Krebs – Computer Security Articles

MasterCard DNS Error Went Unnoticed for Years

January 22, 2025 admin 0 Comments A Little Sunshine, akam.ne, akam.net, Akamai, awsdns-06.ne, az.mastercard.com, Azure, Bugcrowd, CloudFlare, google, how to break into security, mastercard, philippe caturegli, seralys

Credit to Author: BrianKrebs| Date: Wed, 22 Jan 2025 15:24:41 +0000

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.

Independent Krebs

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

January 16, 2025 admin @chenlun, A Little Sunshine, csis security group, ezdrivema, FBI, ford merrill, ic3, iMessage, Latest Warnings, Lighthouse, massdot, north texas toll authority, rcs, secalliance, smishing, sms phishing, sunpass, the toll roads, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 16 Jan 2025 21:18:48 +0000

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Independent Krebs

Microsoft: Happy 2025. Here’s 161 Security Updates

January 14, 2025 admin adam barnett, bitlocker, bob hopkins, cve-2024-49142, cve-2025-21186, cve-2025-21210, cve-2025-21298, cve-2025-21311, cve-2025-21333, cve-2025-21334, cve-2025-21335, cve-2025-21366, cve-2025-21395, kev breen, Latest Warnings, microsoft access, microsoft patch tuesday january 2025, Rapid7, Satnam Narang, The Coming Storm, Time to Patch, unpatched.ai, windows 11, windows hyper-v, windows ntlmv1

Credit to Author: BrianKrebs| Date: Tue, 14 Jan 2025 22:50:00 +0000

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Independent Krebs

A Day in the Life of a Prolific Voice Phishing Crew

January 7, 2025 admin 800-275-2273, A Little Sunshine, Allison Nixon, aristotle, autodoxers, Coinbase, crypto chameleon, discord, domaintools, Latest Warnings, lookout, mark cuban, Okta, perm, shark tank, star fraud, stotle, telegram, The Coming Storm, trezor, unit 221b, voice phishing, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2025 23:41:53 +0000

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Independent Krebs

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

December 30, 2024 admin A Little Sunshine, Allison Nixon, cameron john wagenius, connor riley moucka, judische, kiberphant0m, Ne'er-Do-Well News, unit 221b

Credit to Author: BrianKrebs| Date: Tue, 31 Dec 2024 04:05:51 +0000

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.

Independent Krebs

Happy 15th Anniversary, KrebsOnSecurity!

December 29, 2024 admin Other

Credit to Author: BrianKrebs| Date: Sun, 29 Dec 2024 23:48:44 +0000

KrebsOnSecurity.com turns 15 years old today! Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. It’s also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership (thank you!).

Independent Krebs

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

December 19, 2024 admin A Little Sunshine, acunetix, altug sara, altugsara321@gmail.com, araneida scanner, bilitro yazilim, Breadcrumbs, domaintools, FIN7, invicti security, matt sciberras, Ne'er-Do-Well News, neil roseman, ori0nbusiness@protonmail.com, silent push, The Coming Storm, u.s. department of health and human services, zach edwards

Credit to Author: BrianKrebs| Date: Thu, 19 Dec 2024 17:07:30 +0000

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Independent Krebs

How to Lose a Fortune with Just One Bad Click

December 18, 2024 admin (650) 203-0000, A Little Sunshine, Coinbase, daniel from google, gemini ai, Google Assistant, google docs, google forms, google photos, graham cluely, junseth, Latest Warnings, Minecraft, Ne'er-Do-Well News, swancoin, trezor, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 18 Dec 2024 13:17:59 +0000

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

← Previous