent computing itself.
Nevada Leaks Thousands of Medical Marijuana Dispensary Applications
Friday, December 30, 2016
cbsnews.com
Each application, eight pages in length, includes the person’s full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant’s citizenship, their driving license number (where applicable), and social security number.
FDA Finalizes Cybersecurity Guidance for Medical Devices
Friday, December 30, 2016
healthcareitnews.com
On Dec. 27, the U.S. Food and Drug Administration issued a final guidance addressing the cyber vulnerabilities in medical devices, outlining how manufacturers should maintain security of internet-connected devices such as pacemakers and insulin pumps.
Russian Cyberforgers Steal Millions a Day With Fake Sites
Thursday, December 22, 2016
nytimes.com
In a twist on the peddling of fake news to real people, researchers say a Russian cyberforgery ring has created more than half a million fake internet users and 250,000 fake websites to trick advertisers into collectively paying as much as $5 million a day for video ads that are never watched.
Encryption Backdoors Are Against Us National Interest, Say Lawmakers
Thursday, December 22, 2016
zdnet.com
Any attempt to weaken encryption is against the national interest, a group of US lawmakers has warned. The widespread use of strong encryption has lead to complaints from law enforcement agencies that they are unable to access to communications of criminals - the so-called 'going dark' issue. This has lead to calls for government to order tech companies to install backdoors into the encryption they use, in order to allow investigators access to data. Critics of this move argue backdoors would weaken security and privacy for everyone, with little benefit to law enforcement.
How to Spot a Housing Rental Scam
Thursday, December 22, 2016
washingtonpost.com
As is typically the case at the beginning of a new administration under a new president, thousands of people in government will be relocating to the Washington region. Out-of-towners are prime targets of scammers because they’re unfamiliar with the rental stock and prices here and are not around to see the properties in person. [The lessons in this piece apply anywhere - not just DC]
Yahoo Email Scan Shows U.S. Spy Push to Recast Constitutional Privacy
Thursday, December 22, 2016
reuters.com
Yahoo Inc's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings.
How Does My Browser Recognize Malware?
Thursday, December 22, 2016
nytimes.com
How does my web browser know that a site could be malicious?
Encryption Working Group Annual Report From the US House of Representatives
Wednesday, December 21, 2016
schneier.com
The Encryption Working Group of the House Judiciary Committee and the House Energy and Commerce Committee has released its annual report.
U.S. Government Loses to Russia's Disinformation Campaign: Advisers
Wednesday, December 21, 2016
reuters.com
The U.S. government spent more than a decade preparing responses to malicious hacking by a foreign power but had no clear strategy when Russia launched a disinformation campaign over the internet during the U.S. election campaign, current and former White House cyber security advisers said. Far more effort has gone into plotting offensive hacking and preparing defenses against the less probable but more dramatic damage from electronic assaults on the power grid, financial system or direct manipulation of voting machines.
Mobile Banking Trojans Adopt Ransomware Features
Wednesday, December 21, 2016
csoonline.com
Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time. One such trojan is called Faketoken and its primary functionality is to generate fake login screens for more than 2,000 financial applications in order to steal login credentials. The malicious app also displays phishing pages to steal credit card information, and it can read and send text messages.
Be on High Alert for This Holiday Spam
Wednesday, December 21, 2016
csoonline.com
Scam artists see the holidays as an opportunity to rip people off. This year is no different. PhishMe’s Chief Threat Scientist Gary Warner has caught a few to share.
Report: $3-5M in Ad Fraud Daily From ‘Methbot’
Wednesday, December 21, 2016
krebsonsecurity.com
New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.
Locky Ransomware: How This Malware Menace Evolved in Just 12 Months
Wednesday, December 21, 2016
zdnet.com
Ransomware has become one of the biggest menaces on the internet: one analysis puts the total cost of the file-encrypting malware at $1bn for the whole year. Cyber-criminals have found that encrypting someone's files, usually by tricking them into clicking on a malicious attachment, and forcing them to pay a ransom to regain access can be extremely lucrative.
How to Curb Online Harassment? Technology, Law and Advocacy Can Help
Wednesday, December 21, 2016
washingtonpost.com
The Internet has created a culture where anybody – anybody – can go from obscurity to fame overnight. This notoriety doesn’t require consent. Often it’s uncontrollable, ruinous and impossible to stop.
Florida Court Says Password Disclosure Not Protected by Fifth Amendment
Wednesday, December 21, 2016
zdnet.com
Ruling contradicts earlier cases, could have broader implications for digital age, recognized data-protection methods.
I Dialed a Wrong Number and Stumbled Into International Phone Fraud
Friday, December 09, 2016
theatlantic.com
Defrauding people who call wrong numbers is, relatively speaking, pretty small scale fraud. But there are also organized crime rings that actively seek out victims for similar scams, all of which fall under the umbrella of international revenue share fraud (IRSF).
Visa Delays Chip Deadline for Pumps to 2020
Friday, December 09, 2016
krebsonsecurity.com
Visa this week delayed by three years a deadline for fuel station owners to install payment terminals at the pump that are capable of handling more secure chip-based cards. Experts say the new deadline — extended from 2017 — comes amid a huge spike in fuel pump skimming, and means fraudsters will have another three years to fleece banks and their customers by installing card-skimming devices at the pump.
US-CERT Unveils New Cybersecurity Incident Notification Guidelines
Friday, December 09, 2016
meritalk.com
The U.S. Computer Emergency Readiness Team (US-CERT) this week announced its new cybersecurity incident notification guidelines, which will go into effect April 1, 2017. These new guidelines will affect all Federal departments and agencies, as well as state, local, tribal, and territorial government entities; Information Sharing and Analysis Organizations; and foreign, commercial, and private-sector organizations.
Wheeler Floats FCC Cybersecurity Certification for IoT Devices
Friday, December 09, 2016
morningconsult.com
Federal Communications Commission Chairman Tom Wheeler has laid out an unexpected roadmap through which the FCC could directly regulate the security of internet-connected devices.
Prosecutor's Office Paid Bitcoin Ransom in Cyberattack
Friday, December 09, 2016
abcnews.go.com
A state prosecutor's office in Pennsylvania was among hundreds of thousands of victims of a now-shuttered international cybercrime operation, paying nearly $1,400 in a bitcoin ransom to free up its infected computer network, authorities disclosed Monday.
U.S. Lawmaker: Sony Hack May Have Inspired Russian Election Hacking
Tuesday, December 06, 2016
reuters.com
The U.S. failure to retaliate strongly for the 2014 cyber attack against Sony Pictures may have helped inspire Russian hackers who sought to interfere in the 2016 U.S. election, a senior congressional Democrat said on Tuesday. "Russia may have concluded that they could hack American institutions and there'd be no price to pay," Representative Adam Schiff, the top Democrat on the House of Representatives Intelligence Committee, said at a press breakfast sponsored by the Christian Science Monitor.
N. Korea Accused of Hacking S. Korea' Military Cyber-Command
Tuesday, December 06, 2016
scmagazineuk.com
"It seems the intranet server of the cyber-command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked," an official at the Ministry of National Defence told Yonhap News Agency.
