serisec

Tag: krebsonsecurity

  • Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

    Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is…

  • U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

    U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the…

  • Trump 2.0 Brings Cuts to Cyber, Consumer Protections

    Trump 2.0 Brings Cuts to Cyber, Consumer Protections One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest…

  • How Phished Data Turns into Apple & Google Wallets

    How Phished Data Turns into Apple & Google Wallets Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of…

  • Nearly a Year Later, Mozilla is Still Promoting OneRep

    Nearly a Year Later, Mozilla is Still Promoting OneRep In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But…

  • Microsoft Patch Tuesday, February 2025 Edition

    Microsoft Patch Tuesday, February 2025 Edition Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name…

  • Teen on Musk’s DOGE Team Graduated from ‘The Com’

    Teen on Musk’s DOGE Team Graduated from ‘The Com’ Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so.…

  • Experts Flag Security, Privacy Risks in DeepSeek AI App

    Experts Flag Security, Privacy Risks in DeepSeek AI App New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption…

  • Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

    Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate…

  • FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

    FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published…

  • Infrastructure Laundering: Blending in with the Cloud

    Infrastructure Laundering: Blending in with the Cloud Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network…

  • A Tumultuous Week for Federal Cybersecurity Efforts

    A Tumultuous Week for Federal Cybersecurity Efforts Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of…

  • MasterCard DNS Error Went Unnoticed for Years

    MasterCard DNS Error Went Unnoticed for Years The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent…

  • Chinese Innovations Spawn Wave of Toll Phishing Via SMS

    Chinese Innovations Spawn Wave of Toll Phishing Via SMS Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a…

  • Microsoft: Happy 2025. Here’s 161 Security Updates

    Microsoft: Happy 2025. Here’s 161 Security Updates Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett…

  • A Day in the Life of a Prolific Voice Phishing Crew

    A Day in the Life of a Prolific Voice Phishing Crew Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely…

  • U.S. Army Soldier Arrested in AT&T, Verizon Extortions

    U.S. Army Soldier Arrested in AT&T, Verizon Extortions Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a…

  • Happy 15th Anniversary, KrebsOnSecurity!

    Happy 15th Anniversary, KrebsOnSecurity! Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today! Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. It’s also an occasion to note that despite my…

  • Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

    Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services,…

  • How to Lose a Fortune with Just One Bad Click

    How to Lose a Fortune with Just One Bad Click Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and…

  • How Cryptocurrency Turns to Cash in Russian Banks

    How Cryptocurrency Turns to Cash in Russian Banks A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to…

  • Patch Tuesday, December 2024 Edition

    Patch Tuesday, December 2024 Edition Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to…

  • U.S. Offered $10M for Hacker Just Arrested by Russia

    U.S. Offered $10M for Hacker Just Arrested by Russia In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information…

  • Hacker in Snowflake Extortions May Be a U.S. Soldier

    Hacker in Snowflake Extortions May Be a U.S. Soldier Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this…

  • Feds Charge Five Men in ‘Scattered Spider’ Roundup

    Feds Charge Five Men in ‘Scattered Spider’ Roundup Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of…

  • An Interview With the Target & Home Depot Hacker

    An Interview With the Target & Home Depot Hacker In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in…

  • Fintech Giant Finastra Investigating Data Breach

    Fintech Giant Finastra Investigating Data Breach The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than…

  • Microsoft Patch Tuesday, November 2024 Edition

    Microsoft Patch Tuesday, November 2024 Edition Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The…