31 matches found
Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection
Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now...
Surveillance by the US Postal Service
This is not about mass surveillance of mail, this is about the sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves: To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company,...
caravanofthieves.com Cross Site Scripting vulnerability OBB-3297511
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Bypassing a Theft Threat Model
Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies page 318: My favorite example is a band of California art thieves that would break into peoples houses by cutting a hole in...
Identity Thieves Bypassed Experian Security to View Credit Reports
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their...
Sharing Netflix, Disney+, other passwords is illegal, according to new guidance
The Intellectual Property Office IPO, the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebooks parent company. The general issue on piracy is...
The Hunt for the FTX Thieves Has Begun
Mysterious crooks took hundreds of millions of dollars from FTX just as it collapsed. Crypto-tracing blockchain analysis may provide an answer...
North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack
The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform...
Honda's Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles
A duo of researchers has released a proof-of-concept PoC demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system...
A Coordinated Takedown Targets 'OGUser' Account Thieves
Twitter, Instagram, and TikTok have all taken action against the hacker community in recent days...
Check Washing
I cant believe that check washing is still a thing: "Check washing" is a practice where thieves break into mailboxes or otherwise steal mail, find envelopes with checks, then use special solvents to remove the information on that check except for the signature and then change the payee and the...
Online Credit Card Skimmers Are Thriving During the Pandemic
As brick and mortars close due to the novel coronavirus, thieves have increasingly targeted digital checkout...
Mailbox Master Keys
Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon...
Payroll Provider Gives Extortionists a Payday
Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...
Microsoft Misfires with Meltdown Patch, while WannaCry Pops Up at Boeing
In our weekly roundup of InfoSec happenings, we start, as has often been the case this year, with concerning Meltdown / Spectre news -- this time involving Microsoft -- and also touch on a password hack at Under Armour, a WannaCry infection at Boeing, and a severe Drupal vulnerability. Microsoft...
Dumping Data from Deep-Insert Skimmers
I recently heard from a police detective who was seeking help identifying some strange devices found on two Romanian men caught maxing out stolen credit cards at local retailers. Further inspection revealed the devices to be semi-flexible data transfer wands that thieves can use to extract stolen...
B&B Theatres Hit in 2-Year Credit Card Breach
B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems. The acknowledgment comes just days after KrebsOnSecurity reached out to the company for comment on reports from financial industry sources who sai...
King of Thieves - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application King of Thieves published at the 'play' market has multiple vulnerabilities...
How to Freeze Credit Report To Protect Yourself Against Identity Theft
If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile, then there's a way to prevent hackers from misusing your identity i.e. identity theft. The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax,...
Popular Hackforums Website Defaced by Egyptian Hacker
Hackforums - one of the popular hacking forum in the world - has been hacked and defaced by the famous Egyptian hacker with the online handle Eg-R1z. HackForums is popular among both whitehats and blackhats. On one end of the spectrum, HackForums helps over 110,000 hacking community members to...