Lucene search
K
KrebsMost viewed

1092 matches found

Krebs on Security
Krebs on Security
added 2017/10/08 6:56 p.m.77 views

Equifax Breach Fallout: Your Salary History

In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/05/07 10:22 p.m.76 views

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/11/13 3:41 p.m.76 views

Orcus RAT Author Charged in Malware Scheme

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/10 4:27 p.m.76 views

Secret Service: Theft Rings Turn to Fuze Cards

Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/23 11:24 p.m.76 views

How to Shop Online Like a Security Pro

'Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here's a quick refresher course on how to make it through the next few weeks without getting snookered...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/21 5:10 p.m.76 views

USPS Site Exposed Data on 60 Million Users

U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com KrebsOnSecurity was contacted last week by a researcher who...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/10/13 8:10 p.m.75 views

Microsoft Patch Tuesday, October 2020 Edition

Its Cybersecurity Awareness Month! In keeping with that theme, if you abuse Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means its onc...

9.3CVSS9.6AI score0.33551EPSS
Exploits12
Krebs on Security
Krebs on Security
added 2019/04/26 1:17 p.m.75 views

P2P Weakness Exposes Millions of IoT Devices

A peer-to-peer P2P communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of...

6.4CVSS8.6AI score0.01842EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/13 8:24 p.m.75 views

Spammed Bomb Threat Hoax Demands Bitcoin

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient's building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/07 4:37 p.m.75 views

Adobe Patches Zero-Day Flash Flaw

Adobe has released an emergency update to address a critical security hole in its Flash Player browser plugin that is being actively exploited to deploy malicious software. If you've got Flash installed -- and if you're using Google Chrome or a recent version of Microsoft Windows you do -- it's...

0.6AI score0.25353EPSS
Exploits0
Krebs on Security
Krebs on Security
added 2017/10/16 8:43 p.m.75 views

What You Should Know About the ‘KRACK’ WiFi Security Weakness

Researchers this week published information about a newfound, serious weakness in WPA2 -- the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who's most at-risk from this vulnerability, and what organizations and...

6.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/01/31 9:6 p.m.74 views

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/11/18 9:19 p.m.74 views

Why Were the Russians So Set Against This Hacker Being Extradited?

The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States. When Israeli authorities turned down requests to send him back to Russia -- supposedly to face separate hacking charges...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/10/15 11:5 a.m.74 views

“BriansClub” Hack Rescues 26M Stolen Cards

"BriansClub," one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, includin...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/08/21 11:58 a.m.74 views

Forced Password Reset? Check Your Assumptions

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site's...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/31 1:58 p.m.74 views

NY Investigates Exposure of 885 Million Mortgage Documents

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. NYSE:FAF as the first test of the state's strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in th...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/02/28 3:14 p.m.74 views

Booter Boss Interviewed in 2014 Pleads Guilty

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/09/04 5:22 p.m.74 views

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/13 12:28 a.m.74 views

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

The Federal Bureau of Investigation FBI is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/04 5:9 p.m.74 views

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/20 8:19 p.m.73 views

Who’s Behind the “Reopen” Domain Surge?

The past few weeks have seen a large number of new domain registrations beginning with the word "reopen" and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to "liberate" themselves fro...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/04/07 12:34 p.m.73 views

Microsoft Buys Corp.com So Bad Guys Can’t

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords,...

6.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/09/02 8:52 p.m.73 views

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/12/20 7:11 p.m.73 views

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different "booter" or "stresser" sites -- attack-for-hire services that helped paying customers launch tens of thousands of digital sieges...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/15 2:52 p.m.73 views

Patch Tuesday, August 2018 Edition

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two "zero-day" flaws that attackers were...

1AI score0.73968EPSS
Exploits1
Krebs on Security
Krebs on Security
added 2018/01/26 7:43 p.m.73 views

Registered at SSA.GOV? Good for You, But Keep Your Guard Up

KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration SSA -- even if you are not yet drawing benefits from the agency -- because identity thieves have been registering accounts in peoples' names and...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/10/25 3:22 a.m.73 views

Dell Lost Control of Key Customer Support Domain for a Month in 2017

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/08/24 10:55 p.m.73 views

Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass

An October 2015 piece published here about the potential dangers of tossing out or posting online your airline boarding pass remains one of the most-read stories on this site. One reason may be that the advice remains timely and relevant: A talk recently given at a Czech security conference...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/07/13 1:2 a.m.72 views

Microsoft Patch Tuesday, July 2022 Edition

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision t...

