Lucene search
+L
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2021/05/05 12:27 p.m.43 views

Malicious Office 365 Apps Are the Ultimate Insiders

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organizations own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/28 8:47 p.m.43 views

Experian API Exposed Credit Scores of Most Americans

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/12 10:18 p.m.43 views

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app thats popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity firs...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/02/15 10:34 p.m.43 views

Bluetooth Overlay Skimmer That Blocks Chip

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/09/23 11:6 p.m.43 views

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but the...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/05/29 8:23 p.m.43 views

Career Choice Tip: Cybercrime is Mostly Boring

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/28 8:55 p.m.43 views

Would You Have Fallen for This Phone Scam?

You may have heard that today's phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn't know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on you...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/04/22 7:43 p.m.43 views

Who’s Behind the RevCode WebMonitor RAT?

The owner of a Swedish company behind a popular remote administration tool RAT implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million compute...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/01/05 8:38 p.m.43 views

Scary Chip Flaws Raise Spectre of Meltdown

Apple, Google, Microsoft and other tech giants have released updates for a pair of serious security flaws present in most modern computers, smartphones, tablets and mobile devices. Here's a brief rundown on the threat and what you can do to protect your devices. At issue are two different...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/11/15 2:25 p.m.43 views

R.I.P. root9B? We Hardly Knew Ya!

root9B Holdings, a company that many in the security industry consider little more than a big-name startup aimed at cashing in on the stock market's insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year. Founded ...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/08/10 3:40 p.m.43 views

Beware of Security by Press Release

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it "security by press release." It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor's product; members of the trade press uncritically republis...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/07/20 6:14 p.m.43 views

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

Following today's breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017. When U.S. authorities shuttered AlphaBay on July 5, poli...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/10 1:1 p.m.43 views

SSA.GOV To Require Stronger Authentication

The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In thi...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/08 6:5 p.m.42 views

500M Avira Antivirus Users Introduced to Cryptomining

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isnt alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/29 12:26 p.m.42 views

Task Force Seeks to Disrupt Ransomware Payments

Some of the worlds top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes. In a 81-page report delivered to the Biden...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/02/17 9:12 p.m.42 views

U.S. Indicts North Korean Hackers in Theft of $200 Million

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/09/17 10:3 p.m.42 views

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply chain" attacks to steal data from companies and...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/16 9:41 p.m.42 views

Who’s Behind Wednesday’s Epic Twitter Hack?

Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/23 5:27 p.m.42 views

When in Doubt: Hang Up, Look Up, & Call Back

Many security-conscious people probably think they'd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here's how one security and...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/18 2:4 p.m.42 views

Google to Fix Location Data Leak in Google Home, Chromecast

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/26 12:12 p.m.42 views

Who and What Is Coinhive?

Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive's computer code to be used on hacked Web sites to steal the processing power of its visitors' devices. This post looks at how Coinhive...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/01/24 10:56 p.m.42 views

Chronicle: A Meteor Aimed At Planet Threat Intel?

Alphabet Inc., the parent company of Google, said today it is in the process of rolling out a new service designed to help companies more quickly make sense of and act on the mountains of threat data produced each day by cybersecurity tools. Countless organizations rely on a hodgepodge of securit...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/11/20 2:25 p.m.42 views

Fund Targets Victims Scammed Via Western Union

If you, a friend or loved one lost money in a scam involving Western Union, some or all of those funds may be recoverable thanks to a more than half-billion dollar program set up by the U.S. Federal Trade Commission. In January 2017, Englewood, Colo.-based Western Union settled a case with the FT...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/18 8:23 p.m.42 views

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation's largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were ab...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/13 8:10 p.m.42 views

Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far

As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review ...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/03/14 9:13 p.m.41 views

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that it...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/12 5:17 a.m.41 views

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victims network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman know...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/09/17 1:22 a.m.41 views

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service DDoS attacks against Internet users and websites. Gatrels...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/08/25 10:20 p.m.41 views

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says hes confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware t...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/07/19 9:11 p.m.41 views

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups. But the ugly truth is there are many non-obvious reasons why victims...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/01/27 10:42 p.m.41 views

Arrest, Seizures Tied to Netwalker Ransomware

U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charg...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/01/19 6:39 p.m.41 views

New Charges Derail COVID Release for Hacker Who Aided ISIS

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/01/11 9:33 p.m.41 views

Ubiquiti: Change Your Password, Enable 2FA

Ubiquiti, a major vendor of cloud-enabled Internet of Things IoT devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/04 2:50 p.m.41 views

IRS to Make ID Protection PIN Open to All

The U.S. Internal Revenue Service IRS said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number IP PIN, a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PI...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/08/05 8:18 p.m.41 views

Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker

Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. 17-year-old Graham Clark of Tampa, Fla. was among those charged ...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/06/25 11:52 p.m.41 views

New Charges, Sentencing in Satori IoT Botnet Conspiracy

The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things IoT devices for use in large-scale distributed denial-of-service DDoS attacks. In addition, a...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/02/06 12:44 a.m.41 views

When Your Used Car is a Little Too ‘Mobile’

Many modern vehicles let owners use the Internet or a mobile device to control the car's locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here's the story of one former electric...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/08/29 5:59 p.m.41 views

Ransomware Bites Dental Data Backup Firm

PerCSoft, a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based PerCSoft is a cloud management provider...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/07 7:56 p.m.41 views

What’s Behind the Wolters Kluwer Tax Outage?

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/29 3:29 p.m.41 views

Happy 8th Birthday, KrebsOnSecurity!

Eight years ago today I set aside my Washington Post press badge and became an independent here at KrebsOnSecurity.com. What a wild ride it has been. Thank you all, Dear Readers, for sticking with me and for helping to build a terrific community. This past year KrebsOnSecurity published nearly 16...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/11/19 9:36 p.m.40 views

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victims funds via Zelle, a "peer-to-peer" P2P payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/20 9:46 p.m.40 views

Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. NYSE:IT -- a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry. Earlier this month, a reader pointed my...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/09/29 10:26 p.m.40 views

Who’s Behind Monday’s 14-State 911 Outage?

Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsofts Azure web services platform, which also was struggling with a widespread outage at the time. However,...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/29 7:46 p.m.40 views

Here’s Why Credit Card Fraud is Still a Thing

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Heres a look at the havoc tha...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/01 3:30 a.m.40 views

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/01/20 11:13 p.m.40 views

DDoS Mitigation Firm Founder Admits to DDoS

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service DDoS attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston, 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/12/16 2:8 p.m.40 views

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself "Evil Corp" and stole roughly $100 million from businesses and...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/30 1:47 p.m.40 views

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years. Marriott said the breach involved unauthorized access to a...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/09/28 7:36 p.m.40 views

Facebook Security Bug Affects 90M Users

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers hav...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/01/29 2:44 p.m.40 views

File Your Taxes Before Scammers Do It For You

Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can...

7AI score
Exploits0
Total number of security vulnerabilities1094