Cybersecurity

Bug Left Some Windows PCs Dangerously Unpatched

   ​ Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several …

Bug Left Some Windows PCs Dangerously Unpatched Read More »

Sextortion Scams Now Include Photos of Your Home

   ​ An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.​ ​[[{“value”:” An old but persistent …

Sextortion Scams Now Include Photos of Your Home Read More »

Owners of 1-Time Passcode Theft Service Plead Guilty

   ​ [[{“value”:”Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log …

Owners of 1-Time Passcode Theft Service Plead Guilty Read More »

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

   ​ Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United …

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ Read More »

Local Networks Go Global When Domain Names Collide

   ​ The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which …

Local Networks Go Global When Domain Names Collide Read More »

National Public Data Published Its Own Passwords

   ​ New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its …

National Public Data Published Its Own Passwords Read More »

NationalPublicData.com Hack Exposes a Nation’s Data

   ​ A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll …

NationalPublicData.com Hack Exposes a Nation’s Data Read More »

Six 0-Days Lead Microsoft’s August 2024 Patch Push

   ​ Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.​ ​[[{“value”:” Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that …

Six 0-Days Lead Microsoft’s August 2024 Patch Push Read More »

Cybercrime Rapper Sues Bank over Fraud Investigation

   ​ In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing his financial institution after it blocked a $75,000 wire transfer and …

Cybercrime Rapper Sues Bank over Fraud Investigation Read More »

Scroll to Top