image
By Waqas Scan4You was a VirusTotal like platform used for malicious purposes. A 37-year old male from Riga, Latvia has received 14 years sentence for creating and running Scan4You, a counter antivirus service that aided malware developers to check detection rates of their malicious software. The convict has been identified as a Latvian non-citizen namely Ruslan Bondars […] This is a post from HackRead.com Read the original post: Hacker gets 14 years jail time for operating Scan4You malware scanning service

Source

image
By Waqas Zaif is the 35th largest cryptocurrency exchange by turnover. Hackers have stolen a whopping $60 million (6.7 billion yen) worth of cryptocurrency from Zaif, the 35th largest cryptocurrency exchange dealing in Bitcoin, Bitcoin Cash, and Monacoin. The exchange is owned by Tech Bureau, Corp. based in Nishi-Ku, Osaka, Japan. The hack attack took place on September 14th after hackers gained […] This is a post from HackRead.com Read the original post: Hackers steal $60 million from Japan's Zaif cryptocurrency exchange

Source

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Enacted in May 2018, the Economic Growth, Regulatory Relief and Consumer Protection Act rolls back some of the restrictions placed on banks in the wake of the Great Recession of the last decade. But it also includes a silver lining. Previously, states allowed the bureaus to charge a confusing range of fees for placing, temporarily thawing or lifting a credit freeze. Today, those fees no longer exist.

A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file).

And because each credit inquiry caused by a creditor has the potential to lower your credit score, the freeze also helps protect your score, which is what most lenders use to decide whether to grant you credit when you truly do want it and apply for it.

To file a freeze, consumers must contact each of the three major credit bureaus online, by phone or by mail. Here’s the updated contact information for the big three:

Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788

Online: Experian
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013

Online: TransUnion
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016

Spouses may request freezes for each other by phone as long as they pass authentication.

The new law also makes it free to place, thaw and lift freezes for dependents under the age of 16, or for incapacitated adult family members. However, this process is not currently available online or by phone, as it requires parents/guardians to submit written documentation (“sufficient proof of authority”), such as a copy of a birth certificate and copy of a Social Security card issued by the Social Security Administration, or — in the case of an incapacitated family member — proof of power of attorney.

In addition, the law requires the big three bureaus to offer free electronic credit monitoring services to all active duty military personnel. It also changes the rules for “fraud alerts,” which currently are free but only last for 90 days. With a fraud alert on your credit file, lenders or service providers should not grant credit in your name without first contacting you to obtain your approval — by phone or whatever other method you specify when you apply for the fraud alert.

Another important change: Fraud alerts now last for one year (previously they lasted just 90 days) but consumers can renew them each year. Bear in mind, however, that while lenders and service providers are supposed to seek and obtain your approval before granting credit in your name if you have a fraud alert on your file, they’re not legally required to do this.

MANAGING EXPECTATIONS

Having a freeze in place does nothing to prevent you from using existing lines of credit you may already have, such as credit, mortgage and bank accounts. By the same token, freezes do nothing to prevent crooks from abusing unauthorized access to these existing accounts.

According to experts, the bureaus make about $1 every time they sell access your credit file. However, a freeze on your file does nothing to prevent the bureaus from collecting information about you as a consumer — including your spending habits and preferences — and packaging, splicing and reselling that information to marketers.

When you place a freeze, each credit bureau will assign you a personal identification number (PIN) that needs to be supplied if and when you ever wish to open a new line of credit. When that time comes, consumers can temporarily thaw a freeze for a specified duration either online or by phone (see above resources). Needless to say, it’s a good idea to keep these PINs somewhere safe and reliable in the event you wish to unfreeze.

One important caveat: It’s best not to wait until the last minute before starting the freeze thawing process, which can be instantaneous or can take a few days. The easiest way to unfreeze your file for the purposes of gaining new credit is to spend a few minutes on the phone with the company from which you hope to gain the line of credit (or research the matter online) to see which credit bureau they rely upon for credit checks. It will most likely be one of the major bureaus. Once you know which bureau the creditor uses, contact that bureau either via phone or online and supply the PIN they gave you when you froze your credit file with them. The thawing process should not take more than 24 hours, but hiccups in the thawing process sometimes make things take longer.

CREDIT LOCKS AND CREDIT MONITORING

All three big bureaus tout their “credit lock” services as an easier and faster alternative to freezes — mainly because these alternatives aren’t as disruptive to their bottom lines. According to a recent post by CreditKarma.com, consumers can use these services to quickly lock or unlock access to credit inquiries, although some bureaus can take up to 48 hours. In contrast, they can take up to five business days to act on a freeze request, although in my experience the automated freeze process via the bureaus’ freeze sites has been more or less instantaneous (assuming the request actually goes through).

