Lucene search
K
KrebsMost viewed

1092 matches found

Krebs on Security
Krebs on Security
added 2019/09/27 4:17 p.m.91 views

MyPayrollHR CEO Arrested, Admits to $70M Fraud

Earlier this month, employees at more than 1,000 companies saw one or two paycheck's worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/25 5:41 p.m.91 views

DDoS-for-Hire Service Webstresser Dismantled

Authorities in the U.S., U.K. and the Netherlands on Tuesday took down popular online attack-for-hire service WebStresser.org and arrested its alleged administrators. Investigators say that prior to the takedown, the service had more than 136,000 registered users and was responsible for launching...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/09/24 12:53 p.m.91 views

Equifax or Equiphish?

More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/08/17 4:5 a.m.90 views

Microsoft Put Off Fixing Zero Day for 2 Years

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11s Patch Tuesd...

2.1CVSS7.3AI score0.41131EPSS
Exploits1
Krebs on Security
Krebs on Security
added 2019/03/31 8:51 a.m.90 views

Annual Protest Raises $250K to Cure Krebs

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive, a now-defunct cryptocurrency mining service that was...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/17 8:11 p.m.90 views

773M Password ‘Megabreach’ is Years Old

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessl...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/14 1:25 p.m.89 views

Patch Tuesday, November 2018 Edition

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe also has security patches available for Flash Player, Acrobat and Reader users. As per usual, most of the critical flaws -- those that can be...

6.8AI score0.03023EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/08 5:27 p.m.88 views

Who’s Behind the GandCrab Ransomware?

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follow...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/14 5:37 a.m.88 views

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites including this one, took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In a...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/02 10:41 p.m.88 views

Powerful New DDoS Method Adds Extortion

Attackers have seized on a relatively new method for executing distributed denial-of-service DDoS attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/10/10 10:51 p.m.87 views

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS...

7.5CVSS8AI score0.99999EPSS
Exploits22
Krebs on Security
Krebs on Security
added 2021/11/01 4:23 a.m.87 views

‘Trojan Source’ Bug Threatens the Security of All Code

Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. Th...

5.1CVSS8.7AI score0.12205EPSS
Exploits5
Krebs on Security
Krebs on Security
added 2021/10/12 7:52 p.m.87 views

Patch Tuesday, October 2021 Edition

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This months Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separatel...

9.3CVSS0.4AI score0.73381EPSS
Exploits11
Krebs on Security
Krebs on Security
added 2020/12/18 6:33 p.m.87 views

VMware Flaw a Vector in SolarWinds Breach?

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a...

9CVSS1AI score0.23771EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2019/11/11 5:33 p.m.87 views

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/22 7:27 p.m.87 views

What You Should Know About the Equifax Data Breach Settlement

Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Here's a brief primer that attempts to break down what this settlement means for...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/12/04 5:39 a.m.87 views

Hacked Password Service Leakbase Goes Dark

Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/08/31 3:14 p.m.86 views

Final Thoughts on Ubiquiti

Last year, I posted a series of articles about a purported "breach" at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false information to the press. As a result of the new...

1.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/11/10 5:9 p.m.86 views

Ransomware Group Turns to Facebook Ads

Its bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening o...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/22 7:26 p.m.86 views

Legal Threats Make Powerful Phishing Lures

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days -- or else. Here's a look at a recent spam...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/16 12:52 a.m.86 views

“Stole $24 Million But Still Can’t Keep a Friend”

Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/14 11:0 p.m.85 views

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month...

6.8CVSS7.7AI score0.88196EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2019/08/19 1:3 p.m.85 views

The Rise of “Bulletproof” Residential Networks

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers. But this story is about so-called "bulletproof residentia...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/23 8:24 p.m.85 views

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks -- including a 2013 swatting incident at my home -- was arrested Sunday morning in the Philippines after allegedly helping his best friend dump the body of a housemate into a local river...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/07 4:47 p.m.85 views

Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K

A monster distributed denial-of-service attack DDoS against KrebsOnSecurity.com in 2016 knocked this site offline for nearly four days. The attack was executed through a network of hacked "Internet of Things" IoT devices such as Internet routers, security cameras and digital video recorders. A ne...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/29 7:22 p.m.84 views

