1089 matches found
Microsoft Patch Tuesday, August 2023 Edition
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. Six of the flaws fixed today earned Microsofts "critical" rating, meaning...
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’
WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence AI to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be used...
Teach a Man to Phish and He’s Set for Life
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encodin...
How Malicious Android Apps Slip Into Disguise
Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a...
Russia Sends Cybersecurity CEO to Jail for 14 Years
The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russias largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden fr...
Who and What is Behind the Malware Proxy Service SocksEscort?
Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service...
Few Fortune 100 Firms List Security Pros in Their Executive Ranks
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasnt shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a brea...
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource.com, a service that sold access to billions of passwords a...
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack. It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website...
Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple...
Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014
When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the companys then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals...
Who’s Behind the DomainNetworks Snail Mail Scam?
If youve ever owned a domain name, the chances are good that at some point youve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, dont...
Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
Nikita Kislitsin, formerly the head of network security for one of Russias top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsins prosecution could soon put the Kazakhstan government in a...
U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison
Joseph James "PlugwalkJoe" OConnor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But...
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
The United Parcel Service UPS says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing a.k.a. "smishing" messages that spoofed UPS and other top brands. The missives addressed recipients by name,...
Why Malware Crypting Services Deserve More Scrutiny
If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently...
CISA Order Highlights Persistent Risk at Network Edge
The U.S. government agency in charge of improving the nations cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely...
Microsoft Patch Tuesday, June 2023 Edition
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This months relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March...
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
Its not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...
Service Rents Email Addresses for Account Signups
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying...
Ask Fitis, the Bear: Real Crooks Sign Their Malware
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to...
Discord Admins Hacked by Malicious Bookmarks
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. This attack involves malicious Javascript that is added to ones browser by dragging a...
Phishing Domains Tanked After Meta Sued Freenom
The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while...
Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several...
Russian Hacker “Wazawaka” Indicted for Ransomware
A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev, a.k.a. "Wazawaka" and "Boriselcin" worked with...
Re-Victimization from Police-Auctioned Cell Phones
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for...
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in Mays zero-day flaws is CVE-2023-29336, which ...
Feds Take Down 13 More DDoS-for-Hire Services
The U.S. Federal Bureau of Investigation FBI this week seized 13 domain names connected to "booter" services that let paying customers launch crippling distributed denial-of-service DDoS attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when...
$10M Is Yours If You Can Get This Guy to Leave Russia
The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime undergrounds most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkovs card-checking service...
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service USPS has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the networks chief technolo...
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an...
3CX Breach Was a Double Supply Chain Compromise
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening...
Giving a Face to the Malware Proxy Service ‘Faceless’
For the past seven years, a malware-based proxy service known as "Faceless" has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post...
Why is ‘Juice Jacking’ Suddenly Back in the News?
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation FBI and the Federal Communications Commission FCC about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile...
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day...
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation FBI today. The domain seizures coincided with more than a...
A Serial Tech Investment Scammer Takes Up Coding?
John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies newest invention appears to...
German Police Raid DDoS-Friendly Host ‘FlyHosting’
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based...
UK Sets Up Fake Booter Sites To Muddy DDoS Market
The United Kingdoms National Crime Agency NCA has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The warning...
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected...
Why You Should Opt Out of Sharing Data With Your Mobile Provider
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Heres...
Feds Charge NY Man as BreachForums Boss “Pompompurin”
The U.S. Federal Bureau of Investigation FBI this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forums administrator "Pompompurin" has been a thorn in...
Microsoft Patch Tuesday, March 2023 Edition
Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The...
Two U.S. Men Charged in 2022 Hacking of DEA Portal
Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency DEA online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised...
Who’s Behind the NetWire Remote Access Trojan?
A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan RAT marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau...
Sued by Meta, Freenom Halts Domain Registrations
The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites whi...
Highlights from the New U.S. Cybersecurity Strategy
The Biden administration today issued its vision for beefing up the nations collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White Houses new national cybersecurity strate...
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...
When Low-Tech Hacks Cause High-Impact Breaches
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddys admission that i...
Who’s Behind the Botnet-Based Service BHProxies?
A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Heres a closer look at Mylobot, an...