DDoS, IoT Top Cybersecurity Priorities for 45th President
Tuesday, December 06, 2016
krebsonsecurity.com
Addressing distributed denial-of-service (DDoS) attacks designed to knock Web services offline and security concerns introduced by the so-called “Internet of Things” (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released blue-ribbon report commissioned by President Obama.
How to Hack a Credit Card in 6 Seconds [Video]
Tuesday, December 06, 2016
thehackernews.com
As India attempts an upgrade to a cashless society, cyber security experts have raised serious concerns and revealed how to find credit card information – including expiration dates and CVV numbers – in just 6 seconds.
85 Million Accounts Exposed in Dailymotion Hack
Tuesday, December 06, 2016
csoonline.com
Breach notification service LeakedSource, announced on Monday that they have obtained 85.2 million records from Dailymotion, one of the largest video platforms on the Web. The compromised data consists of email addresses, usernames, and some passwords.
FTC Releases Summary of Workshop on Privacy Disclosures
Tuesday, December 06, 2016
huntonprivacyblog.com
On November 30, 2016, the FTC released a staff summary (the “Summary”) of a public workshop called Putting Disclosures to the Test. The workshop, which was held on September 15, 2016, examined ways of testing and evaluating company disclosures regarding advertising claims and privacy practices. The Summary reviews the workshop and its key takeaways.
Keeping the C-Suite From Getting Speared by Phishing
Tuesday, December 06, 2016
csoonline.com
As phishing attacks get more complex (and lucrative), companies are finding that targets are in the executive suite (CEOs, CFOs, etc.).
5 Ways Data Classification Can Prevent an Education Data Breach
Thursday, December 01, 2016
csoonline.com
The explosion of data in the education sector can help institutions streamline and improve access to student and user records, as well as creating new efficiencies that reduce administrative tasks, while reaching more students with better and more targeted curriculum. But despite the multitude of benefits, this groundswell of information can also have negative impact if mismanaged.
Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware
Thursday, December 01, 2016
thehackernews.com
If you own an Android smartphone, Beware! A new Android malware that has already breached more than 1 Million Google accounts is infecting around 13,000 devices every day. Dubbed Gooligan, the malware roots vulnerable Android devices to steal email addresses and authentication tokens stored on them. With this information in hands, the attackers are able to hijack your Google account and access your sensitive information from Google apps including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.
xHamster Hackers Have ‘Exposed 380,000 Porn-Lovers’
Thursday, December 01, 2016
thesun.co.uk
A shadowy group of cybercrooks leaked a database which reportedly contain hundreds of thousands of usernames and email address. If the information is correct, it could potentially expose the identities of men and women who used the site to get their kicks. This could allow digi-crims to blackmail people by threatening to expose the secret shame of their porn habit.
Android 'Gooligan' Hackers Just Scored the Biggest Ever Theft of Google Accounts
Monday, December 05, 2016
forbes.com
A new variant of Android malware is responsible for what’s believed to be the biggest single theft of Google accounts on record. The so-called Gooligan strain has infected as many as 1.3 million Android phones since August, completely prising the devices open and stealing the tokens users are given to verify they are authorized to access accounts. Its main aim, though, is not to pilfer all that juicy data in Gmail or Docs, but to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month.
New Mirai Worm Knocks 900K Germans Offline
Monday, December 05, 2016
krebsonsecurity.com
More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.
Law Enforcement’s Secret “Super Search Engine” Amasses Trillions of Phone Records for Decades
Monday, December 05, 2016
eff.org
Hemisphere, which AT&T operates on behalf of federal, state, and local law enforcement, contains trillions of domestic and international phone call records dating back to 1987. AT&T adds roughly four billion phone records to Hemisphere each day, including calls from non-AT&T customers that pass through the company’s switches.
San Francisco Latest Victim of Ransomware
Monday, December 05, 2016
gcn.com
The San Francisco transit system is the latest public-sector victim of ransomware after attackers shut down ticketing machines and demanded payment. The attack occurred on Friday, Nov. 25, with a message appearing on station workers’ computer screens: "You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681, Enter." By Sunday, the city’s Municipal Transit Agency said it had the situation “contained” and was restoring “systems to be fully operational.”
HHS Announces HIPAA Settlement With UMass
Monday, December 05, 2016
huntonprivacyblog.com
On June 18, 2013, UMass reported to HHS’ Office for Civil Rights (“OCR”) that one of its computer systems at its Center for Language, Speech, and Hearing (the “Center”) had been infected by a malware program, resulting in the unauthorized disclosure of electronic protected health information (“ePHI”) of 1,670 individuals, including names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses and procedure codes.
18-Year-Old "Computer Genius" Charged With Launching DDoS Attacks
Tuesday, November 29, 2016
bleepingcomputer.com
U.S. authorities charged Michaela Gabriella King, 18, of Murrysville, Pennsylvania with launching multiple DDoS attacks against Franklin Regional High School, the school she was attending. According to investigators, King used the BetaBooter DDoS stressor to launch DDoS attacks on her school's network, from her home computer, her mobile phone, but most of the time from computers at school.
How to Dodge Black Friday and Cyber Monday Shopping Hackers
Tuesday, November 29, 2016
csoonline.com
Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.
Hacking and the 2016 Presidential Election
Friday, November 25, 2016
schneier.com
Was the 2016 presidential election hacked? It's hard to tell. There were no obvious hacks on Election Day, but new reports have raised the question of whether voting machines were tampered with in three states that Donald Trump won this month: Wisconsin, Michigan and Pennsylvania.
Bruce Schneier: 'The Internet Era of Fun and Games Is Over'
Friday, November 25, 2016
dailydot.com
Internet pioneer Bruce Schneier issued a dire proclamation in front of the House of Representatives’ Energy & Commerce Committee Wednesday: “It might be that the internet era of fun and games is over, because the internet is now dangerous.” The meeting, which focused on the security vulnerabilities created by smart devices, came in the wake of the Oct. 21 cyberattack on Dyn that knocked Amazon, Netflix, Spotify, and other major web services offline.
Why Online Shopping Fraud Is Expected to Jump 43% This Holiday Season and How to Protect Yourself
Tuesday, November 29, 2016
forbes.com
The holiday shopping season isn’t all wish lists, massive sales and beautifully wrapped gifts. Unfortunately, along with millions of transactions comes a high incidence of fraud — and the nature of that fraud is changing this year due to the shift over the last year or so to EMV, or chip, cards. A survey of 125 retailers representing 13% of online sales projects that online fraud attempts will rise 43% this year over last.
Report: European Banks Struck by ATM Jackpotting Attacks
Tuesday, November 29, 2016
databreachtoday.com
Hackers have been draining ATMs of cash across Europe after compromising the networks of banks and planting malicious software on the machines, the security company Group-IB says. But the Russian company's report is being cautiously reviewed by some in the financial services industry.
