Tag: krebsonsecurity

  • Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

    Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services,…

  • How to Lose a Fortune with Just One Bad Click

    How to Lose a Fortune with Just One Bad Click Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and…

  • How Cryptocurrency Turns to Cash in Russian Banks

    How Cryptocurrency Turns to Cash in Russian Banks A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to…

  • Patch Tuesday, December 2024 Edition

    Patch Tuesday, December 2024 Edition Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to…

  • U.S. Offered $10M for Hacker Just Arrested by Russia

    U.S. Offered $10M for Hacker Just Arrested by Russia In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information…

  • Hacker in Snowflake Extortions May Be a U.S. Soldier

    Hacker in Snowflake Extortions May Be a U.S. Soldier Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this…

  • Feds Charge Five Men in ‘Scattered Spider’ Roundup

    Feds Charge Five Men in ‘Scattered Spider’ Roundup Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of…

  • An Interview With the Target & Home Depot Hacker

    An Interview With the Target & Home Depot Hacker In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in…

  • Fintech Giant Finastra Investigating Data Breach

    Fintech Giant Finastra Investigating Data Breach The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than…

  • Microsoft Patch Tuesday, November 2024 Edition

    Microsoft Patch Tuesday, November 2024 Edition Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The…