You are browsing archives for
We often say that in cybersecurity, it’s important to think about “when” an attack will occur, not “if” it will occur. And while being proactive is touted as the key to an organization’s most effective security posture, one should never dismiss the value of reactive security practices, either. Building up your defences against attacks and […]
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. One of many similar […]
In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how […]
Burnout, depression, anxiety and a slew of mental health issues are becoming more common among cybersecurity professionals. Although workplace stress follows every industry, cybersecurity seems to be particularly susceptible to it. The fact that there is stigma around discussing mental health in the security community does not help either. The modern superheroes who make the […]
Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting […]
In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the […]
With hundreds, if not thousands, of websites being launched every day, the increasing size of the internet makes it nearly impossible to manually scan and build reliable reports. Internet scanning, as it’s commonly called, can often be too slow for timely catching of security vulnerabilities when done manually. And that’s even within small to medium-sized […]
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland. A still shot from a […]
The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two […]
Imagine this scenario: it’s tax season, and you work in the HR department. Your CEO sends you an email requesting copies of employee W-2s that include names, addresses, Social Security numbers, income data and tax information. With the sense of urgency that the tax season brings and a direct request from your CEO, what should […]
This manifold implementation or process of brute forcing credential hashes within the Windows Active Directory ecosystem would soon become the de facto attack vector against the Kerberos protocol, leveraging certain exploitable authentication and encryption mechanisms of the popular MIT-born technology while embroiling the Redmond giant in a cascade of existential threats for years to come. […]
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it […]
Bug bounty hunting is one of the most sought-after jobs for young hackers just entering the industry. Some might take on it as a hobby, a way to hone their hacking skills; and for others, it’s truly a lucrative full-time career option. In 2020 alone, bug bounty hunters earned a record $40 million for reporting […]
The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide, a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown […]
KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual […]
Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser […]
Florian “The Shark” Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court. Florian Tudor, at a 2020 press […]
Find the top shodan dorks to expose critical information collected from publicly available sources. Source of Article
Reactive vs proactive security is often not the matter of choosing which one is better but to see how both are important for a proper cybersecurity posture of your organization. Source of Article
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer […]
