16 matches found
GHSA-MRRH-FWG8-R2C3
creationtimestamp| type| source ---|---|--- 2025-03-17 14:03:33+00:00| seen| https://infosec.exchange/users/briankrebs/statuses/114178143725238694 2025-03-17 14:04:29+00:00| seen| https://bsky.app/profile/briankrebs.infosec.exchange.ap.brid.gy/post/3lkld2jpff3t2...
Scams Based on Fake Google Emails
Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...
X.com Automatically Changing Link Text but Not URLs
Brian Krebs reported that X formerly known as Twitter started automatically changing twitter.com links to x.com links. The problem is: 1 it changed any domain name that ended with "twitter.com," and 2 it only changed the links appearance anchortext, not the underlying URL. So if you were a clever...
TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...
FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands
The U.S. Federal Bureau of Investigation FBI on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus,...
Attack against Florida Water Treatment Facility
A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide -- thats lye -- by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadnt noticed the...
Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested
A hacker accused of selling hundreds of millions of stolen credentials from last year’s “Collection 1” data dump on the dark web has been arrested in the Ukraine. The Security Service of Ukraine SSU took into custody a threat actor known as “Sanix,” who they claim posted 773 million e-mail...
Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats
A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was "Feds Can't Touch Us" pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.'s National Crime Agency NCA arrested Hertfordshire resident George...
Reasonably Clever Extortion E-mail Based on Password Theft
Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn site. The...
Details on the Mirai Botnet Authors
Brian Krebs has a long article on the Mirai botnet authors, who pled guilty...
Breach Forces Password Change on Oracle MICROS PoS Customers
Oracle is alerting customers it found malicious code in some of its MICROS point-of-sale systems and is requiring they change account passwords. The security measures come on the heels of reports the world’s No. 3 PoS service succumbed to a security breach perpetrated by the Carbanak gang. The...
Image of the Day: SpamIt, Glavmed Models
Today’s image of the day comes from Brian Krebs’s blog, KrebsonSecurity. The image illustrates how Glavmed and other alleged players in the global spam game operate, and is part of a larger exposition of the Spamit operation that was reportedly shut down sometime last year as detailed by Krebs on...
Image of the Day: Mapping E-banking Fraud
We spend our days combing the ‘Net for interesting security happenings and also noting the great work that other reporters and researchers are doing on the security front. Usually that means traditional reporting work: pulling together information from a bunch of different sources, digging for...
Researchers Discover New ACH Banker Trojan
Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S. The Trojan, dubbed “Bugat,” targets Automated Clearing House ACH and wire transfer transactions by small- and mid-sized business in the U.S., muc...
Another Look at ATM Skimmers
Brian Krebs talks with Rick Doten, chief scientist at Lockheed Martin’s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks. Read the full article. KrebsonSecurity...
A Closer Look At ATM Skimmers
Security reporter Brian Krebs goes visual with ATM skimmers, asking readers to look at images and see if they would be able to tell the difference between a real ATM card reader and actual skimming devices. Read the full article. KrebsonSecurity.com...