Lucene search
K
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2018/05/29 4:33 p.m.36 views

Will the Real Joker’s Stash Come Forward?

For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/11/24 12:55 p.m.36 views

Name+DOB+SSN=FAFSA Data Gold Mine

KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/11/06 4:53 p.m.36 views

Simple Banking Security Tip: Verbal Passwords

There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers SSN/DOB that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn't acceptable for institutions that held significant chunks of our...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/10/02 4:32 p.m.36 views

USPS ‘Informed Delivery’ Is Stalker’s Dream

A free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service's potential for misuse by private investigators, identity thieves, stalkers...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/02 6:41 p.m.36 views

Breach at Sabre Corp.’s Hospitality Unit

Breaches involving major players in the hospitality industry continue to pile up. Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and oth...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/04/24 4:37 p.m.36 views

The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence

Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/12/11 1:53 a.m.35 views

Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System...

9.8CVSS8.2AI score0.70906EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2024/02/20 5:9 p.m.35 views

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didnt pay, LockBits vict...

7.5CVSS6.4AI score0.08003EPSS
Exploits3
Krebs on Security
Krebs on Security
added 2023/05/05 1:50 a.m.35 views

$10M Is Yours If You Can Get This Guy to Leave Russia

The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime undergrounds most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkovs card-checking service...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/12/20 1:24 a.m.35 views

Hacked Ring Cams Used to Record Swatting Victims

Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then "swatting" them -- falsely reporting a violent incident at the targets address to trick local police into responding with force. Prosecutor...

0.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/15 3:38 p.m.35 views

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Vyacheslav "Tank" Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian...

Exploits0
Krebs on Security
Krebs on Security
added 2021/04/05 9:38 p.m.35 views

Ransom Gangs Emailing Victim Customers for Leverage

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victims customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/01/07 8:18 p.m.35 views

All Aboard the Pequod!

Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nations capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/08/14 6:56 p.m.35 views

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

R1 RCM Inc. NASDAQ:RCM, one of the nations largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/06/09 5:5 p.m.35 views

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/20 4:52 p.m.35 views

Security Breach Disrupts Fintech Firm Finastra

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company's public statement and notice to customers does not mention the cause of the outage, but their...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/04/08 7:39 p.m.35 views

A Year Later, Cybercrime Groups Still Rampant on Facebook

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/25 6:8 p.m.35 views

MolinaHealthcare.com Exposed Patient Records

Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/05/12 9:46 p.m.34 views

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers --...

9.8CVSS6.3AI score0.72253EPSS
Exploits36
Krebs on Security
Krebs on Security
added 2025/04/30 9:54 p.m.34 views

Alleged ‘Scattered Spider’ Member Extradited to U.S.

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/09 5:36 p.m.34 views

Lamborghini Carjackers Lured by $243M Cyberheist

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later -- while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/30 2:53 p.m.34 views

How 1-Time Passcodes Became a Corporate Liability

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the worlds largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a...

7.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/15 5:41 p.m.34 views

SolarWinds Hack Could Affect 18K Customers

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affecte...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/10 5:45 p.m.34 views

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that th...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/27 10:50 p.m.34 views

Business ID Theft Soars Amid COVID Closures

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/04 10:24 p.m.34 views

E-Verify’s “SSN Lock” is Nothing of the Sort

One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A k...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/05/06 1:20 p.m.34 views

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Fresenius, Europe's largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/16 4:23 p.m.34 views

Sipping from the Coronavirus Domain Firehose

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/30 5:42 p.m.34 views

Annual Protest to ‘Fight Krebs’ Raises €150K+

In 2018, KrebsOnSecurity unmasked the creators of Coinhive -- a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals -- as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/26 5:28 p.m.34 views

Russians Shut Down Huge Card Fraud Ring

Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/01/27 6:21 p.m.34 views

Russian Cybercrime Boss Burkov Pleads Guilty

Aleksei Burkov, an ultra-connected Russian hacker once described as "an asset of supreme importance" to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the mo...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/09/27 8:45 p.m.34 views

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside th...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/01 2:29 p.m.34 views

Are Your Google Groups Leaking Data?

Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who've been busy cataloging thousands of companies that are usi...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/05/02 12:52 a.m.33 views

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

An employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models LLMs which appear to have been custom made for working with internal data from Musk's companies, includin...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/11 5:59 p.m.33 views

It’s Still Easy for Anyone to Become You at Experian

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly h...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/02 7:55 p.m.33 views

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Heres a closer look at the Russia-based SWAT USA Drop Service,...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/08/08 5:37 p.m.33 views

Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence AI to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be used...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/07/18 2:57 p.m.33 views

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource.com, a service that sold access to billions of passwords a...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/04/21 1:5 a.m.33 views

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/02/25 7:10 p.m.33 views

Russia Sanctions May Spark Escalating Cyber Conflict

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies,...

0.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/29 6:5 p.m.33 views

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars. Bernards latest victim -- a Norwegian company hoping to build a fleet of environmentally...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/28 1:18 p.m.33 views

Who Wrote the ALPHV/BlackCat Ransomware Strain?

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV a.k.a. "BlackCat", considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, well explore some of the clues left behind b...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/19 5:15 p.m.33 views

IRS Will Soon Require Selfies for Online Access

If you created an online account to manage your tax records with the U.S. Internal Revenue Service IRS, those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/11/17 11:56 p.m.33 views

Tech CEO Pleads to Wire Fraud in IP Address Scheme

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol IP addresses from the nonprofit organization that leases the digital real estate to entities in...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/09/02 4:40 p.m.33 views

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Some of the most successful and lucrative online scams employ a "low-and-slow" approach -- avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Heres the story of a cybercrime group that compromis...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/06/15 3:41 p.m.33 views

How Does One Get Hired by a Top Cybercrime Gang?

The U.S. Department of Justice DOJ last week announced the arrest of a 55-year-old Latvian woman whos alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how di...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/01/27 2:20 p.m.33 views

International Action Targets Emotet Crimeware

Authorities across Europe on Tuesday said theyd seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/08 11:47 p.m.33 views

Patch Tuesday, Good Riddance 2020 Edition

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsofts most-dire "critical" label, meaning they can be abused by malware or miscreants to...

8.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/09/03 1:8 a.m.33 views

The Joys of Owning an ‘OG’ Email Account

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/05/18 3:31 p.m.33 views

This Service Helps Malware Authors Fix Flaws in their Code

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize...

7.4AI score
Exploits0
Total number of security vulnerabilities1094