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company's customers were being sold in the cybercrime underground. Today, Buca's parent firm announced it had...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/02 6:32 p.m.84 views

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and deliver...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/01 9:16 p.m.84 views

What the Marriott Breach Says About Security

We don't yet know the root causes that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause ...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/11/17 2:13 p.m.83 views

Be Very Sparing in Allowing Site Notifications

An increasing number of websites are asking visitors to approve "notifications," browser modifications that periodically display messages on the users mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notificati...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/20 2:46 p.m.83 views

Zyxel Flaw Powers New Mirai IoT Botnet Strain

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited ...

10CVSS9.4AI score0.99988EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2019/01/03 7:21 p.m.83 views

Apple Phone Phishing Scams Getting Better

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display's Apple's logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/07/11 10:55 p.m.82 views

Apple & Microsoft Patch Tuesday, July 2023 Edition

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple...

6.8CVSS7.9AI score0.99083EPSS
Exploits8
Krebs on Security
Krebs on Security
added 2019/12/28 1:49 a.m.82 views

Ransomware at IT Services Provider Synoptek

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand ...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/30 10:21 p.m.82 views

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

Canadian government regulators are using the country's powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. In March 2019, the Canadian Radio-television and Telecommunications Commission CRTC --...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/07/11 2:34 a.m.82 views

Patch Tuesday, July 2018 Edition

Microsoft and Adobe each issued security updates for their products today. Microsoft's July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster...

7AI score0.06413EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2022/09/14 12:23 a.m.81 views

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This months Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of...

5CVSS1AI score0.75711EPSS
Exploits9
Krebs on Security
Krebs on Security
added 2019/07/11 8:41 p.m.81 views

FEC: Campaigns Can Use Discounted Cybersecurity Services

The U.S. Federal Election Commission FEC said today political campaigns can accept discounted cybersecurity services from companies without running afoul of existing campaign finance laws, provided those companies already do the same for other non-political entities. The decision comes amid much...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/09 1:50 a.m.80 views

Patch Tuesday, November 2022 Election Edition

Lets face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well weve patched our Democracy, it seems fitting that Microsoft Corp. today...

9.1AI score0.9997EPSS
Exploits16
Krebs on Security
Krebs on Security
added 2022/04/13 3:1 p.m.81 views

Microsoft Patch Tuesday, April 2022 Edition

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National...

10CVSS0.3AI score0.91316EPSS
Exploits20
Krebs on Security
Krebs on Security
added 2021/12/14 10:23 p.m.80 views

Microsoft Patch Tuesday, December 2021 Edition

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this months Patch Tuesday is overshadowed by the "Log4Shell" 0-day exploit in a popular Ja...

6.8CVSS0.1AI score0.20099EPSS
Exploits1
Krebs on Security
Krebs on Security
added 2019/08/22 9:38 p.m.80 views

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that th...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/05 3:50 p.m.80 views

Secret Service Warns of Chip Card Scheme

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/16 12:57 p.m.79 views

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawlin...

9CVSS0.6AI score0.23771EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2020/05/28 4:19 p.m.79 views

UK Ad Campaign Seeks to Deter Cybercrime

The United Kingdom's anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/08/14 12:25 p.m.79 views

Meet Bluetana, the Scourge of Pump Skimmers

"Bluetana," a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/10 9:46 p.m.78 views

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years' tax filings sometime next week. Toda...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/22 4:58 p.m.78 views

Alleged SIM Swapper Arrested in California

Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting "SIM swappers,"...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/05/29 4:14 p.m.77 views

Using Fake Reviews to Find Dangerous Extensions

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/10/17 3:13 a.m.77 views

When Card Shops Play Dirty, Consumers Win

Cybercrime forums have been abuzz this week over news that BriansClub -- one of the underground's largest shops for stolen credit and debit cards -- has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/03 2:30 p.m.77 views

Credit Union Sues Fintech Giant Fiserv Over Security Claims

A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that "baffling" security vulnerabilities in the company's software are "wreaking havoc" on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurit...

7.3AI score
Exploits0
Total number of security vulnerabilities1092