TransUnion and Equifax both offer free credit lock services, while Experian’s is free for 30 days and $19.99 for each additional month. However, TransUnion says those who take advantage of their free lock service agree to receive targeted marketing offers. What’s more, TransUnion also pushes consumers who sign up for its free lock service to subscribe to its “premium” lock services for a monthly fee with a perpetual auto-renewal.

Unsurprisingly, the bureaus’ use of the term credit lock has confused many consumers; this was almost certainly by design. But here’s one basic fact consumers should keep in mind about these lock services: Unlike freezes, locks are not governed by any law, meaning that the credit bureaus can change the terms of these arrangements when and if it suits them to do so.

If you have already signed up for credit monitoring services, placing a freeze on your file should not impact those services. However, it is generally not possible to sign up for new credit monitoring services once a freeze is in place. So if you wish to avail yourself of credit monitoring, it’s best to sign up before placing a freeze.

Many consumers erroneously believe that credit monitoring services will protect them from identity thieves. In truth, despite incessant marketing by the bureaus and others to the contrary, these services do not prevent thieves from using your identity to open new lines of credit, or from damaging your good name for years to come in the process. The most you can hope for is that credit monitoring services will alert you soon after an ID thief does steal your identity.

Credit monitoring services are principally useful in helping consumers recover from identity theft. Doing so often requires dozens of hours writing and mailing letters, and spending time on the phone contacting creditors and credit bureaus to straighten out the mess. In cases where identity theft leads to prosecution for crimes committed in your name by an ID thief, you may incur legal costs as well. Most of these services offer to reimburse you up to a certain amount for out-of-pocket expenses related to those efforts. But a better solution is to prevent thieves from stealing your identity in the first place by placing a freeze.

WHAT ELSE SHOULD YOU DO?

Freezing your credit file at the big three bureaus is a great start, but ID thieves can and do abuse other parts of the credit system to wreak havoc on consumers. Beyond the big three bureaus, Innovis is a distant fourth bureau that some entities use to check consumer creditworthiness. Fortunately, filing a freeze with Innovis also is free and relatively painless.

In addition, many wireless phone companies currently check consumer credit using a little-known credit reporting bureau operated by Equifax called the National Consumer Telecommunications and Utilities Exchange (NCTUE). Freezing your credit with Equifax won’t necessarily block inquiries to the NCTUE, but fortunately the NCTUE also offers a freeze process, as detailed in this story.

It’s a good idea to periodically order a free copy of your credit report. There are several forms of identity theft that probably will not be blocked by a freeze. But neither will they be blocked by a fraud alert or a credit lock. That’s why it’s so important to regularly review your credit file with the major bureaus for any signs of unauthorized activity.

By law, each of the three major credit reporting bureaus must provide a free copy of your credit report each year — but only if you request it via the government-mandated site annualcreditreport.com. The best way to take advantage of this right is to make a notation in your calendar to request a copy of your report every 120 days, to review the report and to report any inaccuracies or questionable entries when and if you spot them. Avoid other sites that offer “free” credit reports and then try to trick you into signing up for something else.

According to the Federal Trade Commission, having a freeze in place should not affect a consumer’s ability to obtain copies of their credit report from annualcreditreport.com.

It’s also a good idea to notify a company called ChexSystems to keep an eye out for fraud committed in your name. Thousands of banks rely on ChexSystems to verify customers that are requesting new checking and savings accounts, and ChexSystems lets consumers place a security alert on their credit data to make it more difficult for ID thieves to fraudulently obtain checking and savings accounts. For more information on doing that with ChexSystems, see this link.

Finally, ID thieves like to intercept offers of new credit and insurance sent via postal mail, so it’s a good idea to opt out of pre-approved credit offers. If you decide that you don’t want to receive prescreened offers of credit and insurance, you have two choices: You can opt out of receiving them for five years or opt out of receiving them permanently.

To opt out for five years: Call toll-free 1-888-5-OPT-OUT (1-888-567-8688) or visit optoutprescreen.com. The phone number and website are operated by the major consumer reporting companies. To complete your request for a permanent opt-out, you must return the signed Permanent Opt-Out Election form provided after you initiate your online request.

Source

image
By Waqas Mirai has been known as one of the most powerful botnets comprised of millions of hacked Internet of Things (IoT) devices including routers, digital video recorders (DVRs) and security cameras. Mirai was also used by hackers to carry out one of the largest DDoS attacks on the servers of DynDNS which ultimately disrupted high profile websites like […] This is a post from HackRead.com Read the original post: Hackers behind Mirai botnet to avoid jail for working with the FBI

Source

image
By Waqas At the moment, it is unclear how many Newegg customers have been impacted. The IT security researchers at RiskIQ and Volexity have announced that Newegg Inc., an online retailer of items including computer hardware and consumer electronics has become a victim of a cyber attack in which hackers have stolen credit card details of its customers. According to […] This is a post from HackRead.com Read the original post: Hackers target Newegg with “sophisticated malware”; steal credit card data

Source

Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “Mirai,” a potent malware strain used in countless attacks designed to knock Web sites offline — including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.

