Accountability, Book and Internet - Cyber Security Informer

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. Caturegli said the domains all resolve to Internet addresses at Microsoft. “Titon” on infosec.exchange.

DNS

DNS Internet Internet Risk

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. The top 5 new gTLDs, ranked by cybercrime domains reported.

Cybercrime

Cybercrime Phishing Accountability Internet

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Relax. Internet password books are OK

Malwarebytes

APRIL 1, 2021

The big book of passwords. There’s one password management tool which experiences more than its fair share of derision—the oft-maligned Internet password book. These are, as you may expect, physical books which are little more than empty notepads with “Internet password book” written on the front.

Passwords

Passwords Internet Internet Password Management

New Book: A Hacker’s Mind

Schneier on Security

NOVEMBER 11, 2022

I have a new book coming out in February. And there is an entire industry of black-hat hackers who exploit vulnerabilities in the tax code: we call them accountants and tax attorneys. A Hacker’s Mind is my pandemic book, written in 2020 and 2021. It’s about hacking. It’s subversion, or an exploitation.

Artificial Intelligence

Artificial Intelligence Hacking Internet Internet

Worthwhile Books, Q3

Adam Shostack

JANUARY 2, 2025

Some of what I've read over the past quarter, and want to recommend each of the books below as worthy of your time. Cyber The Internet of Risky Things , Sean Smith. Dr. Black is explicit that she wrote the book to carry the feel of an internet campaign, with some stylistic bits that I found surprising. Fiction N.

Internet

Internet Internet IoT Education

I spoke to a task scammer. Here’s how it went

Malwarebytes

MARCH 5, 2025

Beginning the message with emojis, Birdie started the chat… Group invitation on X [emoji intro] Hello, I am a third-party agency from the UK, specializing in providing ranking and likes services for Booking+Airbnb hotel applications. With that phone in hand, I set up a Gmail account and installed WhatsApp. explanation?

Scams

Scams Accountability Mobile Cryptocurrency

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

It's just another day on the internet when the news is full of headlines about accounts being hacked. The second story was about a number of verified Twitter accounts having been "hacked" and then leveraged in Bitcoin scams. And then there's the account holder, the one who chose the password.

Passwords

Passwords Accountability Hacking Education

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Golubov later earned immunity from prosecution by becoming an elected politician and founding the Internet Party of Ukraine , which called for free internet for all, the creation of country-wide “hacker schools” and the “computerization of the entire economy.” Vrublevsky Sr. “Hi, how are you?”

Retail

Retail Advertising Cryptocurrency Marketing

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly website names (example.com) into numeric Internet addresses. Image: Infoblox. How does one know whether a DNS provider is exploitable?

DNS

DNS Internet Internet Phishing

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Setting up Google 2FA.

Risk

Risk Password Management Passwords Accountability

U.S. Govt. Makes it Harder to Get.Gov Domains

Krebs on Security

MARCH 7, 2020

After that, they send account creation links to all the contacts.”. While what my source did was technically wire fraud (obtaining something of value via the Internet through false pretenses), cybercriminals bent on using fake.gov domains to hoodwink Americans likely would not be deterred by such concerns.

Internet

Internet Internet Cybercrime Government

Security in a World of Physically Capable Computers

Schneier on Security

OCTOBER 12, 2018

As a result, we are stuck with hackable internet protocols, computers that are riddled with vulnerabilities and networks that are easily penetrated. Facebook account data might be important, but again, nobody dies when it's stolen. The solution is complicated, and it's one I devoted my latest book to answering.

Government

Government Internet Internet Marketing

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

The Last Watchdog

OCTOBER 30, 2023

Related: How ‘XDR’ defeats silos Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems , by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transition: endpoint detection and response, EDR. Hand: I don’t believe so.

Engineering

Engineering Mobile Internet Internet

Data Breach leads to Comcast Customer Data Leak

CyberSecurity Insiders

DECEMBER 26, 2022

Going by the details, Xfinity email users started receiving email alerts that their account info was changed. And when they tried to access the account, their attempts failed as their passwords were changed. The post Data Breach leads to Comcast Customer Data Leak appeared first on Cybersecurity Insiders.

Data breaches

Data breaches Accountability Internet Internet

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Whether you’re looking for a smartphone, a laptop, a gaming device or something else, or even just signing up for an account online, you want to make sure your kids are protected. Today’s generation of kids and teens consider their devices and the Internet as extensions of their lives. 7 Internet safety tips.

Internet

Internet Internet Passwords Password Management

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

JULY 14, 2020

. “DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.”

