Krebs on Security

Try This One Weird Trick Russian Hackers Hate

1 day 13 hours ago
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed -- such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.
BrianKrebs

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

4 days 11 hours ago
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates.
BrianKrebs

Microsoft Patch Tuesday, May 2021 Edition

1 week ago
Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft's Internet Explorer (IE) web browser.
BrianKrebs

A Closer Look at the DarkSide Ransomware Gang

1 week ago
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here's a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.
BrianKrebs

Fintech Startup Offers $500 for Payroll Passwords

1 week 1 day ago
How much is your payroll data worth? Probably a lot more than you think. One financial startup that's targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.
BrianKrebs

Investment Scammer John Davies Reinvents Himself?

1 week 4 days ago
John Bernard, a pseudonym used by a convicted thief and con artist named John Clifton Davies who’s fleeced dozens of technology startups out of an estimated $30 million, appears to have reinvented himself again after being exposed in a recent investigative series published here. Sources tell KrebsOnSecurity that Davies/Bernard is now posing as John Cavendish and head of a new “private office” called Hempton Business Management LLP.
BrianKrebs

Malicious Office 365 Apps Are the Ultimate Insiders

1 week 6 days ago
Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user's emails and files, both of which are then plundered to launch malware and phishing scams against others.
BrianKrebs

Task Force Seeks to Disrupt Ransomware Payments

2 weeks 5 days ago
Some of the world's top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.
BrianKrebs

Experian API Exposed Credit Scores of Most Americans

2 weeks 6 days ago
Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.
BrianKrebs

Experian’s Credit Freeze Security is Still a Joke

3 weeks 1 day ago
In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer's request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian's website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.
BrianKrebs

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

1 month ago
On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
BrianKrebs

Microsoft Patch Tuesday, April 2021 Edition

1 month ago
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.
BrianKrebs

Are You One of the 533M People Who Got Facebooked?

1 month 1 week ago
Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you're a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.
BrianKrebs

Ransom Gangs Emailing Victim Customers for Leverage

1 month 1 week ago
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.
BrianKrebs

Ubiquiti All But Confirms Breach Response Iniquity

1 month 2 weeks ago
For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower's allegations that the company had massively downplayed a "catastrophic" two-month breach ending in January to save its stock price, and that Ubiquiti's insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday's story on the whistleblower's claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.
BrianKrebs

New KrebsOnSecurity Mobile-Friendly Site

1 month 2 weeks ago
Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.
BrianKrebs

Whistleblower: Ubiquiti Breach “Catastrophic”

1 month 2 weeks ago
On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
BrianKrebs
Checked
1 hour 53 minutes ago
In-depth security news and investigation
Subscribe to Krebs on Security feed