Krebs on Security

Malicious Office 365 Apps Are the Ultimate Insiders – Krebs on Security

These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that be at or their employer’s domain.

Experian API Exposed Credit Scores of Most Americans – Krebs on Security

Experian fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity reported.

Ransom Gangs Emailing Victim Customers for Leverage - KrebsonSecurity

Ransomware gangs are emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

No, I Did Not Hack Your MS Exchange Server — Krebs on Security

The motivations of the cybercriminals behind the Krebonsecurity dot top domain are unclear, but the domain itself has a recent association with other cybercrime activity — and harassing this author.

Phish Leads to Breach at Calif. State Controller — Krebs on Security

For more than 24 hours starting on the afternoon of March 18, attackers had access to the email records of an employee in its Unclaimed Property Division after the employee got phished.

Is Your Browser Extension a Botnet Backdoor? — Krebs on Security

Infatica uses the browser of anyone who has an extension injected with its code to route web traffic for the company’s customers, including marketers or anyone able to afford its subscription charges.

Checkout Skimmers Powered by Chip Cards — Krebs on Security

Skimming devices used to hack terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot.

Bluetooth Overlay Skimmer That Blocks Chip — Krebs on Security

The Bluetooth-enabled skimming devices placed over top of payment card terminals interfere with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit — Krebs on Security

Cyber cops in Ukraine carried out an arrest and raids in connection with author of U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”

Law Enforcement Takes Down ValidCC Dark Web Payment Card Marketplace

ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags