Kevin Beaumont

November 4, 2016

Did the Mirai Botnet Really Take Liberia Offline?

This post was originally published on this siteKrebsOnSecurity received many a missive over the past 24 hours from readers who wanted to know why I’d not written about widespread media reports that Mirai — a malware strain made from hacked “Internet of Things” (IoT) devices such as poorly secured routers and IP cameras — was used to knock the entire country of Liberia offline. The trouble is, as far as I can tell no such nationwide outage actually occurred. First, a quick recap on Mirai: This blog was taken offline in September following a record 620 Gpbs attack launched by a […]
May 10, 2021

Fintech Startup Offers $500 for Payroll Passwords

This post was originally published on this siteHow much is your payroll data worth? Probably a lot more than you think. One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, promised up to $500 for people who provided their payroll passwords, plus $25 a month for each month those credentials kept working. New York-based Argyle.com says it’s building a […]
December 14, 2021

Microsoft Patch Tuesday, December 2021 Edition

This post was originally published on this siteMicrosoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw. Log4Shell is the name picked for a critical flaw disclosed Dec. 9 in the popular logging library for Java called “log4j,” which is included in a huge number of […]
June 14, 2022

Microsoft Patch Tuesday, June 2022 Edition

This post was originally published on this siteMicrosoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year. Three of the bugs tackled this month earned Microsoft’s most dire “critical” label, meaning they can be exploited remotely by malware or miscreants to seize complete control over […]