DNS

DNS Backups Software System Administration

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

FEBRUARY 15, 2021

Consider that kids are constantly connected on the internet with online games, streaming devices, virtual schooling, and zoom play dates. Companies must take this into account and consider extending employee training to also promote security and privacy habits among all family members, especially children. We’re all connected.

Education

Education CISO Security Awareness Cybersecurity

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

A lot of people are thinking about the security of their home network right now, and as one of the project leaders on the OWASP Internet of Things Security Project , I wanted to provide three levels of security you can do at home. Use a password manager to make and store good passwords that are different for every account/device.

Passwords

Passwords DNS Accountability IoT

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. user account — this one on Verified[.]ru

Malware

Malware Cybercrime Software Accountability

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

If you have doubts, check it out–go directly to your account or to the source, which you should always independently verify, if the communication refers to anything service or finance related. You go online and you can’t access your cloud account, or you can’t find data stored on a device or in a specific service.

Passwords

Passwords Phishing Password Management Accountability

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Experts at Cisco Talos and other security firms quickly drew parallels between the two mass spam campaigns, pointing to a significant overlap in Russia-based Internet addresses used to send the junk emails. domaincontrol.com and ns18.domaincontrol.com). domaincontrol.com).

DNS

DNS Internet Internet Computers and Electronics

5 pro-freedom technologies that could change the Internet

Malwarebytes

JULY 4, 2022

After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. To celebrate Independence Day we want to draw your attention to five technologies that could improve life, liberty and the pursuit of happiness on the Internet. And yet almost every Internet account requires one.

Internet

Internet Internet Technology DNS

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

Krebs on Security

DECEMBER 23, 2018

21, booked an Uber to pick them up at Woody’s condominium in Mandaluyong City, and when the driver arrived the two men stuffed a large box into the trunk of the vehicle. Both are pictured in the first of the three large photos below, taken from Woody’s Instagram account. Image: Manila Police Dept.

Internet

Internet Internet Government Accountability

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS

DNS Internet Internet Government

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

The profile also linked to Mr. Lee’s Twitter/X account , which features the same profile image. Sure, Doug said, here’s my Calendly profile, book a time and we’ll do it then. “Some of our users are facing issues with our service,” the message read. “We are actively working on fixing these problems.

Malware

Malware Cryptocurrency Software Phishing

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

The Last Watchdog

JUNE 1, 2022

In order to extract value from the Internet, data sprawl first must get reined in. Jeff Bezos solved data sprawl for selling books and gave us Amazon. Krishnan gave me the example of a technology company that was concerned about employees flouting a company ban on the use of personal email accounts to share proprietary documents.

Unstructured Data

Unstructured Data Government Internet Internet

Why Don’t You Go Dox Yourself?

Cisco Security

OCTOBER 7, 2022

Your mission, should you choose to accept it, is to follow along and find out everything the internet knows about… you! Along the way, as you get familiar with the tools and tactics of internet sleuths, you’ll get a better idea of your current internet footprint as well as know what tracks you leave in the future.

Media

Media Identity Theft Accountability Internet

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. There are simple steps consumers can take today, for free, to lower their overall risk of a cyber attack, including using multi-factor authentication for their accounts and using strong passwords.

Antivirus

Antivirus Marketing Identity Theft Social Engineering

Security in 2020: Revisited

Schneier on Security

FEBRUARY 7, 2020

Call it decentralization : our email, photos, books, music, and documents are stored somewhere, and accessible to us through our consumer devices. Others, like Internet-enabled game machines or digital cameras, are truly special purpose. Similarly, connecting objects to the Internet will soon be cheap enough to be viable.

Advertising

Advertising Internet Internet Artificial Intelligence

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. bank accounts. And there were many good reasons to support this conclusion. w s, icamis[.]ru

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Security Affairs

JULY 27, 2024

“This is an opportune moment to fully implement the Kremlin’s long-desired ‘import substitution’ in the form of wooden abacuses, paper savings books, and cave paintings for accounting.” Ukraine has launched a massive cyberattack against ATMs of Russian banks, the cyber operation began on July 23. reported the KyivPost.

Banking

Banking Mobile Hacking Internet

Common Tech Support Scams and How to Avoid Them

Identity IQ

APRIL 6, 2022

Whether we’re ordering groceries or looking for new shoes, all we need to do is create an account, fill out some basic personal details and log in. But what happens when that account is compromised – or when we think that account is compromised? Travel industry scams. Ride-share driver scam. How to Help Avoid Tech Support Scams.

Scams

Scams Identity Theft Accountability Internet

Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10

Malwarebytes

MAY 6, 2024

After more than a decade of our most recent technological experiment, in turns out that having the entirety of the internet in the palm of your hands could be … not so great. Delay the opening of accounts on nearly all social media platforms until the beginning of high school (at least). Don’t give a smartphone as the first phone.