MailChimp Accounts Hacked to Spam out Malicious Emails
Friday, November 25, 2016
welivesecurity.com
The emails bore the disguise of a QuickBooks invoice, and were sent to various mailing lists.
The New Cybersecurity War Takes Shape
Friday, November 25, 2016
itproportal.com
The stakes could not be higher. With financial data, medical records, intellectual property, and even military information in constant motion around the globe, our entire way of life depends on the security of our data. The expanding internet of things opens a new realm of vulnerable systems, and raises for the first time the prospect that hackers and spies can inflict immediate physical damage on their targets.
Almost 600,000 at Risk of Identity Theft After US Department of Housing and Urban Development Data Breach
Monday, November 21, 2016
valleynewslive.com
A Fargo woman received a letter from public housing saying she was at risk of identity theft. It was a result of a US Department of Housing and Urban Development data breach and now she's worried for her safety. "The government's supposed to protect you and your information. You have to sign all these forms to release your information to them and all this privacy statement and then something like this happens," says the mother of four.
Email Scam Targets People Buying a Home
Monday, November 21, 2016
ktvb.com
The way this scam works is a hacker accesses an email account that belongs to a buyer, realtor, tile representative or mortgage lender. The hacker monitors the communications and learns information about the purchase and then makes their move. "Right before it goes to close an email kind of pops up to the buyer saying 'Hey, actually wiring instructions have changed. Here's the new link or here's the new account number,’ and it's tied to a fraudulent account," said Breanna Vanstrom, Boise Regional Realtors chief executive officer. She said then the buyer assumes they’re talking to the agent or lender, they wire the money to the scammer’s account and the money is gone.
Officials Warn About Secret Sister Gift Exchange Scam
Monday, November 21, 2016
wnep.com
Now that the holiday season is here again, so is a familiar holiday scam. Police are warning people about the "secret sister gift exchange" currently making the rounds on social media, including Facebook. The secret sister gift exchange promises that if you buy one $10 gift for someone and add your name to a list, you'll get between six and 36 gifts in the mail. Authorities say it's too good to be true and illegal.
The Package Delivery Scam Is Back
Monday, November 21, 2016
clark.com
Here's how it works: scammers send fake emails with subject lines containing the text (or similar to): "USPS Delivery Failure Notification." The emails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted package delivery. The emails then instruct the person to click on a link for more information regarding how and when to get their package delivered.
Can Government Agencies Ever Unmask the Insider Threat?
Monday, November 21, 2016
gcn.com
The recent arrest of Harold Martin, another National Security Agency contractor charged with allegedly stealing top secret computer code, is a reminder that the greatest cyber threats facing an organization often don’t come from a rogue nation -- they come from within. Despite significant increases in cybersecurity awareness, including the Presidential Executive Order 13587 -- which provides structural reforms to improve the security of classified networks and the responsible sharing of classified information -- there is no level of profiling that can predict insider threats with 100 percent effectiveness.
AdultFriendFinder Network Finally Comes Clean to Members About Hack
Monday, November 21, 2016
zdnet.com
The company behind AdultFriendFinder.com has only just begun directly informing its users that their data has been stolen, a week after it publicly admitted that its networks had been compromised. Friend Finder Networks, which owns several adult dating and entertainment sites including AdultFriendFinder.com and Cams.com, alerted users of a "security incident" in a message on Sunday, a little over a week after we first reported of the scale of the breach, which affected over 400 million accounts.
How to Keep Your Secrets Safe on Amazon, Netflix, Other Sites
Monday, November 21, 2016
usatoday.com
Your device says a lot about you: Your pastimes, your taste in music, your curiosities and the things you shop for. So how do you maintain your privacy online, even with the people who are closest to you? Here are a few simple tricks to help you keep your secrets under wraps.
Five Ways to Maintain Your Privacy on Your Smartphone, No Downloads Required
Monday, November 21, 2016
techrepublic.com
You can download apps to audit your privacy, but who's to say those apps aren't a security risk themselves? Here are five tips for maintaining your privacy in the always-connected world.
Adobe Fined $1M in Multistate Suit Over 2013 Breach; No Jail for Spamhaus Attacker
Friday, November 18, 2016
krebsonsecurity.com
Adobe will pay just $1 million to settle a lawsuit filed by 15 state attorneys general over its huge 2013 data breach that exposed payment records on approximately 38 million people. In other news, the 39-year-old Dutchman responsible for coordinating an epic, weeks-long distributed denial-of-service attack against anti-spam provider Spamhaus in 2013 will avoid any jail time for his crimes thanks to a court ruling in Amsterdam this week.
NIST Releases Cybersecurity Guidance for Internet of Things
Friday, November 18, 2016
insideprivacy.com
As more and more of our appliances, cars, devices, and other “things” are connected to the Internet and to each other, participants in the IoT manufacturing ecosystem, consumers, and the government are focusing on how best to harness the power of this rapid technological advancement, while understanding and mitigating new cyber threats. According to NIST, the purpose of the Guidance is to address “fundamental weaknesses in system architecture and design” that “can only be addressed with a holistic approach based on sound systems security engineering techniques and security design principles.”
New Airline Scam Promises Free Emirates Flight Tickets
Friday, November 18, 2016
welivesecurity.com
Year-end celebrations are close and many people are looking to book their plane tickets to visit relatives and friends. As expected, cybercriminals are looking to exploit users over the festive period – social engineering techniques are frequent over the holidays, as demonstrated by a scam that is promising people free flight tickets.
Consumers' Poor Cyber Hygiene Costs Them Billions
Friday, November 18, 2016
scmagazine.com
The fact that cybercrime impacts hundreds of millions of people, has cost its victims more than $100 billion and most people know of the danger has done little to limit the general complacency and unsafe behavior still prevalent among internet users.
3 Mobile UK Hacked – 6 Million Customers' Private Data at Risk
Friday, November 18, 2016
thehackernews.com
Three, one of UK's biggest mobile operators, has become the latest victim of a massive data breach that reportedly left the personal information and contact details of 6 Million of its customers exposed.
Adult Website Data Breaches Pose Risk of Blackmail to Those Exposed
Friday, November 18, 2016
nextadvisor.com
When the database of a website is privy to some of the darker secrets its users would rather not share with most of the world, such as an adult-oriented website, is hacked, the risks go beyond identity theft and financial woes.
Chicago Public Schools Notifies Families of Student Data Breach
Friday, November 18, 2016
chicagotribune.com
Chicago Public Schools has notified the families of about 30,000 students that a district employee improperly distributed confidential student information to a charter school operator for use in a mail advertising campaign...information included students' names, addresses, grade levels and their current elementary schools.
The 7 Most Significant Government Data Breaches
Friday, November 18, 2016
darkreading.com
Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
IRS Aims to Improve Tax Preparer Security to Combat ID Theft
Friday, November 18, 2016
accountingtoday.com
The Internal Revenue Service has launched the second year of its public awareness campaign aimed at improving taxpayer security in partnership with tax software companies, tax preparation chains and state tax authorities. The campaign from the IRS and its partners in its Security Summit program includes a series of security awareness tax tips, a set of suggestions on the Taxes. Security. Together. web page and the single-page Publication 4524, Security Awareness for Taxpayers.
