Lucene search
K
KrebsMost viewed

1092 matches found

Krebs on Security
Krebs on Security
added 2021/07/09 7:31 p.m.184 views

Spike in “Chain Gang” Destructive Attacks on ATMs

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines ATMs out of their foundations, and make off with the cash boxes...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/07/07 2:34 p.m.184 views

Microsoft Issues Emergency Patch for Windows Flaw

Microsoft on Tuesday issued an emergency software update to quash a security bug thats been dubbed "PrintNightmare," a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsofts normal monthly Patch Tuesday release, and...

9CVSS0.8AI score0.99759EPSS
Exploits41
Krebs on Security
Krebs on Security
added 2018/10/26 8:36 p.m.182 views

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his alm...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/05/19 3:13 p.m.180 views

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can ...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/09/23 6:19 p.m.169 views

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the Unite...

1.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/19 9:1 p.m.169 views

Microsoft Issues Emergency Fix for IE Zero Day

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer IE Web browser that attackers are already using to break into Windows computers. The software giant said it learned about the weakness CVE-2018-8653 after receiving a report from Google...

7.6CVSS7.6AI score0.29822EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/17 11:25 p.m.168 views

Why Phone Numbers Stink As Identity Proof

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/01/24 7:0 p.m.163 views

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was...

0.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/21 1:43 p.m.162 views

New Breed of Fuel Pump Skimmer? Not Really

Fraud investigators say they've uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message. KrebsOnSecurity has since learned those claims simply don't hold water. An earlier version of this story...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/10 5:2 p.m.159 views

Nine Charged in Alleged SIM Swapping Ring

Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target's phone number and diverting all texts and...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/13 3:31 a.m.159 views

Patch Tuesday, February 2019 Edition

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month's patch batch tackles some notable threats to enterprises -- including multiple flaws that...

7.5CVSS7.9AI score0.68294EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2021/07/08 3:22 p.m.159 views

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large...

7.5CVSS8.9AI score0.85619EPSS
Exploits3
Krebs on Security
Krebs on Security
added 2018/09/11 8:35 p.m.157 views

Patch Tuesday, September 2018 Edition

Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, includi...

0.5AI score0.18386EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2021/09/14 9:0 p.m.156 views

Microsoft Patch Tuesday, September 2021 Edition

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw thats reportedly been abused to install spyware on iOS...

7.5CVSS8.5AI score0.99723EPSS
Exploits59
Krebs on Security
Krebs on Security
added 2019/04/14 6:40 p.m.156 views

‘Land Lordz’ Service Powers Airbnb Scams

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called "Land Lordz," which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. T...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/10 1:42 a.m.154 views

Microsoft Patch Tuesday, March 2021 Edition

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsofts "critical" rating, meaning they can be exploited by malware or...

5.1CVSS0.4AI score0.81103EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/12 8:57 p.m.153 views

Patch Tuesday, December 2017 Edition

The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe's got another...

9.3CVSS7.3AI score0.28327EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/22 7:32 p.m.151 views

Alleged Child Porn Lord Faces US Extradition

In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring - 33-year-old Freedom Hosting operator Eric Eoin Marques - was arrested in Ireland later that year on a U.S. warrant and has been in...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/16 10:30 p.m.150 views

Can We Stop Pretending SMS Is Secure Now?

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now were learning about an entire ecosystem ...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/24 12:16 a.m.150 views

Payroll Provider Gives Extortionists a Payday

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/02/09 10:37 p.m.149 views

Microsoft Patch Tuesday, February 2021 Edition

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit...

9.3CVSS0.4AI score0.99512EPSS
Exploits96
Krebs on Security
Krebs on Security
added 2019/04/11 4:14 p.m.149 views

Android 7.0+ Phones Can Now Double as Google Security Keys

Google this week made it easier for Android users to enable strong 2-factor authentication 2FA when logging into Google's various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/12/07 9:17 p.m.148 views

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/03 4:48 p.m.148 views

Feds Bust Up Dark Web Hub Wall Street Market

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market WSM, one of the world's largest dark web bazaars that allowed vendors to sell...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/05/04 5:22 p.m.145 views

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/07/08 3:9 p.m.145 views

Self-Service Food Kiosk Vendor Avanti Hacked

Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/09/30 4:51 p.m.144 views

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime...

