briankrebs

briankrebs


Independent investigative journalist. Writes about cybercrime. Author of 'Spam Nation', a NYT bestseller. Wrote for The Washington Post '95-'09

262513 followers  •  1454 follow  •  Eastern Time (US & Canada)  •   http://krebsonsecurity.com

One caveat: Better make sure your Google account is ALSO protected by either app-based or security key 2-factor, and that SMS is NOT set as a recovery option. Because if you lose that, you're screwed.

@ckindel  None of that can contend with a $12-an-hour mobile store employee who wants to make a quick $500. The lesson here is you can't trust the mobile companies, because they're not set up to combat this problem, and probably never will be.

@gracels  @lesliemolsonN  @KimZetterot  true. Yubico has a new key that does USB and the Apple lightning connector. Also, there are keys that do Bluetooth.

Exclusive: Feds allege 4 employees of email marketing firm Adconion (now Amobee) hijacked IP addresses for spamming. This 10-count criminal indictment is apparently the Part 1 of a larger investigation into the company's email marketing practices

tweet picture

"Satori" IoT botnet operator Kenneth Schuchman pleads guilty. Satori grew to 100,000 infected systems, with improved versions of the botnet compromising as many as 700,000 IoT devices over 15 months. Admitted "swatting" one of his alleged co-conspirators

tweet picture

@startswithv  Seems like a pretty typical money mule recruitment operation. Hope he didn't buy any of the stuff they told him to. I've written countless stories about these scams. Perhaps it's time to revisit them.

@startswithv  These people prey on individuals who are looking for work-at-home jobs or part time work. They string you along for weeks doing menial stuff, and then eventually will tell you it's time to process some payments, or send them some money, etc.

Secret Service investigates breach of IT contractor that serves as prime contractor for 20+ US Govt agencies, including DHS. Access to contractor's systems was being sold on cybercrime forum.

tweet picture

NY cloud payroll provider MyPayrollHR abruptly closes up shop, diverts $35 million in payroll, tax payments to its own account. Employees at thousands of companies that used the service dinged for 1-2 payroll payments. Meanwhile, the CEO has vanished

tweet picture

Loading
Loading

Western Union to forfeit $586M to settle charges with US Govt over alleged money laundering for human trafficking

ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin"

Fun fact: CIA unit exposed by Wikileaks was tasked w/ crafting cyber response to Russia's alleged election meddling

The CEO of twitter just got his account hijacked, apparently by a bunch of SIM swappers who've been targeting high profile people and celebrities of late. Maybe this will finally get some real attention to the epidemic of SIM swapping happening right now? Not holding my breath.

tweet picture

I never do this, but this is important so please RT if you agree: It's not okay for my mobile provider to sell or give my mobile device location info to a 3rd party without at least a court order/subpoena. Background: and

tweet picture

Exclusive: Facebook stored hundreds of millions of user passwords in plain text for years

tweet picture

Bring on the bots and sock puppet accounts. Amazing how a tweet about Putin always engenders defensive responses about Trump.

Who Is Marcus Hutchins, the man credited with stopping WannaCry and charged w/ authoring Kronos banking trojan?

Loading
Loading