Massive botnet chews through 20,000 WordPress sites
Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords. Continue reading Massive botnet chews through 20,000 WordPress sites
Category Archives: Brian Krebs
Hacker says USPS ignored serious security flaw for over a year
A security researcher claims the US Postal Service ignored a security flaw affecting 60 million users, until it was contacted by a journalist. Continue reading Hacker says USPS ignored serious security flaw for over a year
The key to protecting the midterms is resilience for election systems, experts say
With less than three weeks until the midterm elections, a lot of work has gone into preparing for the threat of election interference. But experts speaking at the CyberTalks conference on Thursday acknowledged that disaster could still strike, and that the officials who run U.S. elections have to be armed with proper resources and resilient systems. “We’re not seeing activity right now relating to direct election hacking. We’re not seeing anything right now along the lines of 2016, and that frankly makes me a little nervous,” said Homeland Security Undersecretary Chris Krebs. “So we’re working aggressively with our partners, the state and local [officials] to work through what an adversary could do with a two-and-a-half-week lead-up to the midterm elections.” U.S. intelligence officials have stressed over the past two years that Russia attempted to interfere in the 2016 election. Krebs said the hope is now to avoid a “failure of […]
The post The key to protecting the midterms is resilience for election systems, experts say appeared first on Cyberscoop.
Continue reading The key to protecting the midterms is resilience for election systems, experts say
Krebs/Sager interview on supply chain security
Brian Krebs interview with Tony Sager, on supply chain security.
The post Krebs/Sager interview on supply chain security appeared first on Security Boulevard.
Continue reading Krebs/Sager interview on supply chain security
Teen hacker admits to SWATting schools, airline flight
The teenager made bomb threats to schools, and to a flight between the UK and San Francisco while it was in mid-air. Continue reading Teen hacker admits to SWATting schools, airline flight
Mobile spyware maker mSpy leaks millions of records – AGAIN
The irony: Parents put it on kids’ phones to protect them, but this breach exposed sensitive data including Whatsapp and Facebook messages. Continue reading Mobile spyware maker mSpy leaks millions of records – AGAIN
Google hasn’t suffered an employee phishing compromise in over a year
Phishing attackers have failed to compromise a single employee account at Google since the company mandated authentication using U2F hardware tokens in early 2017. That’s the remarkable claim made to security writer Brian Krebs. Continue reading Google hasn’t suffered an employee phishing compromise in over a year
Sextortion and leaked passwords
Sextortion scammers exploit a long-gone password leak to convince victims they know more than they really do.
The post Sextortion and leaked passwords appeared first on Security Boulevard.
Continue reading Sextortion and leaked passwords
LocationSmart bug allowed for leak of location data for nearly any U.S. phone
A company that provides other companies with cell phone location-tracking services had an API on its website that inadvertently allowed anyone to freely look up the location of almost any cell phone in the United States. The bug was in a demo that the company, LocationSmart, posted on its website. The demo was to show people that it could approximate their phones’ locations using nearby cell towers. A report published Thursday by independent security journalist Brian Krebs shows that it would have been easy for someone to abuse the demo to secretly locate nearly any U.S. phone. LocationSmart is a location-as-a-service company that gives its customers the ability to “track assets, connect with employees and engage with customers through one secure interface,” according to its website. The demo sent a text message to a device to get permission from its owner before pinging the nearest cell phone tower in order to send […]
The post LocationSmart bug allowed for leak of location data for nearly any U.S. phone appeared first on Cyberscoop.
Continue reading LocationSmart bug allowed for leak of location data for nearly any U.S. phone
Facebook crime forums existed unchallenged for up to nine years
Cybersecurity blogger Brian Krebs spent just a couple of hours last week hunting for the Facebook forums used by fraudsters, and what he discovered is alarming.
Continue reading Facebook crime forums existed unchallenged for up to nine years