The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent […]
Category Archives: Krebs
Category Added in a WPeMatico Campaign
@chenlun, A Little Sunshine, CSIS Security Group, EZDriveMA, fbi, Ford Merrill, ic3, imessage, Krebs, Latest Warnings, Lighthouse, MassDOT, News, North Texas Toll Authority, RCS, SecAlliance, Security, smishing, SMS phishing, Sunpass, The Toll Roads, Web Fraud 2.0
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
16
Jan
Jan
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes […]
Adam Barnett, Bitlocker, Bob Hopkins, CVE-2024-49142, CVE-2025-21186, CVE-2025-21210, CVE-2025-21298, CVE-2025-21311, CVE-2025-21333, CVE-2025-21334, CVE-2025-21335, CVE-2025-21366, CVE-2025-21395, Kev Breen, Krebs, Latest Warnings, Microsoft Access, Microsoft Patch Tuesday January 2025, News, Rapid7, Satnam Narang, Security, The Coming Storm, Time to Patch, unpatched.ai, Windows 11, Windows Hyper-V, Windows NTLMv1
Microsoft: Happy 2025. Here’s 161 Security Updates
14
Jan
Jan
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett says January marks the fourth consecutive month […]
800-275-2273, A Little Sunshine, Allison Nixon, Aristotle, autodoxers, Coinbase, Crypto Chameleon, Discord, domaintools, Krebs, Latest Warnings, Lookout, Mark Cuban, News, Okta, Perm, Security, Shark Tank, Star Fraud, Stotle, telegram, The Coming Storm, Trezor, Unit 221B, voice phishing, Web Fraud 2.0
A Day in the Life of a Prolific Voice Phishing Crew
07
Jan
Jan
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety […]
30
Dec
Dec
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South […]
29
Dec
Dec
Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today! Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. It’s also an occasion to note that despite my publishing fewer stories than […]
A Little Sunshine, Acunetix, Altug Sara, [email protected], Araneida Scanner, Bilitro Yazilim, Breadcrumbs, domaintools, Fin7, Invicti Security, Krebs, Matt Sciberras, Ne'er-Do-Well News, Neil Roseman, News, [email protected], Security, Silent Push, The Coming Storm, U.S. Department of Health and Human Services, Zach Edwards
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
19
Dec
Dec
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology […]
(650) 203-0000, A Little Sunshine, Coinbase, Daniel from Google, Gemini AI, Google Assistant, google docs, Google Forms, Google Photos, Graham Cluely, Junseth, Krebs, Latest Warnings, Minecraft, Ne'er-Do-Well News, News, Security, SwanCoin, Trezor, Web Fraud 2.0
How to Lose a Fortune with Just One Bad Click
18
Dec
Dec
Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to […]
A Little Sunshine, Binance, Blaven Technologies, Breadcrumbs, Chainalysis, CloudFlare, Cryptomus, CTV News, FINTRAC, Icon Tech SRO, Investigative Journalism Foundation, Krebs, Mezhundarondnaya IBU SRO, News, Peter German, PQ Hosting, RCMP, Richard Sanders, Russia's War on Ukraine, Security, Vira Krychka, Web Fraud 2.0, WS Management and Advisory Corporation Ltd, Xeltox Enterprises
How Cryptocurrency Turns to Cash in Russian Banks
11
Dec
Dec
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, […]
Adam Barnett, CVE-2024-49112, CVE-2024-49138, Fortra, Immersive Labs, Krebs, LDAP, Lightweight Directory Access Protocol, Microsoft Patch Tuesday December 2024, News, Other, Rapid7, Rob Reeves, Security, Tenable, Tyler Reguly, Windows Common Log File System (CLFS) driver
Patch Tuesday, December 2024 Edition
10
Dec
Dec
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that […]