Measure Strengthening Identity Theft Protections for Seniors Passes in Washington
Friday, November 18, 2016
seattletimes.com
I-1501, which earned 71 percent of the vote in Tuesday returns, sought to increase penalties against perpetrators and change the state’s Public Records Act to bar disclosure of personal information about in-home care-givers and their clients...Opponents claim the union-backed measure only included language about protecting seniors and others as a smokescreen to get the records-act changes.
“Freeze Identity Thieves” Initiative to Remind Hoosiers About ID Theft
Friday, November 18, 2016
tribstar.com
Every two seconds someone in America has their identity stolen. According to a Javelin Strategy & Research study, about $15 billion was stolen from 13.1 million U.S. consumers in 2015. To combat this growing criminal industry that destroys the good names and credit ratings of innocent people, Indiana Attorney General Greg Zoeller launched the “Freeze Identity Thieves” statewide public awareness effort again this year aimed at arming Hoosiers with a simple, effective ID theft prevention tool: the credit freeze. Zoeller is urging Hoosiers to sign up for a credit freeze to guard against fraud this holiday shopping season, when cybercrime is common.
Retired Priest Pleads Guilty in Dating Site Scam Targeting Women
Friday, November 18, 2016
telegram.com
A retired Catholic priest pleaded guilty in federal court Wednesday to a money laundering charge stemming from his involvement in an overseas scheme that allegedly defrauded women seeking companionship online.
Beware Utility Scams -- Your Power Will Not Be Shut Off Immediately
Friday, November 18, 2016
forbes.com
Today is the inaugural Utilities United Against Scams Day, a day supported by members of the water, gas and electric industries to form a unified front against scammers. This day is a part of a week-long advocacy and awareness campaign focused on exposing the tactics scammers use to steal money from utility customers and on educating customers about how to protect themselves.
Dominion Customers Report Being Spoofed
Friday, November 18, 2016
witn.com
Officials say more than 500 Dominion Power customers have been contacted by scammers who threaten to disconnect their service unless they immediately pay through a prepaid debit card. The scammers use caller I.D. spoofing software so a customer thinks they are actually receiving a call from Dominion, but Dominion officials said in a statement that the company never threatens their customers nor demands a specific form of payment.
iPhones Secretly Send Call History to Apple, Security Firm Says
Thursday, November 17, 2016
theintercept.com
Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino shooter Syed Rizwan Farook’s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption. But private information still escapes from Apple products under some circumstances. The latest involves the company’s online syncing service iCloud.
Manhattan District Attorney’s Office Now Houses State-Of-The-Art Cybercrime Lab
Thursday, November 17, 2016
newyork.cbslocal.com
The new 17,000 square foot facility includes a 2,000 square foot crime lab and space for 75 full-time staffers from the DA’s office and the NYPD, along with cyber intelligence analysts, forensic analysts and cell site analysts, according to a release by the DA’s office. “Having the tools located in the center really makes a difference to criminals who have found that the click of a mouse is much larger than the shot of a gun when you are committing a robbery,” NYPD Deputy Commissioner of Intelligence and Counter terrorism John Miller said.
Detective Spreads Fraud Awareness in His Community
Thursday, November 17, 2016
acfeinsights.squarespace.com
For Rick Belik, CFE, Omaha Police Department Detective and part-time Task Force Officer for the FBI's White Collar Crime Task Force, fraud is often very personal. Belik, who was awarded the ACFE Outstanding Achievement in Community Service Award in 2015, has dealt with numerous cases of elder fraud.
Is Critical Infrastructure the Next DDoS Target?
Thursday, November 17, 2016
csoonline.com
A massive Distributed Denial of Service attack shut down a portion of the internet recently. Experts say it is unlikely a similar attack could take down the grid or other critical infrastructure but acknowledge that security remains weak in the industry.
Feds Release Guidelines for Security of Internet-Connected Devices
Tuesday, November 15, 2016
thehill.com
The National Institute of Standards and Technology (NIST) formally unveiled their guidelines for increasing the security of internet-connected devices at a conference on Tuesday, a month ahead of schedule. The guidelines come amid new concerns about the security of the many devices that connect to the internet.
Broward Health Data Breach Released Patient Information to Tax Fraud Ring
Wednesday, November 16, 2016
floridabulldog.org
The stolen information were hospital Facesheets that contain a patient’s full name, date of birth, address, phone numbers, Social Security number, primary insurance provider, insurance guarantor, reason for visit, emergency contact/next of kin information.
Horizon Says Privacy Breach Could Affect up to 170K N.J. Customers
Tuesday, November 15, 2016
nj.com
"While no social security numbers, financial information, addresses or dates of birth were included on the statements, (the letters) may include member name, member ID number, claim number, date of service, limited description of services, service codes or provider/facility name," according to the announcement.
Adult FriendFinder Hit With One of the Biggest Data Breaches Ever, Report Says
Tuesday, November 15, 2016
washingtonpost.com
A hack against popular adult dating and entertainment company FriendFinder Networks exposed data related to more than 412 million user accounts, according to a report from breach notification site LeakedSource. If the report is correct, that would make the breach one of the largest on record in terms of the number of accounts affected. It also would mark the second such incident at the company in two years.
Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say
Wednesday, November 16, 2016
nytimes.com
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.
TSA Precheck on Hold Over Cybersecurity Issues
Wednesday, November 16, 2016
consumerist.com
The Los Angeles Times reports that the TSA sent a letter to potential vendors, explaining that it had paused expansion of PreCheck because of “increased and evolving cybersecurity risks over the past year."
How to Protect Yourself From Medical Identity Theft
Wednesday, November 16, 2016
cnbc.com
Scammers aren't just after your money. These days, they also want your health insurance card. A recent study found the number of cases of medical identity theft jumped more than 21 percent in just one year, costing the average victim $13,500 to fix.
County Pays Ransom to Computer Hackers
Monday, November 14, 2016
heraldbulletin.com
Informed county sources, that didn’t want to be named, indicated the ransom paid by Madison County was $28,000, which was paid on the advice of the county’s insurance carrier, Travelers Insurance. Captain Dave Bursten with the Indiana State Police said the investigation is ongoing. “Investigations of this nature are complicated, are rarely solved and typically involve criminal actors from foreign countries,” he said.
AdultFriendFinder Network Hack Exposes 412 Million Accounts
Monday, November 14, 2016
zdnet.com
A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts. The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community." That also includes over 15 million "deleted" accounts that wasn't purged from the databases.
Adobe Settles Multistate Data Breach Enforcement Action
Monday, November 14, 2016
huntonprivacyblog.com
The AVC stems from a 2013 breach of one of Adobe’s public-facing servers that allowed an attacker to steal data from Adobe’s network. The stolen data included names, addresses, telephone numbers, usernames, email addresses, encrypted and unencrypted passwords, plain text password hints and encrypted payment card numbers and expiration dates. Adobe notified more than 3.1 million customers whose credit or debit card information was stolen, and nearly 33 million active users whose passwords were stolen.
