Skip to main content

U.S. Secret Service: “Massive

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around […]

Microsoft Patch Tuesday, May 2...

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if you’re running Windows on any of your machines it’s time once again to prepare to get your patches on. […]

DevSecOps: Ingraining Security...

At one time, the waterfall model was used in software development: the process was fractionated into different linear phases, with phases having different tasks and objectives and only commencing once the previous phase was over. But to improve the delivery process, more efficient solutions had to be found. So after the waterfall came “agile”. Agile […]

Ransomware Hit ATM Giant Diebo...

Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network. Canton, Ohio-based Diebold [NYSE: DBD] is currently the […]

Meant to Combat ID Theft, Unem...

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank, a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent […]

Tech Support Scam Uses Child P...

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, but the number […]

Europe’s Largest Private Hospi

Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues. Based […]

What is OWASP? Top 10 Web Appl...

In this highly-competitive market where new releases take place daily, businesses are putting much of their focus on speed. Reports show that in 2019, 38% of developers indicated that they released monthly or even faster. However, with speed getting the preferred treatment, security can be left behind. In the application release process, security often arrives […]

How Cybercriminals are Weather...

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market […]

Top 5 Best InfoSec and Cyberse...

As those predictions might sound grim to organizations looking to protect their systems, networks and the growing attack surface against ever-evolving cyber threats, they are advantageous to those looking to enter the cybersecurity field. Many cybersecurity positions are in high demand in current job market, and some of the most sought after are: Cybersecurity Engineer […]

Unproven Coronavirus Therapy P...

Many of the same shadowy organizations that pay people to promote male erectile dysfunction drugs via spam and hacked websites recently have enjoyed a surge in demand for medicines used to fight malaria, lupus and arthritis, thanks largely to unfounded suggestions that these therapies can help combat the COVID-19 pandemic. A review of the sales figures […]

Who’s Behind the “Reopen” Doma

The past few weeks have seen a large number of new domain registrations beginning with the word “reopen” and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to “liberate” themselves from new gun control measures and […]

Sipping from the Coronavirus D...

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure […]

COVID-19 Has United Cybersecur...

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving […]

Microsoft Patch Tuesday, April...

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs. […]

What is a Security Operations ...

Attack vectors, tools and techniques are constantly evolving. And because standard security practices have been around for a long time, crackers have been around just as long—and have figured out how to circumvent those defenses. Any unknown threat or zero-day your defenses can’t protect you from can lead to malicious actors making their way into […]

New IRS Site Could Make it Eas...

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up […]

Microsoft Buys Corp.com So Bad...

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of […]