BrianKrebs – Page 46 – WindowsTechs.com

Indictment, Lawsuits Revive Trump-Alfa Bank Story

Posted on September 23, 2021 by BrianKrebs

In October 2016, media outlets reported that data collected by some of the world’s most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia’s largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago. Continue reading Indictment, Lawsuits Revive Trump-Alfa Bank Story→

Does Your Organization Have a Security.txt File?

Posted on September 20, 2021 by BrianKrebs

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground.

In a bid to minimize these scenarios, a growing number of major companies are adopting “Security.txt,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences. Continue reading Does Your Organization Have a Security.txt File?→

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Posted on September 17, 2021 by BrianKrebs

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services. Continue reading Trial Ends in Guilty Verdict for DDoS-for-Hire Boss→

Customer Care Giant TTEC Hit By Ransomware?

Posted on September 15, 2021 by BrianKrebs

TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned. Continue reading Customer Care Giant TTEC Hit By Ransomware?→

Microsoft Patch Tuesday, September 2021 Edition

Posted on September 14, 2021 by BrianKrebs

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software. Continue reading Microsoft Patch Tuesday, September 2021 Edition→

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Posted on September 10, 2021 by BrianKrebs

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Continue reading KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”→

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Posted on September 8, 2021 by BrianKrebs

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat. Continue reading Microsoft: Attackers Exploiting Windows Zero-Day Flaw→

“FudCo” Spam Empire Tied to Pakistani Software Firm

Posted on September 6, 2021 by BrianKrebs

In May 2015, KrebsOnSecurity briefly profiled “The Manipulaters,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers. Continue reading “FudCo” Spam Empire Tied to Pakistani Software Firm→

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Posted on September 2, 2021 by BrianKrebs

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. Continue reading Gift Card Gang Extracts Cash From 100k Inboxes Daily→

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Posted on September 1, 2021 by BrianKrebs

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two week ago, VIP72’s online storefront — which sold access to more than 30,000 compromised PCs — simply vanished. Continue reading 15-Year-Old Malware Proxy Network VIP72 Goes Dark→