Lucene search
K
KrebsMost viewed

1092 matches found

Krebs on Security
Krebs on Security
added 2018/11/04 7:10 p.m.120 views

Who’s In Your Online Shopping Cart?

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/27 5:27 p.m.120 views

Security Trade-Offs in the New EU Privacy Law

On two occasions this past year I've published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/23 5:51 p.m.119 views

How the U.S. Govt. Shutdown Harms Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/10/10 12:41 a.m.117 views

Naming & Shaming Web Polluters: Xiongmai

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai -- a Chinese maker of electronic parts th...

8.5AI score0.01251EPSS
Exploits4
Krebs on Security
Krebs on Security
added 2022/02/14 6:22 p.m.115 views

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a...

7.5CVSS9.6AI score0.30084EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2022/02/08 10:38 p.m.115 views

Microsoft Patch Tuesday, February 2022 Edition

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This months relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including...

7.2CVSS8.3AI score0.55711EPSS
Exploits7
Krebs on Security
Krebs on Security
added 2017/09/07 10:30 p.m.115 views

Breach at Equifax May Impact 143M Americans

Equifax, one of the "big-three" U.S. credit bureaus, said today a data breach at the company may have affected 143 million Americans, jeopardizing consumer Social Security numbers, birth dates, addresses and some driver's license numbers. In a press release today, Equifax NYSE:EFX said it...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/02 3:3 p.m.113 views

SMS Phishing + Cardless ATM = Profit

Thieves are combining SMS-based phishing attacks with new "cardless" ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to...

6.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/01/11 10:18 p.m.112 views

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns tha...

10CVSS9.1AI score0.9279EPSS
Exploits22
Krebs on Security
Krebs on Security
added 2019/04/10 12:7 a.m.112 views

Patch Tuesday Lowdown, April 2019 Edition

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer IE and Edge browsers, Office,...

9.3CVSS0.3AI score0.4523EPSS
Exploits28
Krebs on Security
Krebs on Security
added 2020/05/11 4:37 p.m.111 views

Ransomware Hit ATM Giant Diebold Nixdorf

Diebold Nixdorf, a major provider of automatic teller machines ATMs and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected i...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/06 5:50 a.m.109 views

More Alleged SIM Swappers Face Justice

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who's built a solid reputation hijacking mobile phone...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/19 4:40 p.m.108 views

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/18 1:51 p.m.108 views

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

The U.S. government -- along with a number of leading security companies -- recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/12 3:53 p.m.107 views

Live Coronavirus Map Used to Spread Malware

Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/11/03 9:41 p.m.104 views

NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm

Banking industry giant NCR Corp. NYSE: NCR late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/06/20 1:47 a.m.104 views

Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy

A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing "enormous expenses" from notifying affected consumers and the loss of its four largest customers. The filing, first reporte...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/29 3:51 p.m.104 views

Happy 9th Birthday, KrebsOnSecurity!

Hard to believe we've gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts, but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed the...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/18 6:35 p.m.103 views

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/08/18 5:38 p.m.103 views

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/04 7:12 p.m.102 views

Crooks Continue to Exploit GoDaddy Hole

Godaddy.com, the world's largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy's fix hasn't gone far enough, and that scammer...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/23 8:22 p.m.102 views

Experts Urge Rapid Patching of ‘Struts’ Bug

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw -- in a Web component known as Apache Struts -- led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing...

0.4AI score0.99993EPSS
Exploits41
Krebs on Security
Krebs on Security
added 2021/03/30 6:0 p.m.100 views

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. NYSE:UI -- a major vendor of cloud-enabled Internet of Things IoT devices such as routers, network video recorders and security cameras -- disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participat...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/18 9:23 p.m.100 views

A Chief Security Concern for Executive Teams

Virtually all companies like to say they take their customers' privacy and security seriously, make it a top priority, blah blah. But you'd be forgiven if you couldn't tell this by studying the executive leadership page of each company's Web site. That's because very few of the world's biggest...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/10 8:40 p.m.99 views

How Internet Savvy are Your Leaders?