9CVSS0.1AI score0.18765EPSS
Exploits2
Krebs on Security
Krebs on Security
added 2018/12/04 9:45 p.m.72 views

A Breach, or Just a Forced Password Reset?

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefil...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/10/22 7:55 p.m.72 views

Who Is Agent Tesla?

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity -- attracting more than 6,300 customers who pay subscription fees to license the software. Although Agent Tesla includes ...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/10/11 7:34 a.m.72 views

Patch Tuesday, October 2018 Edition

Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available. The zero-day bug --...

0.3AI score0.69833EPSS
Exploits11
Krebs on Security
Krebs on Security
added 2024/07/09 7:50 p.m.71 views

Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day thi...

9.8CVSS9.8AI score0.97408EPSS
Exploits23
Krebs on Security
Krebs on Security
added 2023/04/12 12:6 a.m.71 views

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day...

9.3AI score0.48973EPSS
Exploits12
Krebs on Security
Krebs on Security
added 2023/03/15 3:19 p.m.71 views

Microsoft Patch Tuesday, March 2023 Edition

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The...

0.7AI score0.97408EPSS
Exploits18
Krebs on Security
Krebs on Security
added 2023/02/14 9:1 p.m.71 views

Microsoft Patch Tuesday, February 2023 Edition

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This years special Valentines Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that ar...

9.8AI score0.82302EPSS
Exploits11
Krebs on Security
Krebs on Security
added 2020/05/19 4:46 p.m.71 views

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

In January 2019, dozens of media outlets raised the alarm about a new "megabreach" involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled "the largest collection of stolen data in history." A subsequent review by KrebsOnSecurity quickly determined t...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/10/22 12:32 a.m.71 views

Avast, NordVPN Breaches Tied to Phantom User Accounts

Antivirus and security giant Avast and virtual private networking VPN software provider NordVPN each today disclosed months-long network intrusions that -- while otherwise unrelated -- shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/14 7:37 p.m.71 views

Courts Hand Down Hard Jail Time for DDoS

Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/02/23 12:35 a.m.71 views

Chase ‘Glitch’ Exposed Customer Accounts

Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer's bank account details. Chase has acknowledged the incident, saying it was caused by an internal "glitch" Wednesday evening that did not involve any kind of hacking attempt or...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/04/01 8:19 p.m.70 views

New KrebsOnSecurity Mobile-Friendly Site

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us ove...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/02/04 6:2 p.m.70 views

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrati...

7.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/07/14 9:45 p.m.70 views

‘Wormable’ Flaw Leads July Microsoft Patches

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, "wormable" flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July's...

10CVSS8.8AI score0.92178EPSS
Exploits21
Krebs on Security
Krebs on Security
added 2020/05/23 1:40 p.m.70 views

Riding the State Unemployment Fraud ‘Wave’

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that's exactly what appears to be going on right now as multiple U.S...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/01/13 10:17 p.m.70 views

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to...

5.8CVSS8.9AI score0.89436EPSS
Exploits14
Krebs on Security
Krebs on Security
added 2021/09/06 7:4 p.m.69 views

“FudCo” Spam Empire Tied to Pakistani Software Firm

In May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/03/03 3:39 p.m.69 views

The Case for Limiting Your Browser Extensions

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extensio...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/29 5:39 p.m.69 views

Should Failing Phish Tests Be a Fireable Offense?

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/16 10:5 p.m.69 views

Feds Target $100M ‘GozNym’ Cybercrime Network

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the sam...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/05/15 10:9 p.m.69 views

A Tough Week for IP Address Scammers

In the early days of the Internet, there was a period when Internet Protocol version 4 IPv4 addresses e.g. 4.4.4.4 were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out t...

6.7AI score
Exploits0
Total number of security vulnerabilities1092