Blog

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software (Krebs on Security)

Sécurité
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. In the three days since then, security experts say the…
Read More

Three Top Russian Cybercrime Forums Hacked (Krebs on Security)

Sécurité
Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. References to the leaked Mazafaka crime forum database were posted online in the past 48 hours. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. “Maza,” “MFclub“), an exclusive crime forum that has for more than a decade played host to some of…
Read More

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails (Krebs on Security)

Sécurité
Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group. The software giant typically releases security updates on the second Tuesday of each month, but it occasionally deviates from that schedule when addressing active attacks that target newly identified and serious vulnerabilities in its products. The patches released today fix security problems in Microsoft Exchange Server 2013, 2016 and 2019. Microsoft said its Exchange Online service — basically hosted email for businesses — is not impacted by these flaws. Microsoft credited researchers at Reston, Va. based…
Read More

Payroll/HR Giant PrismHR Hit by Ransomware? (Krebs on Security)

Sécurité
PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees. The company processes more than $80 billion payroll payments annually on behalf of PEOs and their clients. Countless small businesses turn to PEOs in part because they simplify compliance with various state payroll taxes, and because PEOs are the easiest way for small businesses to pool their resources and obtain more favorable health insurance rates for their employees. PrismHR…
Read More

#ShareTheMicInCyber: Rob Duhart (Google Online Security Blog)

Sécurité
Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims to elevate and celebrate the Black+ voices in security and privacy we have here at Google.Today, we will hear from Rob Duhart, he leads a cross functional team at Google that aims to enable and empower all of our products, like Chrome, Android and Maps, to mature their security risk journey.Rob’s commitment to making the internet a safer place extends far beyond his work at Google, he is a member of the Cyber Security Executive Education Advisory Board of Directors at Washington University in St. Louis, where he helps craft the future of cyber security executive education…
Read More

Is Your Browser Extension a Botnet Backdoor? (Krebs on Security)

Sécurité
A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition. Singapore-based Infatica[.]io is part of a growing industry of shadowy firms trying to woo developers who maintain popular browser extensions — desktop and mobile device software add-ons available for download from Apple, Google, Microsoft and Mozilla designed to add functionality or customization to one’s browsing experience. Some of these extensions have garnered hundreds of thousands or even millions of users. But here’s the rub: As an extension’s user base grows, maintaining…
Read More

Celebrating the influence and contributions of Black+ Security & Privacy Googlers (Google Online Security Blog)

Sécurité
Posted by Royal Hansen, Vice President, SecurityBlack History Month may be coming to a close, but our work to build sustainable equity for Google’s Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of information security analysts in the U.S. In an industry that consistently requires new ideas to spark positive change and stand out against the status quo, it is necessary to have individuals who think, speak, and act in diverse ways. Diverse security teams are more innovative, produce better products and enhance an organization's ability to defend against cyber threats.In an effort to amplify the contributions of the Black+ community to security and privacy fields, we’ll be sharing profiles of Black+ Googlers working on innovative privacy and security solutions over the coming weeks,…
Read More

How $100M in Jobless Claims Went to Inmates (Krebs on Security)

Sécurité
The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud. These prisoners tried to apply for jobless benefits. Personal information from the inmate IDs has been redacted. Image: ID.me A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5…
Read More

New Password Checkup Feature Coming to Android (Google Online Security Blog)

Sécurité
Posted by Arvind Kumar Sugumar, Software Engineer, Android TeamWith the proliferation of digital services in our lives, it’s more important than ever to make sure our online information remains safe and secure. Passwords are usually the first line of defense against hackers, and with the number of data breaches that could publicly expose those passwords, users must be vigilant about safeguarding their credentials. To make this easier, Chrome introduced the Password Checkup feature in 2019, which notifies you when one of the passwords you’ve saved in Chrome is exposed. We’re now bringing this functionality to your Android apps through Autofill with Google. Whenever you fill or save credentials into an app, we’ll check those credentials against a list of known compromised credentials and alert you if your password has been…
Read More

Checkout Skimmers Powered by Chip Cards (Krebs on Security)

Sécurité
Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely. A point-of-sale skimming device that consists of a PIN pad overlay (top) and a smart card skimmer (a.k.a. “shimmer”). The entire device folds onto itself, with the bottom end of the flexible card shimmer fed into the mouth of the chip card acceptance slot. The overlay skimming device pictured above consists of two main…
Read More