Security News

March 15, 2023

Microsoft Patch Tuesday, March 2023 Edition

This post was originally published on this siteMicrosoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. Microsoft said it has seen evidence that attackers are exploiting this flaw, which can be done without any user interaction by sending a booby-trapped email that triggers automatically when retrieved by the email server […]
March 14, 2023

Two U.S. Men Charged in 2022 Hacking of DEA Portal

This post was originally published on this siteTwo U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh — also known as “Weep” — a 19-year-old from Pawtucket, Rhode Island; and Nicholas Ceraolo, 25, of Queens, […]
March 9, 2023

Who’s Behind the NetWire Remote Access Trojan?

This post was originally published on this siteA Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years. Typically installed by booby-trapped Microsoft Office documents and […]
March 7, 2023

Sued by Meta, Freenom Halts Domain Registrations

This post was originally published on this siteThe domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains. Freenom’s website features a message saying it is not currently allowing new registrations. Freenom is the domain name registry service provider for five so-called “country code top level domains” (ccTLDs), including .cf for the Central African Republic; .ga […]
March 2, 2023

Highlights from the New U.S. Cybersecurity Strategy

This post was originally published on this siteThe Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests. The strategy says the White House will work with Congress and the private sector to develop legislation that would prevent companies from […]
February 28, 2023

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

This post was originally published on this site Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors […]
February 26, 2023

When Low-Tech Hacks Cause High-Impact Breaches

This post was originally published on this siteWeb hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. In a filing with the U.S. Securities and Exchange […]
February 24, 2023

Who’s Behind the Botnet-Based Service BHProxies?

This post was originally published on this siteA security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service. The BHProxies website. First identified in 2017 by the security firm Deep Instinct, Mylobot employs a number of fairly sophisticated methods to remain undetected on infected hosts, such as running exclusively in the computer’s temporary […]
February 17, 2023

New Protections for Food Benefits Stolen by Skimmers

This post was originally published on this siteMillions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023, which — for the first time ever — includes provisions for the replacement of stolen EBT benefits. This is a big deal because in 2022, organized crime groups began massively targeting […]
February 14, 2023

Microsoft Patch Tuesday, February 2023 Edition

This post was originally published on this siteMicrosoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks. Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver, which is present in Windows 10 and 11 systems, […]
February 9, 2023

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

This post was originally published on this siteAuthorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “Trickbot,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite […]
February 7, 2023

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

This post was originally published on this siteKrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack. The new docuseries produced by ABC News Studios and Wall to Wall Media is tentatively titled, “The Ashley Madison Affair,” and is slated for release on Hulu in late Spring 2023. […]
February 5, 2023

Finland’s Most-Wanted Hacker Nabbed in France

This post was originally published on this siteJulius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. In late October 2022, Kivimäki was charged (and “arrested in absentia,” according to the Finns) with attempting to extort money from the Vastaamo Psychotherapy Center. In that […]
January 25, 2023

Experian Glitch Exposing Credit Files Lasted 47 Days

This post was originally published on this siteOn Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022. The tip about the Experian weakness came from Jenya Kushnir, a […]
January 24, 2023

Administrator of RSOCKS Proxy Botnet Pleads Guilty

This post was originally published on this siteDenis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019. First advertised in the cybercrime underground in 2014, […]
January 19, 2023

New T-Mobile Breach Affects 37 Million Accounts

This post was originally published on this siteT-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S. Securities and Exchange Commission, T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer […]
January 17, 2023

Thinking of Hiring or Running a Booter Service? Think Again.

This post was originally published on this siteMost people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves against incessant attacks from competing DDoS-for-hire services. And then there are booter store operators like John Dobbs, a 32-year-old computer science graduate student living in […]
January 10, 2023

Microsoft Patch Tuesday, January 2023 Edition

This post was originally published on this siteMicrosoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection. At least 11 of the patches released today are rated “Critical” by Microsoft, meaning they could be exploited by malware or malcontents to seize remote control over vulnerable Windows systems with little or […]
January 9, 2023

Identity Thieves Bypassed Experian Security to View Credit Reports

This post was originally published on this siteIdentity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number. The vulnerability in Experian’s website was exploitable after one applied to see their […]
December 29, 2022

Happy 13th Birthday, KrebsOnSecurity!

This post was originally published on this siteKrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review […]
December 29, 2022

Happy 12th Birthday, KrebsOnSecurity!

This post was originally published on this siteKrebsOnSecurity turns 12 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review review below. Until recently, I was fairly active on Twitter, regularly tweeting to more […]
December 20, 2022

The Equifax Breach Settlement Offer is Real, For Now

This post was originally published on this siteMillions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money. One reader’s copy of their Equifax Breach Settlement letter. They received a check for $6.97. In 2017, Equifax disclosed a massive, extended data breach that […]
December 19, 2022

Hacked Ring Cams Used to Record Swatting Victims

This post was originally published on this site Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived. Prosecutors in Los Angeles allege 20-year-old James Thomas Andrew McCarty, a.k.a. “Aspertaine,” of Charlotte, N.C., and Kya […]
December 14, 2022

Six Charged in Mass Takedown of DDoS-for-Hire Sites

This post was originally published on this siteThe U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services. The booter service OrphicSecurityTeam[.]com was one of the 48 DDoS-for-hire domains seized by the Justice Department this week. The DOJ said the 48 domains it seized helped paying customers launch millions of […]
December 14, 2022

Microsoft Patch Tuesday, December 2022 Edition

This post was originally published on this siteMicrosoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday. The security updates include patches for Azure, Microsoft Edge, Office, SharePoint Server, SysInternals, and the .NET framework. Six of the update bundles earned […]