9.1AI score0.99964EPSS
Exploits16
Krebs on Security
Krebs on Security
added 2022/06/15 4:52 a.m.143 views

Microsoft Patch Tuesday, June 2022 Edition

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows thats seen active exploitation for at least two months now. On a...

10CVSS0.3AI score0.99374EPSS
Exploits64
Krebs on Security
Krebs on Security
added 2020/06/10 2:43 a.m.143 views

Microsoft Patch Tuesday, June 2020 Edition

Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed pri...

9.3CVSS8.7AI score0.9981EPSS
Exploits126
Krebs on Security
Krebs on Security
added 2021/06/30 8:34 p.m.141 views

We Infiltrated a Counterfeit Check Ring! Now What?

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and youve shared this information in advance with the authorities each day for a year with...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/01/17 5:0 p.m.140 views

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as "Internet Swiping" and "Million Dollar Criminal" earning millions of views, Punchmade has leveraged his considerable followi...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/09 9:4 p.m.140 views

Warning the World of a Ticking Time Bomb

Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has been retrofitted with a "web shell" backdoor that gives the bad guys total, remote control, the abilit...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/10/09 6:0 a.m.136 views

Patch Tuesday Lowdown, October 2019 Edition

On Tuesday Microsoft issued software updates to fix almost five dozen security problems in Windows and software designed to run on top of it. By most accounts, it's a relatively light patch batch this month. Here's a look at the highlights. Happily, only about 15 percent of the bugs patched this...

7.6CVSS8AI score0.52729EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/01 1:43 p.m.136 views

250 Webstresser Users to Face Legal Action

More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union's law enforcement agency. In April 2018, investigators in the U.S., U....

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/11/12 10:4 p.m.134 views

Patch Tuesday, November 2019 Edition

Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploite...

7.6CVSS8.7AI score0.72977EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2019/09/11 3:2 p.m.134 views

NY Payroll Company Vanishes With $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/17 8:59 p.m.133 views

Party Like a Russian, Carder’s Edition

"It takes a certain kind of man with a certain reputation To alleviate the cash from a whole entire nation…" KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/18 1:44 p.m.133 views

Account Hijacking Forum OGusers Hacked

Ogusers.com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/08 8:38 p.m.133 views

Microsoft Patch Tuesday, May 2018 Edition

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft's Patch Tuesday -- the second...

8.6AI score0.87814EPSS
Exploits9
Krebs on Security
Krebs on Security
added 2020/09/24 5:0 p.m.131 views

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsofts warning comes just days after the U.S. Department of Homeland...

9.3CVSS1.2AI score0.99512EPSS
Exploits75
Krebs on Security
Krebs on Security
added 2019/09/03 6:56 p.m.131 views

Spam In your Calendar? Here’s What to Do.

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden ...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/07/16 12:11 p.m.131 views

Porn Spam Botnet Has Evil Twitter Twin

Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting "online dating" programs -- affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/01/27 6:45 p.m.130 views

First ‘Jackpotting’ Attacks Hit U.S. ATMs

ATM "jackpotting" -- a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand -- has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/09 10:32 p.m.129 views

Patch Tuesday Lowdown, July 2019 Edition

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to...

8.5CVSS0.6AI score0.70966EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2018/10/13 1:3 a.m.126 views

Supply Chain Security 101: An Expert’s View

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/10/29 9:47 p.m.125 views

Takeaways from the $566M BriansClub breach

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world's largest financial institutions tend to have a much better idea of which merchants and bank cards have been...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/01/15 2:31 a.m.124 views

Patch Tuesday, January 2020 Edition

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security...

5.8CVSS0.3AI score0.89436EPSS
Exploits14
Krebs on Security
Krebs on Security
added 2020/02/08 5:32 p.m.123 views

Dangerous Domain Corp.com Goes Up for Sale

As an early domain name investor, Mike O'Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O'Connor refused to auction perhaps the most sensitive...

6.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/08/13 9:57 p.m.122 views

Patch Tuesday, August 2019 Edition

Most Microsoft Windows abusers probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it's all going to turn out. Fortunately, this month's patch...

10CVSS9.8AI score0.75194EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2019/06/25 3:24 p.m.121 views

Tracing the Supply Chain Attack on Android

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or...

7AI score
Exploits0
Total number of security vulnerabilities1092