article thumbnail

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges.

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 278
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade.

article thumbnail

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia.

article thumbnail

Local Networks Go Global When Domain Names Collide

Krebs on Security

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time.

DNS 267
article thumbnail

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.

article thumbnail

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock.

DNS 247