Lucene search
K
KrebsMost viewed

1092 matches found

Krebs on Security
Krebs on Security
added 2017/07/28 9:13 p.m.57 views

Suspended Sentence for Mirai Botmaster Daniel Kaye

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things IoT devices for use in large-scale online attacks...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/16 3:34 a.m.57 views

Breach at DocuSign Led to Targeted Email Malware Campaign

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer an...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/02/28 8:14 p.m.56 views

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab , KrebsOnSecurity has learned. Security experts say the Russia-based service provider...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/07/20 9:30 p.m.56 views

Spam Kingpin Peter Levashov Gets Time Served

Peter Levashov, appearing via Zoom at his sentencing hearing today. A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/02/17 2:13 p.m.56 views

Pay Up, Or We’ll Make Google Ban Your Ads

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google's AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/12/05 7:46 p.m.56 views

Apple Explains Mysterious iPhone 11 Location Requests

KrebsOnSecurity ran a story this week that puzzled over Apple's response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user's location even when all applications and system services are individually set never to reque...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/10/01 4:33 p.m.56 views

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who've recently re-indicted him on related charges. NiceHash CTO Matjaž "Iserdo...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/10/02 11:42 p.m.56 views

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for mon...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/16 5:1 p.m.56 views

Hanging Up on Mobile in the Name of Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like the...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/05/28 6:54 p.m.56 views

FBI: Kindly Reboot Your Router Now, Please

The Federal Bureau of Investigation FBI is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/06 9:24 p.m.56 views

What Is Your Bank’s Security Banking On?

A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier -- such as the first six digits of their Social Security number SSN,...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/02/02 2:21 p.m.56 views

Attackers Exploiting Unpatched Flaw in Flash

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this...

8.7AI score0.89618EPSS
Exploits19
Krebs on Security
Krebs on Security
added 2023/05/10 1:19 a.m.55 views

Microsoft Patch Tuesday, May 2023 Edition

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in Mays zero-day flaws is CVE-2023-29336, which ...

7.5CVSS8.4AI score0.94683EPSS
Exploits4
Krebs on Security
Krebs on Security
added 2019/12/30 12:49 a.m.55 views

Happy 10th Birthday, KrebsOnSecurity.com

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches,...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/07/15 3:58 p.m.55 views

Is ‘REvil’ the New GandCrab Ransomware?

The cybercriminals behind the GandCrab ransomware-as-a-service RaaS offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/13 8:56 p.m.55 views

Ad Network Sizmek Probes Account Breach

Online advertising firm Sizmek Inc. NASDAQ: SZMK says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/09/05 10:55 p.m.55 views

Browser Extensions: Are They Worth the Risk?

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browse...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/20 5:19 p.m.55 views

15-Year-old Finds Flaw in Ledger Crypto Wallet

A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Ledger's Nano-S...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/19 3:53 a.m.55 views

Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37

Adrian Lamo, the hacker probably best known for breaking into The New York Times's network and for reporting Chelsea Manning's theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapt...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/08 4:55 p.m.55 views

Look-Alike Domains and Visual Confusion

How good are you at telling the difference between domain names you know and trust and impostor or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names IDNs, as well as which browser or Web application you're using. For example, how...

6.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/08/28 2:6 p.m.55 views

Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet

A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle 'WireX,' an extraordinary new crime machine comprising tens of thousands of hacked...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/07/11 10:26 p.m.55 views

Adobe, Microsoft Push Critical Security Fixes

It's Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe's got a new version of its Flash Player available that addresses at least three...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/05/26 4:45 a.m.55 views

Trump’s Dumps: ‘Making Dumps Great Again’

It's not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for their shops that run incessantly on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/12/12 10:21 p.m.54 views

Microsoft Patch Tuesday, December 2023 Edition

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known "zero-day" threats targeting any of the vulnerabilities in Decembers...