Dark Web Hackers Boast of Tesco Bank Thefts
Monday, November 14, 2016
bbc.com
The bank has repeatedly declined to give details of the crime. It says it is unable to do so while a criminal investigation is being carried out. Elsewhere, the Sunday Times suggested that the raid had involved the use of contactless payments triggered by smartphones. And a second cybersecurity company said it had warned Tesco of problems with several of its mobile apps four months ago, but had been ignored.
A 10-Digit Key Code to Your Private Life: Your Cellphone Number
Monday, November 14, 2016
nytimes.com
The cellphone number is more than just a bunch of digits. It is increasingly used as a link to private information maintained by all sorts of companies, including money lenders and social networks. It can be used to monitor and predict what you buy, look for online or even watch on television.
ID Theft Ringleader Gets Prison Sentence of 16+ Years
Monday, November 14, 2016
darkreading.com
Tampa resident and his gang had cheated more than 1,000 people and 35 financial institutions causing loss of $700,000.
Bamboozled: Beware of These 4 Post-Election Scams
Monday, November 14, 2016
nj.com
The most successful scams have a measure of truth to them. And they often take advantage of a potential victim's economic troubles or worries about their future. The election of Donald Trump, who stoked fears in many during the campaign, may be a boon to scammers who want to take advantage of those fears. (And yes, had Hillary Clinton won, the scammers would have tried to capitalize on that.)
These Were the Biggest Hacks, Leaks and Data Breaches of 2016
Monday, November 14, 2016
zdnet.com
Over two billion records were stolen in 2016 alone -- and the year isn't over yet.
Bangladesh Bank to Retrieve $15 Million of $81 Million Cyber Heist
Friday, November 11, 2016
thehill.com
The Bangladesh Bank theft is the largest known pilfering in which criminals used the Society for Worldwide Interbank Financial Telecommunication (SWIFT) bank transactions network. Hackers used the network to request that the New York Fed transfer money from the Bangladeshi bank, where it is believed to have been laundered through Philippines casinos.
Study Finds Malware Lurking in Amazon, Google and Groupon Cloud Services
Friday, November 11, 2016
scmagazine.com
A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites.
FTC Offers Advice on How to Avoid and Respond to Ransomware Attacks
Thursday, November 10, 2016
ftc.gov
Following its September workshop on Ransomware – malicious software that denies access to computer files until the victim pays a ransom – the Federal Trade Commission is offering tips on how consumers and businesses can protect devices and respond to ransomware.
Data Breaches Top 800 to Date in 2016
Thursday, November 10, 2016
247wallst.com
The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 809 data breaches recorded this year through October 25, 2016, and that nearly 30 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 26 since ITRC’s last report on October 19.
Tesco Bank Freezes All Online Transactions After Money Stolen From 20,000 Accounts
Thursday, November 10, 2016
zdnet.com
Tesco Bank has frozen the online transactions of all of its 136,000 current account holders following "online criminal activity", resulting in the theft of funds from at least 20,000 customers.
Russian ‘Dukes’ of Hackers Pounce on Trump Win
Thursday, November 10, 2016
krebsonsecurity.com
Less than six hours after Donald Trump became the president-elect of the United States, a Russian hacker gang perhaps best known for breaking into computer networks at the Democratic National Committee launched a volley of targeted phishing campaigns against American political think-tanks and non-government organizations (NGOs).
Locky Ransomware Disguises Itself as Account Suspensions and Suspicious Movements
Thursday, November 10, 2016
hotforsecurity.com
One of the golden rules of computer security for the last twenty-or-so years has been to be extremely cautious of unsolicited emails. It’s one of the favourite methods used by cybercriminals to trick unsuspecting computer users into opening dangerous attachments or clicking on a link to a malicious webpage.
Why Senior Managers Are the Most Dangerous Negligent Insiders
Thursday, November 10, 2016
csoonline.com
43 percent of C-level executives say negligent insiders are the greatest risk to sensitive data in their organizations...Yet, senior managers are twice as likely workers overall to take files with them after leaving a job. And 58 percent of senior managers (compared to 25 percent of all workers) have accidentally sent sensitive information to the wrong person.
FinCEN Issues Advisory on SAR Reporting Obligations Involving Cyber Crime
Thursday, November 10, 2016
huntonprivacyblog.com
The Advisory indicates that SAR reporting is mandatory for cyber events where the financial institution “knows, suspects or has reason to suspect a cyber-event was intended, in whole or in part, to conduct, facilitate, or affect a transaction or a series of transactions….” Implementing this new guidance will require increased collaboration between AML and cybersecurity or IT departments in large institutions, and may create challenges for smaller banks that are more likely to outsource their cybersecurity functions.
VA: Employee Emailed Veterans' Personal Data to Himself
Thursday, November 10, 2016
foxnews.com
The Department of Veterans Affairs has warned more than 2,100 veterans in Eastern Colorado and parts of Kansas that their personal information may have been compromised when an employee emailed documents to himself.
Infomercial Sleeper ‘My Pillow’ Gets $1 Million Wake-Up Call Over False Medical Claims
Thursday, November 03, 2016
washingtonpost.com
A recent lawsuit successfully argued My Pillow overstated its claims, deflating the pillow company’s meteoric rise. Last Wednesday, 10 district attorneys from California sued My Pillow in Alameda County Superior Court, in Oakland, alleging the company had engaged in deceptive and false advertisements.
10 Cybersecurity Lessons From 10 Years’ Experience at IBM
Thursday, November 03, 2016
securityintelligence.com
Skapinetz: In 10 years at IBM, I’ve been fortunate to have a bird’s eye view of big changes across the security industry. I have helped massive enterprises and small organizations build out their defenses against all sorts of changing threats. Here are 10 simple cybersecurity lessons I’ve learned in the past decade.
Computer Virus Cripples UK Hospital System
Wednesday, November 02, 2016
krebsonsecurity.com
Citing a computer virus outbreak, a hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities. The incident came as U.K. leaders detailed a national cyber security strategy that promises billions in cybersecurity spending, new special police units to pursue organized online gangs, and the possibility of retaliation for major attacks.
Hacker Who Helped Blackmailers Access 10 Billion Photobucket Images Sentenced to Prison
Wednesday, November 02, 2016
denverpost.com
A Colorado hacker who sold computer code that allowed people, including blackmailers, to scan Photobucket’s cache of 10 billion customer photographs and videos for nude and pornographic images and steal them was sentenced Tuesday to 29 months in prison.
Parents Need to Respect Their Children's Privacy Online, Experts Say
Wednesday, November 02, 2016
consumeraffairs.com
Excited parents begin posting anything and everything about their children, often starting with those grainy in-utero scans. While online sharing can be good for parents, providing them support from friends and family, it can also have some very real consequences for children later in life, according to researchers who presented their findings at the American Academy of Pediatrics conference in San Francisco.
