The Dark Nexus Between Harm Groups and ‘The Com’
Krebs on Security
by BrianKrebs
3d ago
A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others ..read more
Visit website
Bug Left Some Windows PCs Dangerously Unpatched
Krebs on Security
by BrianKrebs
6d ago
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year ..read more
Visit website
Sextortion Scams Now Include Photos of Your Home
Krebs on Security
by BrianKrebs
1w ago
An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing ..read more
Visit website
Owners of 1-Time Passcode Theft Service Plead Guilty
Krebs on Security
by BrianKrebs
2w ago
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account ..read more
Visit website
When Get-Out-The-Vote Efforts Look Like Phishing
Krebs on Security
by BrianKrebs
2w ago
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign ..read more
Visit website
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
Krebs on Security
by BrianKrebs
3w ago
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China ..read more
Visit website
Local Networks Go Global When Domain Names Collide
Krebs on Security
by BrianKrebs
3w ago
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem ..read more
Visit website
National Public Data Published Its Own Passwords
Krebs on Security
by BrianKrebs
1M ago
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today ..read more
Visit website
Six 0-Days Lead Microsoft’s August 2024 Patch Push
Krebs on Security
by BrianKrebs
1M ago
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers ..read more
Visit website
Cybercrime Rapper Sues Bank over Fraud Investigation
Krebs on Security
by BrianKrebs
1M ago
In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade's social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation ..read more
Visit website

Follow Krebs on Security on FeedSpot

Continue with Google
Continue with Apple
OR