Media

Media Internet Internet Accountability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. A booking photo of Noah Michael Urban released by the Volusia County Sheriff. Twilio disclosed in Aug.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

Cyber intelligence firm Intel 471 reports that obelisk57@gmail.com was used to register an account on the forum Blacksoftware under the nickname “ Kerens.” Those records indicate the user Kerens registered on Verified in March 2009 from an Internet address in Novosibirsk, a city in the southern Siberian region of Russia.

Malware

Malware Antivirus Cybercrime Hacking

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

Security Affairs

MARCH 19, 2021

According to a report published by researchers at PrivacySavvy, many travel companies expose users’ data through their booking apps. In a report published on the 16 th of March by PrivacySavvy, many travel companies expose users’ data through their booking apps.

Data breaches

Data breaches Encryption Hacking Healthcare

When is a Scrape a Breach?

Troy Hunt

DECEMBER 15, 2021

It also doesn't work for the 24 million Lumin PDF accounts that were taken from a MongoDB instance "left exposed online without a password" as no security was violated. gets dumped and all the plain text passwords spread around the internet alongside email addresses and usernames. let's say catforum.com.au

Data breaches

Data breaches Hacking Passwords Accountability

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

barely and cannot afford to leave the camp, nor to operate his own bank account but only to survive miserably. “ I am writing to you from an old desktop computer in the tent of the chaplain who works on behalf of a refugee agency, because here there is no internet point or effective means of communication. […].

Scams

Scams Banking Computers and Electronics Accountability

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

The Last Watchdog

MAY 14, 2019

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.” There are also compliance drivers to account for. It may be possible to strike the balance between protection and productivity that is needed for internet-centric corporate computing to come to full fruition.

Authentication

Authentication Digital transformation Risk Internet

How 50% of telco Orange Spain’s traffic got hijacked?—?a weak password

DoublePulsar

JANUARY 3, 2024

The threat actor accessed Orange’s RIPE account. RIPE look after internet IP addresses, basically the phone book of the internet. You may notice two step authentication is disabled — RIPE don’t require it, and it isn’t enabled by default for new accounts either. The internet is made of string. ~g

Passwords

Passwords Accountability Internet Internet

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

They might even lock you out of your own accounts by resetting your passwords. Hackers use intercepted data to hijack your current session on a website, giving them access to your private accounts and information. Check your social media accounts for active sessions and log out of any you don’t recognize.

DNS

DNS VPN Encryption Passwords

COLLECTING OUR BREADCRUMBS (Pt. 2 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

OCTOBER 13, 2022

Sharing is caring… but on the internet, sharing can also be tricky! The goal is to write down all of the accounts/addresses/phone numbers that come to mind, as these are some of the top things that attackers will try to gather in their search. DEEPER DIVE: EMAIL ADDRESSES AND USER ACCOUNTS . Start your list here: .

Passwords

Passwords Accountability Media Password Management

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

The Last Watchdog

AUGUST 24, 2020

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Companies that operate both online and offline tend to provide higher life covers online for the same type of policy because internet users are thought to have a better financial situation and thus better health.

Insurance

Insurance Internet Internet Accountability

MasterCard DNS Error Went Unnoticed for Years

Why Phishers Love New TLDs Like.shop,top and.xyz

Trending Sources

Booking.com Phishers May Leave You With Reservations

Relax. Internet password books are OK

New Book: A Hacker’s Mind

Worthwhile Books, Q3

I spoke to a task scammer. Here’s how it went

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

An Interview With the Target & Home Depot Hacker

Don’t Let Your Domain Name Become a “Sitting Duck”

10 Behaviors That Will Reduce Your Risk Online

U.S. Govt. Makes it Harder to Get.Gov Domains

Security in a World of Physically Capable Computers

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

Data Breach leads to Comcast Customer Data Leak

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

‘Wormable’ Flaw Leads July Microsoft Patches

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

A 3-Tiered Approach to Securing Your Home Network

Ask Fitis, the Bear: Real Crooks Sign Their Malware

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

5 pro-freedom technologies that could change the Internet

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Calendar Meeting Links Used to Spread Mac Malware

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

Why Don’t You Go Dox Yourself?

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

Security in 2020: Revisited

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Common Tech Support Scams and How to Avoid Them

Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Why Malware Crypting Services Deserve More Scrutiny

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

When is a Scrape a Breach?

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

How 50% of telco Orange Spain’s traffic got hijacked?—?a weak password

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

COLLECTING OUR BREADCRUMBS (Pt. 2 of “Why Don’t You Go Dox Yourself?”)

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

Stay Connected