Phishing Fraudsters Pose as UK Bank Social Media Types
Tuesday, November 01, 2016
theregister.co.uk
Cybercrooks are posing as customer support staff from UK banks in a ruse designed to hoodwink gullible customers out of their credentials.
What Awareness Is Supposed to Be
Tuesday, November 01, 2016
csoonline.com
Recent W-2 and accounts payable thefts show governance should be the cornerstone of awareness.
NSA Hackers Leak More Files, Revealing Apparent Targets of US Cyber Espionage
Monday, October 31, 2016
thehill.com
The hacker or hackers that stole National Security Agency-built hacking tools have dumped new files in what appears to be yet another change of plans in monetizing the heist. The new files provide some insight into the targets of the NSA affiliated hacking team called The Equation Group. Those targets include government servers in China and Universities in Pakistan and Saudi Arabia.
Bank Regulator Reveals 'Major' Security Breach
Monday, October 31, 2016
thehill.com
A federal bank regulator announced Friday that a former employee had illegally downloaded more than 10,000 records containing personal information.
How Podesta's Gmail Account Was Breached
Monday, October 31, 2016
thesmokinggun.com
On March 19, a Saturday, Podesta received an e-mail--purportedly from Google--warning him that, “Someone has your password.” The alert (seen above) informed Podesta that a sign-in attempt from an IP address in Ukraine was thwarted and that, “You should change your password immediately.”
Study: Healthcare Staff Lacking in Basic Security Awareness, Putting Medical Infrastructure at Risk
Monday, October 31, 2016
healthcareitnews.com
Security is only as strong as the weakest link, and employees are often it when it comes to phishing, spear-phishing and other social engineering attacks, SecurityScorecard finds.
This Chart Shows the Anatomy of the IRS Phone Scam
Monday, October 31, 2016
vox.com
The indictment also shows us who does what, and how the money travels. Here is a diagram that shows how this scam works, based on what’s in the indictment.
She Thought Her Husband Was Dead - Police Told Her He Was Living With His New Family in Florida
Monday, October 31, 2016
washingtonpost.com
After abandoning his family in 1993, Hoagland moved to Florida, where he constructed an entirely new existence from scratch. Police say he started by stealing the death certificate and adopting the identity of a man named Terry Jude Symansky — a fisherman who died in 1991.
Ransomware Attacks Are Soaring, Says Beazley in Data Breach Report
Monday, October 31, 2016
insurancejournal.com
Ransomware attacks against businesses will be four times higher in 2016 than last year, with a growing number of ransom-seeking hackers demanding bitcoin rather than money, according to a report by specialty insurer Beazley.
FTC Issues Guidance for Responding to Data Breaches
Monday, October 31, 2016
insideprivacy.com
The FTC issued new guidance for businesses on responding to data breaches, along with an accompanying blog post and video. The data breach response guidance follows the issuance of the FTC’s “Start with Security” data security guidance last year and builds upon recent FTC education and outreach initiatives on data security and cybersecurity issues. The FTC’s data breach response guidance focuses on three main steps: securing systems and data from further harm, addressing the vulnerabilities that led to the breach, and notifying the appropriate parties.
Cybercrime: On an Upward Trend
Friday, October 28, 2016
scmagazine.com
Cybercrime is a fast-growing area of crime. Europol's 2016 Internet Organised Crime Threat Assessment identifies an expanding cyber-criminal economy exploiting our increasingly Internet-enabled lives.
Big Tech-Media Mergers Raise Fresh Privacy Concerns
Friday, October 28, 2016
phys.org
"Twenty-first century media is all about the ability to gather information on a single individual regardless of where they are—whether they are using mobile phone or watching TV or in a grocery store," said Jeffrey Chester of the Center for Digital Democracy, a privacy rights group.
A Police Raid in India Dramatically Reduced the Number of IRS Scam Reports
Friday, October 28, 2016
washingtonpost.com
It took a big raid in India to slow down an IRS impostor scam that resulted in thousands of people, many of them retirees, being bilked out of millions of dollars.
AT&T Is Spying on Americans for Profit, New Documents Reveal
Tuesday, October 25, 2016
thedailybeast.com
Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why.
IoT Device Maker Vows Product Recall, Legal Action Against Western Accusers
Tuesday, October 25, 2016
krebsonsecurity.com
A Chinese electronics firm pegged by experts as responsible for making many of the components leveraged in last week’s massive attack that disrupted Twitter and dozens of popular Web sites has vowed to recall some of its vulnerable products, even as it threatened legal action against this publication and others for allegedly tarnishing the company’s brand.
Hackers Took Down a High School Literacy Test Because Punk’s Not Dead
Friday, October 28, 2016
motherboard.vice.com
A dry run for a high school literacy test in Ontario was cancelled last week after being sabotaged with a cyber attack, affecting thousands of grade 10 students, the organization that oversees the test announced on Monday.
Sorting Out HIPAA vs. FTC Act Requirements
Tuesday, October 25, 2016
healthcareinfosecurity.com
The new guidance from the FTC and Department of Health and Human Services' Office for Civil Rights comes in the wake of several enforcement actions that the FTC has taken against healthcare sector organizations in recent years for alleged privacy and security incidents that violate the FTC's unfair or deceptive business practices regulations, including its ongoing case against LabMD.
Dyn DDoS Attack Highlights 'Dark Side' of Tech-Dependent Society
Friday, October 28, 2016
govtech.com
James Ramsay is the coordinator of the new Homeland Security program at the University of New Hampshire and a professor of security studies. He said these kinds of attacks reflect the "dark side" of our technology-dependent society. "This is the 'advanced persistent threat' that we refer to in the world of cyber security," he said. "This is a vulnerabilty that a society has that has become addicted to, and absolutely dependent on, digital communications, digital assets, digital identities."
Inside the OPM Hack, the Cyberattack That Shocked the Us Government
Tuesday, October 25, 2016
wired.com
To figure out why the hackers had trained their sights on OPM, investigators would have to determine what, if anything, had been stolen from the agency’s network over the preceding year. But first they had to hunt down and eliminate the malware on its network, an archaic monstrosity that consisted of as many as 15,000 individual machines.
In Cybersecurity Contest, Hackers Target Critical Infrastructure
Tuesday, October 25, 2016
csmonitor.com
At the inaugural Passcode Cup capture the flag challenge, competitors raced through hacking challenges that ranged from password-cracking to compromising a mock water treatment facility.
Massive Weebly Data Breach Exposes Over 43 Million Users' Info
Tuesday, October 25, 2016
esecurityplanet.com
The drag-and-drop website builder Weebly is notifying most of its more than 40 million users that hackers had accessed their email addresses and/or user names, IP addresses and encrypted (bcrypt hashed) passwords.
St. Joseph Health to Pay OCR $2.14 Million to Settle HIPAA Case
Tuesday, October 25, 2016
hipaajournal.com
The Department of Health and Human Services’ Office for Civil Rights has announced it has agreed to settle potential violations of the HIPAA Privacy and Security Rules with St. Joseph Health (SJH). SJH is required to pay $2.140,500 to OCR and adopt a corrective action plan (CAP) to bring policies and procedures up to the standard demanded by HIPAA.
