Anthony Quitugua

Tyler Barriss, 25, went by the nickname SWAuTistic on Twitter, and reveled in perpetrating “swatting” attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb threats, with the intention of prompting a heavily-armed police response to the location of the claimed incident.

SMS Phishing + Cardless ATM = Profit

November 7, 2018 by Anthony Quitugua 2 Comments

https://krebsonsecurity.com/2018/11/sms-phishing-cardless-atm-profit/

Many of you may have seen the commercials with bank customers accessing ATM’s with just their phones. All it takes is a debit card added to a digital wallet and an NFC capable ATM. Well, it didn’t take long for the fraudsters to exploit this new fraud channel. This is a good article detailing one of the methods they use to accomplish this. Let me emphasize that this is only one of many methods they can use.

Peek Inside a Professional Carding Shop

October 24, 2018 by Anthony Quitugua 1 Comment

This is a great synopsis of how fraudsters buy and sell stolen credit car credentials. It’s a good read, and kind of scary when you see how easy and well organized they are.

https://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/

The Cybersecurity World Is Debating WTF Is Going on With Bloomberg’s Chinese Microchip Stories

October 10, 2018 by Anthony Quitugua 2 Comments

https://motherboard.vice.com/en_us/article/qv9npv/bloomberg-china-supermicro-apple-hack

No one is really sure who to believe after Businessweek’s bombshell story on an alleged Chinese supply chain attack against Apple, Amazon, and others.

THE FACEBOOK SECURITY MELTDOWN EXPOSES WAY MORE SITES THAN FACEBOOK

October 3, 2018 by Anthony Quitugua 1 Comment

https://www.wired.com/story/facebook-security-breach-third-party-sites/

FACEBOOK revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook.

“The access token enables someone to use the account as if they were the account holder themselves. This does mean they could access other third-party apps using Facebook login,” Guy Rosen, Facebook’s vice president of product, said in a call with reporters Friday. “Developers who used Facebook login will be able to detect those access tokens have been reset.”

U.S. Mobile Giants Want to be Your Online Identity

September 26, 2018 by Anthony Quitugua 2 Comments

https://krebsonsecurity.com/2018/09/u-s-mobile-giants-want-to-be-your-online-identity/

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.

Considering these firms have not had such a great track record in safeguarding customer information and accounts…this probably is not the best idea.