Why Your Wi-Fi Router Doubles as an Apple AirTag
Krebs on Security
by BrianKrebs
20h ago
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is ..read more
Visit website
Patch Tuesday, May 2024 Edition
Krebs on Security
by BrianKrebs
1w ago
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacke ..read more
Visit website
How Did Authorities Identify the Alleged Lockbit Boss?
Krebs on Security
by BrianKrebs
1w ago
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. Dmitry Yuryevich Khoroshev. Image: treasury.gov. On May 7, the U.S ..read more
Visit website
Why Your VPN May Not Be As Secure As It Claims
Krebs on Security
by BrianKrebs
2w ago
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. Image: Shutterstock. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. Normally, the only system ..read more
Visit website
Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
Krebs on Security
by BrianKrebs
3w ago
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online. Ransom_man announced on the dark web ..read more
Visit website
FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data
Krebs on Security
by BrianKrebs
3w ago
The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law. The FCC said it found the carriers each sold access to its cus ..read more
Visit website
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
Krebs on Security
by BrianKrebs
1M ago
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps. A now-defunct carding shop that sold stolen credit cards and invoked 45’s likeness and name. As reported by The ..read more
Visit website
Who Stole 3.6M Tax Records from South Carolina?
Krebs on Security
by BrianKrebs
1M ago
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. Questions about who stole tax and financial data on rou ..read more
Visit website
Crickets from Chirp Systems in Smart Lock Key Leak
Krebs on Security
by BrianKrebs
1M ago
The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vu ..read more
Visit website
Why CISA is Warning CISOs About a Breach at Sisense
Krebs on Security
by BrianKrebs
1M ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than a thousand customers across a range of industry verticals, including financial services, tele ..read more
Visit website

Follow Krebs on Security on FeedSpot

Continue with Google
Continue with Apple
OR