Media Fails to Tell Consumers About Device Flaws in Friday’s Internet Outage
Tuesday, October 25, 2016
networkworld.com
When reporting on Friday’s DDoS attack, the national media should have warned consumers not to install internet-connected devices that have a 4-year-old flaw.
How Security Flaws in Voting Machines Could Discredit Election Results
Tuesday, October 25, 2016
zdnet.com
Security experts say voting machines are easy to tamper with, and in several key battleground states ballots will be nearly impossible to verify.
HIPAA Audit Update: Here's What's Next
Tuesday, October 25, 2016
healthcareinfosecurity.com
Federal regulators will start remote HIPAA compliance "desk audits" for business associates in November. And more comprehensive onsite audits of covered entities and BAs are slated for the first quarter of next year.
Identity Theft Hits Low- to Moderate-Income Victims Hardest
Tuesday, October 25, 2016
darkreading.com
In addition to government assistance, ID theft victims frequently seek financial support from friends, family, and faith-based organizations, according to a study by the Identity Theft Resource Center.
As Artificial Intelligence Evolves, So Does Its Criminal Potential
Monday, October 24, 2016
nytimes.com
Imagine receiving a phone call from your aging mother seeking your help because she has forgotten her banking password. Except it’s not your mother. The voice on the other end of the phone call just sounds deceptively like her. It is actually a computer-synthesized voice, a tour-de-force of artificial intelligence technology that has been crafted to make it possible for someone to masquerade via the telephone. Such a situation is still science fiction — but just barely. It is also the future of crime.
Website-Blocking Attack Used Open Source Software
Monday, October 24, 2016
thehill.com
Investigators say the free tool that briefly blocked access to major websites on Friday was the same one that was used in a record-breaking attack on a cybersecurity journalist.
Microsoft: Beware This Fake Windows BSOD From Tech Support Scammers' Malware
Monday, October 24, 2016
zdnet.com
Microsoft is warning Windows users over a fake Microsoft security product that locks an infected computer and tries to trick victims into calling a support hotline.
U.S. Courts: Electronic Surveillance up 500 Percent in D.C.-Area Since 2011, Almost All Sealed Cases
Monday, October 24, 2016
washingtonpost.com
Secret law enforcement requests to conduct electronic surveillance in domestic criminal cases have surged in federal courts for Northern Virginia and the District, but only one in a thousand of the applications ever becomes public, newly released data show.
Hacker Lexicon: What Are DoS and DDoS Attacks?
Monday, October 24, 2016
wired.com
There are other types of DoS attacks that use different tactics, but they all have the same effect: preventing legitimate users from accessing a system or site.
Pennsylvania Driver's License Will No Longer Count as Federal ID
Monday, October 24, 2016
post-gazette.com
Kentucky, Maine, Oklahoma and South Carolina also at risk.
How Your DVR Was Hijacked to Help Epic Cyberattack
Monday, October 24, 2016
usatoday.com
Technology experts warned for years that the millions of Internet-connected "smart" devices we use every day are weak, easily hijacked and could be turned against us. The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality.
Second Hack Feared After Massive Cyberattack Knocks Major Websites Offline
Monday, October 24, 2016
nbcnews.com
It remains unclear who is behind the attacks — but the interruptions sent the internet into a tizzy.
Is Disclosure of Podesta’s Emails a Step Too Far? a Conversation With Naomi Klein
Saturday, October 22, 2016
theintercept.com
The author and activist Naomi Klein believes there are serious threats to personal privacy and other critical political values posed by hacks of this sort, particularly when accompanied by the indiscriminate publication of someone’s personal emails.
Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking
Saturday, October 22, 2016
propublica.org
Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user’s names.
Federal Regulators Propose New Cybersecurity Rule for Big Banks
Friday, October 21, 2016
huntonprivacyblog.com
The Proposed Standards address five categories of cybersecurity: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience and situational awareness.
Government Alleges Former NSA Contractor Stole ‘Astonishing Quantity’ of Classified Data Over 20 Years
Friday, October 21, 2016
washingtonpost.com
Federal prosecutors in Baltimore on Thursday said they will charge a former National Security Agency contractor with violating the Espionage Act, alleging that he made off with “an astonishing quantity” of classified digital and other data over 20 years in what is thought to be the largest theft of classified government material ever.
Self-Checkout Skimmers Go Bluetooth
Friday, October 21, 2016
krebsonsecurity.com
Here’s a look at one overlay skimmer equipped with Bluetooth technology that allows thieves to snarf swiped card data and PINs wirelessly using nothing more than a mobile phone.
Massive DDoS Attack Against Dyn DNS Causes Major Outages to Popular Sites
Friday, October 21, 2016
thehackernews.com
A sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, is causing uproar online. It's because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn, according to a post on Hacker News.
Hackers Steal Research and User Data From Japanese Nuclear Research Lab
Thursday, October 20, 2016
softpedia.com
Officials said the attacker managed to steal files on multiple occasions, taking both research data and the personal details of nuclear scientists. According to University officials, the attackers sent spear-phishing emails to several researchers working at its nuclear research laboratory.
Online Prescription Drug Scam
Thursday, October 20, 2016
idtheftcenter.org
Individuals are being threatened with warrants for their arrest by scammers posing as agents from the Drug Enforcement Administration.
Fight Fraud: Scams, Identity Theft, Ransomware Attacks
Thursday, October 20, 2016
helpnetsecurity.com
In an increasingly technology-oriented world, cybercrime has become all too common for both consumers and businesses. Internet crime takes many forms and includes everything from large-scale data breaches to consumer issues like identity theft and cyberstalking to widespread scams and ransomware.
Virtual Kidnapping
Thursday, October 20, 2016
schneier.com
This is a harrowing story of a scam artist that convinced a mother that her daughter had been kidnapped. More stories are here. It's unclear if these virtual kidnappers use data about their victims, or just call people at random and hope to get lucky. Still, it's a new criminal use of smartphones and ubiquitous information.
Hackers Hit U.S. Senate GOP Committee
Monday, October 17, 2016
krebsonsecurity.com
The national news media has been consumed of late with reports of Russian hackers breaking into networks of the Democratic National Committee. Lest the Republicans feel left out of all the excitement, a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC).
Ascesso Malware Spreading via Student Loan Forgiveness Spam
Tuesday, October 18, 2016
scmagazine.com
The bad actors behind a new malware contagion are exploiting the desperation of American college graduates looking for relief from their student debt, according to a Symantec report.
Giant Cyber Wargame With 'Dark Scenario' of Power Cuts, Ransomware and Drones Reaches Its Climax
Tuesday, October 18, 2016
zdnet.com
More than 700 security experts from government agencies, banks, cloud companies, battle fictional cyber-foes.
G-7 Endorses Best Practices for Bank Cybersecurity
Monday, October 17, 2016
huntonprivacyblog.com
On October 11, 2016, Group of Seven (“G-7”) financial leaders endorsed the Fundamental Elements of Cybersecurity for the Financial Sector (“Best Practices”), a set of non-binding best practices for banks and financial institutions to address cybersecurity threats. The endorsement was motivated by recent large hacks on international banks, including the February 2016 theft of $81 million from the central bank of Bangladesh’s account at the New York Federal Reserve.
