Happy 12th Birthday, KrebsOnSecurity.com!

Credit to Author: BrianKrebs| Date: Wed, 29 Dec 2021 21:32:14 +0000

KrebsOnSecurity.com celebrates its 12th anniversary today! Maybe “celebrate” is too indelicate a word for a year wracked by the global pandemics of COVID-19 and ransomware. Especially since stories about both have helped to grow the audience here tremendously in 2021. But this site’s birthday also is a welcome opportunity to thank you all for your continued readership and support, which helps keep the content here free to everyone.

Read more

Conti Ransom Gang Starts Selling Access to Victims

Credit to Author: BrianKrebs| Date: Mon, 25 Oct 2021 19:49:37 +0000

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.

Read more

New KrebsOnSecurity Mobile-Friendly Site

Credit to Author: BrianKrebs| Date: Thu, 01 Apr 2021 20:19:23 +0000

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.

Read more

Microsoft Patch Tuesday, March 2021 Edition

Credit to Author: BrianKrebs| Date: Wed, 10 Mar 2021 01:42:39 +0000

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users.

Read more

SolarWinds: What Hit Us Could Hit Others

Credit to Author: BrianKrebs| Date: Tue, 12 Jan 2021 20:50:50 +0000

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers.

Read more

Happy 11th Birthday, KrebsOnSecurity!

Credit to Author: BrianKrebs| Date: Wed, 30 Dec 2020 01:24:33 +0000

Today marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. And it’s perhaps fitting that this was also a leap year, piling on an extra […]

Read more

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Credit to Author: BrianKrebs| Date: Thu, 24 Sep 2020 17:00:51 +0000

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.

Read more

The Joys of Owning an ‘OG’ Email Account

Credit to Author: BrianKrebs| Date: Thu, 03 Sep 2020 01:08:56 +0000

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and often for some fairly sensitive services online.

Read more