Lucene search
K
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2017/11/02 2:4 p.m.40 views

Equifax Reopens Salary Lookup Service

Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person's Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, a...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/10/12 9:3 p.m.40 views

Equifax Credit Assistance Site Served Spyware

Big-three consumer credit bureau Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe's Flash Player software. Image: Randy-abrams.blogspot.com On Wednesday, security expert and blogger...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/09 6:14 p.m.40 views

Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually released an emergency update on Monday just hours ahead of today's regularly scheduled "Patch Tuesday" the 2nd Tuesday of each month to fix a dangerous flaw present in most...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/06/15 11:40 p.m.39 views

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/02/28 4:14 p.m.39 views

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/09/23 1:53 p.m.39 views

Indictment, Lawsuits Revive Trump-Alfa Bank Story

In October 2016, media outlets reported that data collected by some of the worlds most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russias largest financial institutions. Those...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/08/18 4:24 p.m.39 views

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and drivers license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after million...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/15 1:5 p.m.39 views

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo.com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/08/21 8:34 p.m.39 views

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA on Thursday issued a joint alert to warn about the growing threat from voice phishing or "vishing" attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity publishe...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/02/04 11:5 p.m.39 views

Booter Boss Busted By Bacon Pizza Buy

A Pennsylvania man who operated one of the Internet's longest-running online attack-for-hire or "booter" services was sentenced to five years probation today. While the young man's punishment was heavily tempered by his current poor health, the defendant's dietary choices may have contributed to...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/01/28 8:12 p.m.39 views

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/11/25 4:40 p.m.39 views

Hidden Cam Above Bluetooth Pump Skimmer

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I'd never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/07/24 1:38 p.m.39 views

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/22 4:5 p.m.39 views

Mobile Giants: Please Don’t Share the Where

Your mobile phone is giving away your approximate location all day long. This isn't exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers i...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/06/17 2:7 p.m.39 views

Credit Card Breach at Buckle Stores

The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data. The disclosure came hours after KrebsOnSecurity contacted the company regarding reports from...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/10/31 8:53 p.m.38 views

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims...

0.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/11 5:45 p.m.38 views

It Might Be Our Data, But It’s Not Our Breach

Image: Shutterstock. A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firms analysis of the data suggests it corresponds to...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/09/29 12:22 p.m.38 views

The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords OTPs that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitor...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/10/26 11:54 p.m.38 views

Google Mending Another Crack in Widevine

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management DRM technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/19 6:3 p.m.38 views

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, the four major wireless carriers have responded to requests from a U.S. senator for more details about how the carriers are managing acce...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/09/21 3:35 a.m.38 views

Equifax Breach: Setting the Record Straight

Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/03/03 1:33 a.m.37 views

Highlights from the New U.S. Cybersecurity Strategy

The Biden administration today issued its vision for beefing up the nations collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White Houses new national cybersecurity strate...

Exploits0
Krebs on Security
Krebs on Security
added 2021/06/23 12:49 p.m.37 views

How Cyber Sleuths Cracked an ATM Shimmer Gang

In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldnt decrypt the data on the devices. This is...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/06/18 12:20 p.m.37 views

First American Financial Pays Farcical $500K Fine

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF was leaking more than 800 million documents -- many containing sensitive financial data -- related to real estate transactions dating back 16 years. This week, the U.S...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/02 4:29 p.m.37 views

Account Hijacking Site OGUsers Hacked, Again

For at least the third time in its existence, OGUsers -- a forum overrun with people looking to buy, sell and trade access to compromised social media accounts -- has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak i...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/11/18 4:2 p.m.37 views

Trump Fires Security Chief Christopher Krebs

President Trump on Tuesday fired his top election security official Christopher Krebs no relation. The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud. Chris Krebs. Image: CISA. Krebs, 43, is a former Microsof...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/11/09 4:58 a.m.37 views

Body Found in Canada Identified as Neo-Nazi Spam King

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports. Homicide detectives said they...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/09/25 1:21 p.m.37 views

Who is Tech Investor John Bernard?

John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to hi...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/06/07 4:2 p.m.37 views

Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service

The co-owners of vDOS, a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service DDoS attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/06/02 6:4 p.m.37 views

REvil Ransomware Gang Starts Auctioning Victim Data

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up -- and publicly shaming those who don't. But it may also signal that...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/15 3:28 p.m.37 views

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it's helping hospitals avoid becoming the next ransomware...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/17 10:11 p.m.37 views

Coronavirus Widens the Money Mule Pool

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable "money mules" -- people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here's the...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/23 9:18 p.m.37 views

Transcription Service Leaked Medical Records

MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records -- apparently for thousands of...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/02 9:37 p.m.37 views

Panerabread.com Leaks Millions of Customer Records

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records -- including names, email and physical addresses, birthdays and the last four digits of the customer's credit card number -- for at least eight months...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/02/06 2:53 p.m.37 views

Would You Have Spotted This Skimmer?

When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it's difficult not to inspect or even pull on these machines when you're forced to use them personally -- half expecting something will come detached. For those unfamiliar with the...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/01/02 5:15 p.m.37 views

Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes

The individual who allegedly made a fake emergency call to Kansas police last week that summoned them to shoot and kill an unarmed local man has claimed credit for raising dozens of these dangerous false alarms -- calling in bogus hostage situations and bomb threats at roughly 100 schools and at...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/09/12 10:2 p.m.37 views

Ayuda! (Help!) Equifax Has My Data!

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may n...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/13 9:43 p.m.36 views

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This months bundle of update joy from Redmond includes patches for...

8.8CVSS8.1AI score0.39196EPSS
Exploits5
Krebs on Security
Krebs on Security
added 2024/03/11 4:19 p.m.36 views

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/03/08 1:2 p.m.36 views

A Close Up Look at the Consumer Data Broker Radaris

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/09/27 11:48 a.m.36 views

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/09/19 2:12 a.m.36 views

Who’s Behind the 8Base Ransomware Website?

The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/09/06 12:21 a.m.36 views

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people...

7.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/12/08 11:27 p.m.36 views

Canada Charges Its “Most Prolific Cybercriminal”

A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as "the most prolific cybercriminal weve...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/23 6:1 p.m.36 views

Phish Leads to Breach at Calif. State Controller

A phishing attack last week gave attackers access to email and files at the California State Controllers Office SCO, an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/10/29 12:43 a.m.36 views

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the Unit...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/08/26 6:39 p.m.36 views

Confessions of an ID Theft Kingpin, Part I

At the height of his cybercriminal career, the hacker known as "Hieupc" was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the worlds top data brokers. That is, until his greed and ambition played straight into an elaborate snare se...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/08/19 1:55 p.m.36 views

Voice Phishers Targeting Corporate VPNs

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level,...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/02 1:10 a.m.36 views

Ransomware Gangs Don’t Need PR Help

We've seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/06/18 10:7 p.m.36 views

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

An information technology specialist at the Federal Emergency Management Agency FEMA was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center UPMC in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the...

6.7AI score
Exploits0
Total number of security vulnerabilities1094