1094 matches found
Will the Real Joker’s Stash Come Forward?
For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known...
Name+DOB+SSN=FAFSA Data Gold Mine
KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most...
Simple Banking Security Tip: Verbal Passwords
There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers SSN/DOB that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn't acceptable for institutions that held significant chunks of our...
USPS ‘Informed Delivery’ Is Stalker’s Dream
A free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service's potential for misuse by private investigators, identity thieves, stalkers...
Breach at Sabre Corp.’s Hospitality Unit
Breaches involving major players in the hospitality industry continue to pile up. Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and oth...
The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence
Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a...
Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System...
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ransomware victims who didnt pay, LockBits vict...
$10M Is Yours If You Can Get This Guy to Leave Russia
The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime undergrounds most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkovs card-checking service...
Hacked Ring Cams Used to Record Swatting Victims
Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then "swatting" them -- falsely reporting a violent incident at the targets address to trick local police into responding with force. Prosecutor...
Top Zeus Botnet Suspect “Tank” Arrested in Geneva
Vyacheslav "Tank" Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian...
Ransom Gangs Emailing Victim Customers for Leverage
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victims customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up...
All Aboard the Pequod!
Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nations capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For...
Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack
R1 RCM Inc. NASDAQ:RCM, one of the nations largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at...
Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity
In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly...
Security Breach Disrupts Fintech Firm Finastra
Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company's public statement and notice to customers does not mention the cause of the outage, but their...
A Year Later, Cybercrime Groups Still Rampant on Facebook
Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by...
MolinaHealthcare.com Exposed Patient Records
Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare...
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers --...
Alleged ‘Scattered Spider’ Member Extradited to U.S.
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators...
Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later -- while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who...
How 1-Time Passcodes Became a Corporate Liability
Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the worlds largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a...
SolarWinds Hack Could Affect 18K Customers
The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affecte...
Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company
Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that th...
Business ID Theft Soars Amid COVID Closures
Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly...
E-Verify’s “SSN Lock” is Nothing of the Sort
One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A k...
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware
Fresenius, Europe's largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its...
Sipping from the Coronavirus Domain Firehose
Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities...
Annual Protest to ‘Fight Krebs’ Raises €150K+
In 2018, KrebsOnSecurity unmasked the creators of Coinhive -- a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals -- as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of...
Russians Shut Down Huge Card Fraud Ring
Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data...
Russian Cybercrime Boss Burkov Pleads Guilty
Aleksei Burkov, an ultra-connected Russian hacker once described as "an asset of supreme importance" to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the mo...
Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside th...
Are Your Google Groups Leaking Data?
Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who've been busy cataloging thousands of companies that are usi...
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
An employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models LLMs which appear to have been custom made for working with internal data from Musk's companies, includin...
It’s Still Easy for Anyone to Become You at Experian
In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly h...
Russian Reshipping Service ‘SWAT USA Drop’ Exposed
The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Heres a closer look at the Russia-based SWAT USA Drop Service,...
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’
WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence AI to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be used...
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource.com, a service that sold access to billions of passwords a...
3CX Breach Was a Double Supply Chain Compromise
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening...
Russia Sanctions May Spark Escalating Cyber Conflict
President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies,...
Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams
Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars. Bernards latest victim -- a Norwegian company hoping to build a fleet of environmentally...
Who Wrote the ALPHV/BlackCat Ransomware Strain?
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV a.k.a. "BlackCat", considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, well explore some of the clues left behind b...
IRS Will Soon Require Selfies for Online Access
If you created an online account to manage your tax records with the U.S. Internal Revenue Service IRS, those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification...
Tech CEO Pleads to Wire Fraud in IP Address Scheme
The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol IP addresses from the nonprofit organization that leases the digital real estate to entities in...
Gift Card Gang Extracts Cash From 100k Inboxes Daily
Some of the most successful and lucrative online scams employ a "low-and-slow" approach -- avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Heres the story of a cybercrime group that compromis...
How Does One Get Hired by a Top Cybercrime Gang?
The U.S. Department of Justice DOJ last week announced the arrest of a 55-year-old Latvian woman whos alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how di...
International Action Targets Emotet Crimeware
Authorities across Europe on Tuesday said theyd seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections...
Patch Tuesday, Good Riddance 2020 Edition
Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsofts most-dire "critical" label, meaning they can be abused by malware or miscreants to...
The Joys of Owning an ‘OG’ Email Account
When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable...
This Service Helps Malware Authors Fix Flaws in their Code
Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize...