It’s Still Easy for Anyone to Become You at Experian

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account.


ID Theft Service Resold Access to USInfoSearch Data

Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American. For prices ranging from $8 to $40 and payable via virtual currency, the bot will return detailed consumer background reports automatically in just a few moments.


RSAC Fireside Chat: Dealing with the return of computing workloads to on-premises datacenters

A cloud migration backlash, of sorts, is playing out. Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures. However, a “back-migration,” as Michiel De Lepper, global enablement manager, at London-based Runecast, puts it, is also ramping up. This is because certain workloads are proving to be too costly to run in the cloud — resource-intensive AI modeling being the prime example.


SolarWinds Ruling: Why CISOs Need to be Aware of Fraud

The U.S. Securities and Exchange Commission in late October charged SolarWinds and its CISO with fraud and internal control failures. Many organizations are reckless in making statements to the market to preserve their company's stock prices, not realizing the potential for regulatory action, said Paul Dunlop, COO at Fraud Doctor, and Steve Hindle, founder of Achilles Shield.


How AI is changing ransomware and how you can adapt to stay protected

As artificial intelligence (AI) technology continues to evolve, cybercriminals are beginning to explore the full potential of these advances. Previously, some of the gating factors of ransomware were around the expertise and volume of work required to launch a successful attack. Even though ransomware-as-a-service (RaaS) existed where some or all the ransomware attack could be jobbed out to a ransomware provider, that meant a would-be ransomware attacker would have to trust another criminal, the RaaS provider. For ransomware attackers that were able to do the work themselves, there was a lot of manual work required, which limited the scope, effectiveness, and volume of the attacks. With AI in the picture, many of these limitations are lifted.