The Coming Storm – WindowsTechs.com

Fintech Giant Finastra Investigating Data Breach

Posted on November 20, 2024 by BrianKrebs

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. Continue reading Fintech Giant Finastra Investigating Data Breach→

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Posted on November 9, 2024 by BrianKrebs

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. Continue reading FBI: Spike in Hacked Police Emails, Fake Subpoenas→

Booking.com Phishers May Leave You With Reservations

Posted on November 1, 2024 by BrianKrebs

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. Continue reading Booking.com Phishers May Leave You With Reservations→

Change Healthcare Breach Hits 100M Americans

Posted on October 30, 2024 by BrianKrebs

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Continue reading Change Healthcare Breach Hits 100M Americans→

The Global Surveillance Free-for-All in Mobile Ad Data

Posted on October 23, 2024 by BrianKrebs

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites. Continue reading The Global Surveillance Free-for-All in Mobile Ad Data→

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Posted on September 26, 2024 by BrianKrebs

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. Continue reading U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex→

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Posted on August 27, 2024 by BrianKrebs

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. Continue reading New 0-Day Attacks Linked to China’s ‘Volt Typhoon’→

Local Networks Go Global When Domain Names Collide

Posted on August 23, 2024 by BrianKrebs

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem. Continue reading Local Networks Go Global When Domain Names Collide→

National Public Data Published Its Own Passwords

Posted on August 19, 2024 by BrianKrebs

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today. Continue reading National Public Data Published Its Own Passwords→

NationalPublicData.com Hack Exposes a Nation’s Data

Posted on August 15, 2024 by BrianKrebs

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida. Continue reading NationalPublicData.com Hack Exposes a Nation’s Data→