Lucene search
K
KrebsMost viewed

1094 matches found

Krebs on Security
Krebs on Security
added 2023/01/20 4:9 a.m.20 views

New T-Mobile Breach Affects 37 Million Accounts

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately ...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/16 5:32 p.m.20 views

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/06/07 2:58 p.m.20 views

KrebsOnSecurity in New Netflix Series on Cybercrime

Netflix has a new documentary series airing next week -- "Web of Make Believe: Death, Lies & the Internet" -- in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of "swatting" -- wherein fake bomb threats or hostage...

Exploits0
Krebs on Security
Krebs on Security
added 2022/04/07 10:3 p.m.20 views

Actions Target Russian Govt. Botnet, Hydra Dark Market

The U.S. Federal Bureau of Investigation FBI says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the...

1.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/04/06 5:55 p.m.20 views

The Original APT: Advanced Persistent Teenagers

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for...

Exploits0
Krebs on Security
Krebs on Security
added 2022/03/17 10:33 p.m.20 views

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand with Ukraine" messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to...

Exploits0
Krebs on Security
Krebs on Security
added 2022/01/06 5:26 p.m.20 views

Norton 360 Now Comes With a Cryptominer

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers computers. Nortons parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme -- in which the company...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/10/25 7:49 p.m.20 views

Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Contis malware who refuse to negotiate a ransom payment are added to Contis victim shaming blog, where confidential files stolen from victims may be published or sold. But someti...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/10/01 3:9 p.m.20 views

FCC Proposal Targets SIM Swapping, Port-Out Fraud

The U.S. Federal Communications Commission FCC is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a targets mobile phone number and use that to wrest control over the victims online...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/08 4:5 p.m.20 views

A Basic Timeline of the Exchange Mass-Hack

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromise...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/10/02 6:20 p.m.20 views

Attacks Aimed at Disrupting the Trickbot Botnet

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/10/01 4:36 p.m.20 views

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock ...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/26 4:18 p.m.20 views

Why Is Your Location Data No Longer Private?

The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of these consumer privacy debacles, many are lef...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/07/27 11:8 a.m.20 views

Gas Pump Skimmer Sends Card Data Via Text

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detecte...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/06/18 5:37 p.m.19 views

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botn...

5.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/07/09 12:53 a.m.19 views

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they...

9.8CVSS8.2AI score0.2188EPSS
Exploits1
Krebs on Security
Krebs on Security
added 2025/04/23 8:45 p.m.19 views

DOGE Worker’s Code Supports NLRB Whistleblower

A whistleblower at the National Labor Relations Board NLRB alleged last week that denizens of Elon Musk's Department of Government Efficiency DOGE siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/12/11 9:38 p.m.19 views

How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/15 10:38 p.m.19 views

NationalPublicData.com Hack Exposes a Nation’s Data

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/05/07 5:36 p.m.19 views

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attac...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/01/25 6:38 p.m.19 views

Using Google Search to Find Software Can Be Risky

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/28 3:57 p.m.19 views

ID Theft Service Resold Access to USInfoSearch Data

One of the cybercrime undergrounds more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/10/20 6:39 p.m.19 views

Hackers Stole Access Tokens from Okta’s Support Unit

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/06/29 6:30 p.m.19 views

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Nikita Kislitsin, formerly the head of network security for one of Russias top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsins prosecution could soon put the Kazakhstan government in a...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/06/06 8:9 p.m.19 views

Service Rents Email Addresses for Account Signups

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/03/31 6:35 p.m.19 views

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/18 3:27 p.m.19 views

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives -- which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction -- state that the users account is about to ...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/04 3:41 p.m.19 views

Scammers Sent Uber to Take Elderly Lady to the Bank

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/03/01 8:50 p.m.19 views

Conti Ransomware Group Diaries, Part I: Evasion

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/02/10 1:34 a.m.19 views

Russian Govt. Continues Carding Shop Crackdown

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown -- the second closure of major card fraud shops by Russian authorities in as many weeks -- comes closely behind Russias arrest of 14 alleged...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/11/10 9:12 p.m.19 views

SMS About Bank Fraud as a Pretext for Voice Phishing

Most of us have probably heard the term "smishing" -- which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turnin...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/10/16 12:35 p.m.19 views

Krebs Given ISSA’s ‘President’s Award’

KrebsOnSecurity was honored this month with the 2017 President's Award for Public Service from the Information Systems Security Association, a nonprofit organization for cybersecurity professionals. The award recognizes an individual's contribution to the information security profession in the ar...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/06/06 12:12 p.m.19 views

Following the Money Hobbled vDOS Attack-for-Hire Service

A new report proves the value of following the money in the fight against dodgy cybercrime services known as "booters" or "stressers" -- virtual hired muscle that can be rented to knock nearly any website offline. Last fall, two 18-year-old Israeli men were arrested for allegedly running vDOS,...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/03/08 1:20 a.m.18 views

Feds Link $150M Cyberheist to 2022 LastPass Hacks

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U....

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/11/21 8:13 p.m.18 views

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visu...

7.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/09/26 2:54 p.m.18 views

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker 's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/19 4:23 p.m.18 views

National Public Data Published Its Own Passwords

New details are emerging about a breach at National Public Data NPD, a consumer data broker that recently spilled hundreds of millions of Americans Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the sam...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/07 7:1 p.m.18 views

Cybercrime Rapper Sues Bank over Fraud Investigation

A partial selfie posted by Punchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/07/12 6:12 p.m.18 views

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/05/21 4:21 p.m.18 views

Why Your Wi-Fi Router Doubles as an Apple AirTag

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly...

6.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/03/28 11:56 p.m.18 views

Thread Hijacking: Phishes That Prey on Your Curiosity

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipients natural curiosity about being copied on a private discussion, whic...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/02/29 10:18 p.m.18 views

Fulton County, Security Experts Call LockBit’s Bluff

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton Countys listing from its victim shaming website this morning, claiming the county had...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/01/10 1:39 p.m.18 views

Here’s Some Bitcoin: Oh, and You’ve Been Served!

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/12/14 5:51 p.m.18 views

Ten Years Later, New Clues in the Target Breach

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/05/26 4:37 p.m.18 views

Phishing Domains Tanked After Meta Sued Freenom

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/05/09 2:5 p.m.18 views

Feds Take Down 13 More DDoS-for-Hire Services

The U.S. Federal Bureau of Investigation FBI this week seized 13 domain names connected to "booter" services that let paying customers launch crippling distributed denial-of-service DDoS attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/04/18 8:59 p.m.18 views

Giving a Face to the Malware Proxy Service ‘Faceless’

For the past seven years, a malware-based proxy service known as "Faceless" has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/03/15 1:25 a.m.18 views

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency DEA online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised...

0.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/03 2:43 p.m.18 views

Hacker Charged With Extorting Online Psychotherapy Service

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius "Zeekill" Kivimaki, a notorious hacker who -...

Exploits0
Krebs on Security
Krebs on Security
added 2022/02/03 6:49 p.m.18 views

How Phishers Are Slinking Their Links Into LinkedIn

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other neer-do-wells are hoping you will, because theyve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that...

6.6AI score
Exploits0
Total number of security vulnerabilities1094