China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.
FBI Warns of Fake Govt Sites, ISIS Defacements
The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress .
Kreditech Investigates Insider Breach
Kreditech , a consumer finance startup that specializes in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants’ personal and financial records online. A screen shot of the Tor site that links to the documents stolen from Kreditech. Earlier this month, a source pointed KrebsOnSecurity to a Web site reachable only via Tor , a software package that directs Internet traffic through a free, global network of relays
OpenSSL Patch to Plug Severe Security Holes
The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL — the software used by thousands of companies to encrypt online communications — is set to get a security makeover this week: The OpenSSL Software Foundation said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as “high” severity. OpenSSL is deployed at countless organizations, including at Web giants like Facebook, Google and Yahoo — as well as broadly across U.S
Premera Blue Cross Breach Exposes Financial, Medical Records
Premera Blue Cross , a major provider of health care services, disclosed today that an intrusion into its network may have resulted in the breach of financial and medical records of 11 million customers. Although Premera isn’t saying so just yet, there are independent indicators that this intrusion is once again the work of state-sponsored espionage groups based in China. In a statement posted on a Web site set up to share information about the breach — premeraupdate.com — the company said that it learned about the attack on January 29, 2015
Hacked Hotel Phones Fueled Bank Phishing Scams
A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south
FBI: Businesses Lost $215M to Email Scams
It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked.
How Was Your Credit Card Stolen?
Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible.
Another Lizard Arrested, Lizard Lair Hacked
Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas.
Toward Better Privacy, Data Breach Laws
President Obama on Monday outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. But depending on what is put in and left out of any implementing legislation, the effort could well could lead to more voluminous but less useful disclosure