You are browsing archives for
With this in mind it’s safe to assume that organizations are highly interested in protecting their data; after all, it’s at constant risk. If it’s valuable to the organization, it will surely be valuable to malicious actors, whether to be sold on the black market, used for market advantage, leveraged to ruin reputations, or just […]
Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may […]
Yesterday’s piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. […]
Since September of 2007, it’s been maintained and upgraded by Lyon and a number of developers, many from Google’s Summer of Code program. And on top of its long history, it continues to offer many cool features that are still extremely helpful when conducting mapping of network-facing services, for all sorts of assessments that can […]
At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, […]
While yes, there are adrenaline-seekers among us who would gladly take the plunge, let’s look at it from a non-thrill-seekers’ perspective: you would only jump if you knew you had the skills to do it safely, consider all the circumstances, assess the terrain, enlist someone to help out if necessary; essentially, prepare yourself for everything […]
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that […]
The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of […]
Let’s also consider the current shift taking place in many organizations: working remotely is all the rage right now. And with more and more team members working from home, more devices are accessing your network, along with new technologies and tools being utilized to make at-home-offices function properly. This blurs the lines between the personal […]
A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464, a problem with the […]
R1 RCM Inc. [NASDAQ:RCM], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide. R1 RCM […]
This kind of tool really enhances your toolbox when realizing an attack surface analysis against a desired target. Additionally, it provides a development interface that enables you to create your own modules and expand the tools’ capabilities even further. Getting to know Recon-ng This OSINT tool has plenty of features that come “out of the […]
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018, many people — particularly older folks — […]
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch […]
Every organization wants the best of the best to build their defenses. This can often leave their security teams and security operations centers with a toolstack of uncooperative solutions that don’t communicate with one another, with their full value remaining untapped, and they can interrupt or even cancel each other out. The team becomes paralyzed […]
A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned. In June, KrebsOnSecurity was contacted […]
Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. 17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s […]
A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers. The Blacklist […]
Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. Amazon CEO Jeff Bezos’s Twitter account on the afternoon of July 15. Nima […]
Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have […]
