1094 matches found
Does Your Organization Have a Security.txt File?
It happens all the time: Organizations get hacked because there isnt an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isnt entirely clear who should get the report when remote access to an organizations internal network is being so...
RedTorch Formed from Ashes of Norse Corp.
Remember Norse Corp., the company behind the interactive "pew-pew" cyber attack map shown in the image below? Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. Now, the founders of Norse have launched a new company with a somewhat different...
Checkout Skimmers Powered by Chip Cards
Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminals chip reader slot. What enables these skimmers to be so slim? They draw their power...
The Hidden Cost of Ransomware: Wholesale Password Theft
Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind the...
Man Who Hired Deadly Swatting Gets 15 Months
An Ohio teen who recruited a convicted serial "swatter" to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison. Image: FBI.gov "Swatting" is a dangerous hoax that involves making false claims to emergency responders about...
That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card detail...
Beware of Hurricane Florence Relief Scams
If you're thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability fo...
In a Few Days, Credit Freezes Will Be Fee-Free
Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you've been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or...
A Sobering Look at Fake Online Reviews
In 2016, KrebsOnSecurity exposed a network of phony Web sites and fake online reviews that funneled those seeking help for drug and alcohol addiction toward rehab centers that were secretly affiliated with the Church of Scientology. Not long after the story ran, that network of bogus reviews...
Skyrocketing Bitcoin Fees Hit Carders in Wallet
Critics of unregulated virtual currencies like Bitcoin have long argued that the core utility of these payment systems lies in facilitating illicit commerce, such as buying drugs or stolen credit cards and identities. But recent spikes in the price of Bitcoin -- and the fees associated with movin...
New Bill Seeks Basic IoT Security Standards
Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government's purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceive...
Patch Tuesday, October 2024 Edition
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new...
Adventures in Contacting the Russian FSB
KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service FSB, the Russian equivalent of the U.S. Federal Bureau of Investigation FBI. In the process of doing so, I encountered a small snag: The FSBs website said in order to communicate with them securely, I needed to...
Are You One of the 533M People Who Got Facebooked?
Neer-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove...
Payroll/HR Giant PrismHR Hit by Ransomware?
PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles...
How $100M in Jobless Claims Went to Inmates
The U.S. Labor Departments inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. Thats a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identi...
SolarWinds: What Hit Us Could Hit Others
New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the companys software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. Mo...
Two Russians Charged in $17M Cryptocurrency Phishing Spree
U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges...
Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims
A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a...
Tech Support Scam Uses Child Porn Warning
A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient's Windows license will be suspended unless they call an "MS Support"...
‘War Dialing’ Tool Exposes Zoom’s Password Problems
As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there's a decent chance your next Zoom meeting could be "Zoom bombed" -- attended or...
The Web’s Bot Containment Unit Needs Your Help
Anyone who's seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace:...
Crafty Web Skimming Domain Spoofs “https”
Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new...
French Firms Rocked by Kasbah Hacker?
A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of...
Ransomware Bites 400 Veterinary Hospitals
National Veterinary Associates NVA, a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient...
Expert: IoT Botnets the Work of a ‘Vast Minority’
In December 2017, the U.S. Department of Justice announced indictments and guilty pleas by three men in the United States responsible for creating and using Mirai, a malware strain that enslaves poorly-secured "Internet of Things" or IoT devices like security cameras and digital video recorders f...
Website Glitch Let Me Overstock My Coinbase
Coinbase and Overstock.com just fixed a serious glitch that allowed Overstock customers to buy any item at a tiny fraction of the listed price. Potentially more punishing, the flaw let anyone paying with bitcoin reap many times the authorized bitcoin refund amount on any canceled Overstock orders...
Beware of Hurricane Harvey Relief Scams
U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be especially wary of scam artists. In years past we've seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an...
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov , a...
Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed...
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.
The FBIs takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a...
Another 0-Day Looms for Many Western Digital Users
Some of Western Digitals MyCloud-based data storage devices. Image: WD. Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown...
Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang
The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide, a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying...
Sealed U.S. Court Records Exposed in SolarWinds Breach
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the...
Hamas May Be Threat to 8chan, QAnon Online
In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers...
QAnon/8Chan Sites Briefly Knocked Offline
A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun -- a controversial online image board linked to several mass shootings -- and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic...
Breached Data Indexer ‘Data Viper’ Hacked
Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion...
Zyxel 0day Affects its Firewall Products, Too
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage NAS devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its...
U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack
The U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army PLA accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four...
Does Your Domain Have a Registry Lock?
If you're running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company's domain name and doing whatever they wish with it. Even so, most major Web site owners aren't taking full advantage of the security tools available to protect their...
The Year Targeted Phishing Went Mainstream
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells the second most-read piece here was my 2015 scoo...
Human Resources Firm ComplyRight Breached
Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's thousand...
Kansas Man Killed In ‘SWATting’ Attack
A 28-year-old Kansas man was shot and killed by police officers on the evening of Dec. 28 after someone fraudulently reported a hostage situation ongoing at his home. The false report was the latest in a dangerous hoax known as "swatting," wherein the perpetrator falsely reports a dangerous...
Got Robocalled? Don’t Get Mad; Get Busy.
Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who...
Patch Tuesday, May 2025 Edition
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesse...
Microsoft Patch Tuesday, February 2025 Edition
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow...
CISA Order Highlights Persistent Risk at Network Edge
The U.S. government agency in charge of improving the nations cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely...
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration DEA says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment...
Investment Scammer John Davies Reinvents Himself?
John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell...
Malicious Office 365 Apps Are the Ultimate Insiders
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organizations own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free...