150 
What Happened to Facebook, Instagram, & WhatsApp?
Krebs on Security
OCTOBER 4, 2021
Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.
Krebs on Security
Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
Krebs on Security
OCTOBER 14, 2021
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov.
Join 5,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Rise of One-Time Password Interception Bots
Krebs on Security
SEPTEMBER 29, 2021
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.
Wanted: Disgruntled Employees to Deploy Ransomware
Krebs on Security
AUGUST 19, 2021
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection.
How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance
Apple AirTag Bug Enables ‘Good Samaritan’ Attack
Krebs on Security
SEPTEMBER 28, 2021
The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.
Customer Care Giant TTEC Hit By Ransomware
Krebs on Security
SEPTEMBER 15, 2021
TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.
Phishing Sites Targeting Scammers and Thieves
Krebs on Security
AUGUST 9, 2021
I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com
The Life Cycle of a Breached Database
Krebs on Security
JULY 29, 2021
Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.
Patch Tuesday, October 2021 Edition
Krebs on Security
OCTOBER 12, 2021
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.
Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents
Krebs on Security
AUGUST 25, 2021
In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin.
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
Microsoft: Attackers Exploiting Windows Zero-Day Flaw
Krebs on Security
SEPTEMBER 8, 2021
Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website.
T-Mobile: Breach Exposed SSN/DOB of 40M+ People
Krebs on Security
AUGUST 18, 2021
T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company.
How Coinbase Phishers Steal One-Time Passwords
Krebs on Security
OCTOBER 13, 2021
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.
How to Tell a Job Offer from an ID Theft Trap
Krebs on Security
MAY 21, 2021
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns.
DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
Krebs on Security
MAY 14, 2021
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.
A Closer Look at the DarkSide Ransomware Gang
Krebs on Security
MAY 11, 2021
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.
Don’t Wanna Pay Ransom Gangs? Test Your Backups.
Krebs on Security
JULY 19, 2021
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups.
Serial Swatter Who Caused Death Gets Five Years in Prison
Krebs on Security
JULY 21, 2021
A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.
Another 0-Day Looms for Many Western Digital Users
Krebs on Security
JULY 2, 2021
Some of Western Digital’s MyCloud-based data storage devices. Image: WD.
Microsoft Patch Tuesday, August 2021 Edition
Krebs on Security
AUGUST 10, 2021
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products.
KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”
Krebs on Security
SEPTEMBER 10, 2021
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack.
Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
Krebs on Security
SEPTEMBER 16, 2021
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites.
Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax
Krebs on Security
JULY 1, 2021
Financial services giant Intuit this week informed 1.4
Whistleblower: Ubiquiti Breach “Catastrophic”
Krebs on Security
MARCH 30, 2021
On Jan. 11, Ubiquiti Inc. NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.
Gift Card Gang Extracts Cash From 100k Inboxes Daily
Krebs on Security
SEPTEMBER 2, 2021
Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period.
Microsoft Issues Emergency Patch for Windows Flaw
Krebs on Security
JULY 7, 2021
Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited.
Ransomware Gangs and the Name Game Distraction
Krebs on Security
AUGUST 5, 2021
It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband.
New Anti Anti-Money Laundering Services for Crooks
Krebs on Security
AUGUST 13, 2021
A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity.
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
Krebs on Security
MARCH 5, 2021
PlugwalkJoe Does the Perp Walk
Krebs on Security
JULY 26, 2021
Joseph “PlugwalkJoe” O’Connor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor.
Three Top Russian Cybercrime Forums Hacked
Krebs on Security
MARCH 4, 2021
Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.
Spike in “Chain Gang” Destructive Attacks on ATMs
Krebs on Security
JULY 9, 2021
Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside.
Experian API Exposed Credit Scores of Most Americans
Krebs on Security
APRIL 28, 2021
Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.
15-Year-Old Malware Proxy Network VIP72 Goes Dark
Krebs on Security
SEPTEMBER 1, 2021
Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems.
Recycle Your Phone, Sure, But Maybe Not Your Number
Krebs on Security
MAY 19, 2021
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents.
A Basic Timeline of the Exchange Mass-Hack
Krebs on Security
MARCH 8, 2021
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion.
ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users
Krebs on Security
APRIL 12, 2021
Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
Let's personalize your content