'

Krebs On Security

Patch Tuesday, May 2024 Edition

Patch Tuesday, May 2024 Edition
Tweet
Share
Share

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day … Read more

How Did Authorities Identify the Alleged Lockbit Boss?

How Did Authorities Identify the Alleged Lockbit Boss?
Tweet
Share
Share

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the … Read more

Why Your VPN May Not Be As Secure As It Claims

Why Your VPN May Not Be As Secure As It Claims
Tweet
Share
Share

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by … Read more

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data
Tweet
Share
Share

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In … Read more

Who Stole 3.6M Tax Records from South Carolina?

Who Stole 3.6M Tax Records from South Carolina?
Tweet
Share
Share

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling … Read more

Crickets from Chirp Systems in Smart Lock Key Leak

Crickets from Chirp Systems in Smart Lock Key Leak
Tweet
Share
Share

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, … Read more

Why CISA is Warning CISOs About a Breach at Sisense

Why CISA is Warning CISOs About a Breach at Sisense
Tweet
Share
Share

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been … Read more

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
Tweet
Share
Share

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets. The … Read more