The men — 22-year-old Paras Jha Fanwood, New Jersey,  Josiah White, 21 of Washington, Pa., and Dalton Norman from Metairie, La. — were each sentenced to five years probation, 2,500 hours of community service, and ordered to pay $127,000 in restitution for the damage caused by their malware.

Mirai enslaves poorly secured “Internet of Things” (IoT) devices like security cameras, digital video recorders (DVRs) and routers for use in large-scale online attacks.

Not long after Mirai first surfaced online in August 2016, White and Jha were questioned by the FBI about their suspected role in developing the malware. At the time, the men were renting out slices of their botnet to other cybercriminals.

Weeks later, the defendants sought to distance themselves from their creation by releasing the Mirai source code online. That action quickly spawned dozens of copycat Mirai botnets, some of which were used in extremely powerful denial-of-service attacks that often caused widespread collateral damage beyond their intended targets.

A depiction of the outages caused by the Mirai attacks on Dyn, an Internet infrastructure company. Source: Downdetector.com.

The source code release also marked a period in which the three men began using their botnet for far more subtle and less noisy criminal moneymaking schemes, including click fraud — a form of online advertising fraud that costs advertisers billions of dollars each year.

In September 2016, KrebsOnSecurity was hit with a record-breaking denial-of-service attack from tens of thousands of Mirai-infected devices, forcing this site offline for several days. Using the pseudonym “Anna_Senpai,” Jha admitted to a friend at the time that the attack on this site was paid for by a customer who rented tens of thousands of Mirai-infected systems from the trio.

In January 2017, KrebsOnSecurity published the results of a four-month investigation into Mirai which named both Jha and White as the likely co-authors of the malware.  Eleven months later, the U.S. Justice Department announced guilty pleas by Jha, White and Norman.

Prior to Tuesday’s sentencing, the Justice Department issued a sentencing memorandum that recommended lenient punishments for the three men. FBI investigators argued the defendants deserved light sentences because they had provided the government “extraordinary cooperation” in identifying other cybercriminals engaged in related activity and helping to thwart massive cyberattacks on several companies.

Paras Jha, in an undated photo from his former LinkedIn profile.

The government said Jha was especially helpful, devoting hundreds of hours of work in helping investigators. According to the sentencing memo, Jha has since landed a part-time job at at a cybersecurity firm, although the government declined to name his employer.

However, Jha is not quite out of the woods yet: He has also admitted to using Mirai to launch a series of punishing cyberattacks against Rutgers University, where he was enrolled as a computer science student at the time. Jha is slated to be sentenced next week in New Jersey for those crimes.

The Mirai case was prosecuted out of Alaska because the lead FBI agent in the investigation, 36-year-old Special Agent Elliott Peterson, is stationed there. Peterson was able to secure jurisdiction for the case after finding multiple DVRs in Alaska infected with Mirai. Last week, Peterson traveled to Washington, D.C. to join several colleagues in accepting the FBI’s Director Award — the bureau’s highest honor — for the Mirai investigation.

Source

image
By Carolina It is quite unlikely that somebody would be naïve enough to upload a copy of a newly released movie on his Facebook page with his real name since this would lead the law enforcement straight to the person, that too, in no time. However, it seems that there is one such person and his name […] This is a post from HackRead.com Read the original post: California man may get 6 months in prison for uploading Deadpool on Facebook

Source

image
By Carolina AlphaBay was one of the largest dark web marketplaces – In 2017, its admin Alexandre Cazes committed suicide in a Thai prison. The Fresno Division of the U.S. District Court for the Eastern District of California has finally concluded a 14-month long civil forfeiture case and allowed seizure of property and assets of a Canadian national Alexandre Cazes […] This is a post from HackRead.com Read the original post: Dark Web: US court seizes assets and properties of deceased AlphaBay operator

Source

image
By Waqas Xbash is an “all in one” malware. Palo Alto Networks’ Unit 42 researchers have come to the conclusion that the notorious Xbash malware that has been attacking Linux and Windows servers is being operated by the Iron Group which is an infamous hacker collective previously involved in a number of cyber crimes involving the use […] This is a post from HackRead.com Read the original post: Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware

Source

image
By Uzair Amir The ransomware attack disrupted the screens for two days. In a nasty ransomware attack, flight information screens at the United Kingdom's Bristol airport were taken over and hijacked by malicious hackers on September 15th Friday morning. The ransomware attack forced the airport staff to go manual by using whiteboards and hand-written information to assist passengers regarding their […] This is a post from HackRead.com Read the original post: Hackers disrupt UK's Bristol Airport flight info screens after ransomware attack

Source