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn't pay a bill for some kind of dubious-looking service I'd never heard of. But it wasn't until the past week that it become clear ho...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/07/02 4:14 p.m.99 views

Is it Time to Can the CAN-SPAM Act?

Regulators at the U.S. Federal Trade Commission FTC are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/11 3:41 a.m.98 views

Insert Skimmer + Camera Cover PIN Stealer

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/27 12:43 a.m.98 views

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men -- a former Russian cyber intelligence official and an executive at Russian security firm...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/07/16 7:9 p.m.98 views

‘LuminosityLink RAT’ Author Pleads Guilty

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called "LuminosityLink," a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide. Th...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/09/10 8:9 p.m.97 views

Patch Tuesday, September 2019 Edition

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to...

9.3CVSS8.9AI score0.19254EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2019/06/04 12:16 a.m.97 views

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as "Robbinhood." Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by "Eternal Blue," a...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/01 4:47 p.m.97 views

Equifax Has Chosen Experian. Wait, What?

A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor --...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/05/11 8:28 p.m.96 views

Microsoft Patch Tuesday, May 2021 Edition

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are...

7.6CVSS0.7AI score0.99657EPSS
Exploits29
Krebs on Security
Krebs on Security
added 2020/02/11 11:13 p.m.96 views

Microsoft Patch Tuesday, February 2020 Edition

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer IE that is actively being exploited. Also, Adobe has issued a bevy of security updates for its vario...

9.3CVSS9.4AI score0.99965EPSS
Exploits61
Krebs on Security
Krebs on Security
added 2019/09/04 4:14 a.m.96 views

‘Satori’ IoT Botnet Operator Pleads Guilty

A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the "Satori" botnet, a crime machine powered by hacked Internet of Things IoT devices that was built to conduct massive denial-of-service attacks targeting Internet service provider...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/09 2:46 p.m.96 views

Patch Tuesday, January 2019 Edition

Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few...

9.3CVSS0.8AI score0.71365EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/02 7:31 p.m.94 views

No SOCKS, No Shoes, No Malware Proxy Services!

With the recent demise of several popular "proxy" services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services hav...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/08/09 6:18 p.m.94 views

iNSYNQ Ransom Attack Began With Phishing Email

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/30 1:59 p.m.94 views

Capital One Data Theft Impacts 106M People

Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms. What follows is a...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/12 7:25 p.m.94 views

Scanning for Flaws, Scoring for Security

Is it fair to judge an organization's information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are usin...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/06/30 8:32 p.m.94 views

So You Think You Can Spot a Skimmer?

This week marks the 50th anniversary of the automated teller machine -- better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the AT...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/12 4:54 p.m.94 views

U.K. Hospitals Hit in Widespread Ransomware Attack

At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim's documents, images, music and other files unless the victim pays for a key to unlock the...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/24 8:39 p.m.93 views

Neo-Nazi SWATters Target Dozens of Journalists

Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views. This group specializes in encouraging others to harass those targeted by their ire,...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/06/04 9:45 p.m.93 views

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party -- the American Medical Collection Agency AMCA -- also recently notified competing firm Quest Diagnostics that a...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/29 10:19 p.m.93 views

Man Behind Fatal ‘Swatting’ Gets 20 Years

Tyler Barriss, a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. Tyler Barriss, in an undated selfie. Barriss has admitted to his role in t...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/10/25 4:11 p.m.93 views

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/09/05 10:50 a.m.93 views

Who Is Marcus Hutchins?

In early August 2017, FBI agents in Las Vegas arrested 23-year-old British security researcher Marcus Hutchins on suspicion of authoring and/or selling "Kronos," a strain of malware designed to steal online banking credentials. Hutchins was virtually unknown to most in the security community unti...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/13 11:12 p.m.92 views

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate and zero-day bugs in the email...

10CVSS1.3AI score0.83337EPSS
Exploits4
Krebs on Security
Krebs on Security
added 2019/04/02 2:50 p.m.92 views

Canadian Police Raid ‘Orcus RAT’ Author

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is...

7.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/31 9:43 p.m.91 views

Three Charged in July 15 Twitter Compromise

Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the worlds most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. Amazon CEO Jeff Bezoss Twitt...

7.2AI score
Exploits0
Total number of security vulnerabilities1092