7.5CVSS9.7AI score0.97408EPSS
Exploits19
Krebs on Security
Krebs on Security
added 2021/08/16 11:53 p.m.54 views

T-Mobile Investigating Claims of Massive Data Breach

Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and detai...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/09/21 4:31 p.m.54 views

Credit Freezes are Free: Let the Ice Age Begin

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you've been holding out because you're not particularly worried about ID...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/04/11 12:26 a.m.54 views

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft each released critical fixes for their products today, a.k.a "Patch Tuesday," the second Tuesday of every month. Adobe updated its Flash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities in...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/11/10 1:55 a.m.54 views

DDoS-for-Hire Service Launches Mobile App

In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service DDoS attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/01/14 10:50 p.m.53 views

Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since...

9.8CVSS8.2AI score0.80912EPSS
Exploits11
Krebs on Security
Krebs on Security
added 2023/06/22 7:11 p.m.53 views

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

The United Parcel Service UPS says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing a.k.a. "smishing" messages that spoofed UPS and other top brands. The missives addressed recipients by name,...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/06/13 8:44 p.m.53 views

Microsoft Patch Tuesday, June 2023 Edition

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This months relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March...

7.5CVSS8.1AI score0.99649EPSS
Exploits10
Krebs on Security
Krebs on Security
added 2021/07/01 6:56 p.m.53 views

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by t...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/02/14 6:48 p.m.53 views

A Light at the End of Liberty Reserve’s Demise?

In May 2013, the U.S. Justice Department seized Liberty Reserve, alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part o...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/09/19 4:54 p.m.53 views

Mirai Botnet Authors Avoid Jail Time

Citing "extraordinary cooperation" with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using "Mirai," a potent malware strain used in countless attacks designed to knock Web sites offline --...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/13 8:14 p.m.53 views

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/11 2:42 p.m.53 views

Bad .Men at .Work. Please Don’t .Click

Web site names ending in new top-level domains TLDs like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren't a whole mess of nasty .com, .net and .biz domains out there, b...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/30 5:55 p.m.53 views

Coinhive Exposé Prompts Cancer Research Fundraiser

A story published here this week revealed the real-life identity behind the original creator of Coinhive -- a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest again...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/23 4:31 p.m.53 views

San Diego Sues Experian Over ID Theft Service

The City of San Diego, Calif. is suing consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law. The lawsuit,...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/03/22 2:8 p.m.53 views

Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach

Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year's data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation tha...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/09/21 3:6 p.m.53 views

Experian Site Can Give Anyone Your Credit Freeze PIN

An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number PIN needed to unlock a consumer credit file that was previously frozen at Experian. Experian's page for retrieving...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/03/05 9:7 p.m.52 views

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

At least 30,000 organizations across the United States -- including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit thats focused on stealing email from victim...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/02/02 6:4 p.m.52 views

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/09/18 6:53 p.m.52 views

Before He Spammed You, this Sly Prince Stalked Your Mailbox

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/09 8:52 p.m.52 views

Bug Bounty Hunter Ran ISP Doxing Service

A Connecticut man who's earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers' personal data, KrebsOnSecurity has learned. In May...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/08 7:28 a.m.52 views

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

A year ago, KrebsOnSecurity warned that "Informed Delivery," a new offering from the U.S. Postal Service USPS that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and ma...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/02 12:55 a.m.52 views

Reddit Breach Highlights Limits of SMS-Based Authentication

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text...

7.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/28 5:50 p.m.52 views

Plant Your Flag, Mark Your Territory

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data -- including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is a...

6.9AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/11/21 1:11 p.m.52 views

Correcting the Record on vDOS Prosecutions

KrebsOnSecurity recently featured a story about a New Mexico man who stands accused of using the now-defunct vDOS attack-for-hire service to hobble the Web sites of several former employers. That piece stated that I wasn't aware of any other prosecutions related to vDOS customers, but as it happe...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/10/04 4:34 a.m.52 views

Fear Not: You, Too, Are a Cybercrime Victim!

Maybe you've been feeling left out because you weren't among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today. Yahoo! announced that, our bad!:...

6.3AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/02/28 4:56 p.m.51 views

Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the targets calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a vide...

7.3AI score
Exploits0
Total number of security vulnerabilities1092