Report: Using More Social Networks Raises Your Risk of ID Theft
Monday, October 17, 2016
bobsullivan.net
ID Analytics, a fraud-fighting firm, has produced numerous studies through the years examining millions of fraud reports and credit applications in data it collects from lenders. It had never studied the direct relationship between sharing information online and the odds that someone would become a fraud victim, however. Until now.
Darkweb Marketplaces Can Get You More Than Just Spam and Phish
Tuesday, October 18, 2016
csoonline.com
Underground markets offer a great variety of services for cyber criminals to profit from. These forums offer items ranging from physical world items like drugs and weapons to digital world items such as spam/phishing delivery, exploit kit services, "Crypters", "Binders", custom malware development, zero-day exploits, and bulletproof hosting.
IoT Devices as Proxies for Cybercrime
Tuesday, October 18, 2016
krebsonsecurity.com
This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity — from frequenting underground forums to credit card and tax refund fraud.
Facebook, Twitter Block Surveillance Tool
Tuesday, October 18, 2016
thehill.com
Facebook and Twitter are cutting off Geofeedia's access to their data after an ACLU report that the company created tools to help law enforcement with surveillance.
This Is How Far Phishers Will Go to Make You Click on a Bogus Link
Friday, October 14, 2016
zdnet.com
The anatomy of a phishing attack: how cybercriminals are targeting hospitals to steal data.
Dozens Arrested at India Call Center Linked to IRS Scam Calls
Friday, October 14, 2016
abc27.com
Indian police have arrested 70 people and are questioning hundreds more after uncovering a massive scam to cheat thousands of Americans out of millions of dollars by posing as U.S. tax authorities and demanding unpaid taxes.
Feds Charge Two in Lizard Squad Investigation
Wednesday, October 12, 2016
krebsonsecurity.com
The U.S. Justice Department has charged two 19-year-old men alleged to be core members of the hacking groups Lizard Squad and PoodleCorp. The pair are charged with credit card theft and operating so-called “booter”or “stresser” services that allowed paying customers to launch powerful attacks designed to knock Web sites offline.
NSA Contractor Thought to Have Taken Classified Material the Old-Fashioned Way
Wednesday, October 12, 2016
washingtonpost.com
Harold T. Martin III is accused of stealing mounds of classified information from the government for at least a decade, and investigators also believe some of the information was taken the old-fashioned way — by walking out of the workplace with printed-out papers he had hidden, according to U.S. officials.
Youndoo Creates New Chrome Profile
Wednesday, October 12, 2016
blog.malwarebytes.com
We have found members of the Elex family to create an extra Firefox profile and wrote about it on our blog in a post called GsearchFinder hijackers add extra Firefox profile. Now they took on the task of doing the same for Chrome (and succeeded). They copy some settings from your current profile to create the new profile and give it a natural “feel”.
Microsoft: No More Pick-and-Choose Patching
Wednesday, October 12, 2016
krebsonsecurity.com
Starting this month, home and business Windows users will no longer be able to pick and choose which updates to install and which to leave for another time.
DoD Finalizes Rule on Policies for Cyber Incident Reporting
Wednesday, October 12, 2016
insidegovernmentcontracts.com
On October 4th, the Department of Defense (DoD) issued a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors who have “agreements” with DoD. The Final Rule also highlights DoD’s desire to encourage greater participation in the voluntary Defense Industrial Base (DIB) cybersecurity information sharing program. This Rule is effective on November 3, 2016.
FTC Enforcement Possible for Failing to Guard Against Ransomware
Wednesday, October 12, 2016
dataprotectionreport.com
Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may foreshadow additional FTC action, building upon a developing trend of US regulators engaging in pre-breach enforcement action.
Court Rules Consumer Bureau's Structure Unconstitutional, Allows It to Operate
Tuesday, October 11, 2016
thehill.com
In its 2-1 ruling, the U.S. Court of Appeals for the D.C. Circuit said the independent agency's structure is unconstitutional because it’s headed by a single director instead of a multi-member board. The court, however, allowed the CFPB to continue to function by giving the president the power to remove and supervise the director.
New Malware Hitting Banks Aids in Thefts Using Swift Transactions Network
Tuesday, October 11, 2016
thehill.com
The Odinaff malware is spread through a variety of techniques, but primarily through Microsoft Word files using the program’s automation offerings called Macros. Users can turn Word Macros off in settings to thwart this mode of attack.
66 Ways to Protect Your Privacy Right Now
Tuesday, October 11, 2016
consumerreports.org
The tips here, compiled with input from dozens of security experts, will help you take control. We also have pulled out a shorter list of just seven, super-fast steps you can take right now, in less than 10 minutes.
Yahoo Secretly Scanned Customer Emails for U.S. Intelligence - Sources
Friday, October 07, 2016
reuters.com
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
Grandmother Scammed out of $6,000
Friday, October 07, 2016
channel3000.com
The 82-year-old woman told police she got a call Wednesday from a man claiming he was her grandson and that he was drunk when he was involved in a crash that injured another motorist. He told her the reason he sounded a bit nasally was because his nose had been broken in the collision.
How to Encrypt Your Facebook Messages
Friday, October 07, 2016
techcrunch.com
All 1 billion Facebook Messenger users can now encrypt their messages so that governments, hackers, and even Facebook itself can’t read them. Facebook announced its “Secret” messages feature back in July. Now it’s fully rolled out, but still a bit tricky to use. Messenger threads aren’t secret by default, so here’s a step-by-step guide for how to turn on encryption.
‘We Have Your Daughter’: A Virtual Kidnapping and a Mother’s Five Hours of Hell
Wednesday, October 05, 2016
washingtonpost.com
Wendy Mueller was standing at the copper sink in her gorgeous, historic Leesburg, Va., home last Wednesday afternoon when the knife she was holding slipped and cut her thumb. Then the phone rang. It wasn’t a number she recognized, but distracted by the bleeding thumb, she answered it. Mom always answers the phone.
Who Makes the IoT Things Under Attack?
Wednesday, October 05, 2016
krebsonsecurity.com
The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords. Many readers have asked for more information about which devices and hardware makers were being targeted. As it happens, this is fairly easy to tell just from looking at the list of usernames and passwords included in the Mirai source code.
NEED AN EXPERT?
Rob Douglas identity theft expert

Does your organization need a consultant who can deliver information security awareness training that contains the truth about what works and what doesn’t in the fight against the fastest growing crimes in the world? 

Does your conference need an experienced speaker who will captivate the audience with dramatic real life cases of identity theft, cybercrime and scams ranging from stolen personal information, to theft of corporate trade secrets, to stalking and murder? 

Are you a member of the media seeking a comment about ID theft, scams, data breaches, cybercrime, information security, or fraud? 

If so, we invite you to learn more about identity theft and scam expert Rob Douglas.