Wednesday, August 10, 2022
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
Brian Krebs

Class Action Targets Experian Over Account Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in...
Brian Krebs

Scammers Sent Uber to Take Elderly Lady to the Bank

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.  In this case,...
Brian Krebs

No SOCKS, No Shoes, No Malware Proxy Services!

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining...
Brian Krebs

911 Proxy Service Implodes After Disclosing Breach

The 911 service as it existed until July 28, 2022. 911re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake...
Brian Krebs

Breach Exposes Users of Microleaves Proxy Service

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with...
Brian Krebs

A Retrospective on the 2015 Ashley Madison Breach

It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users, and to at least...
Brian Krebs

Massive Losses Define Epidemic of ‘Pig Butchering’

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers...
Brian Krebs

A Deep Dive Into the Residential Proxy Service ‘911’

The 911 service as it exists today. For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in...
Brian Krebs

Why 8kun Went Offline During the January 6 Hearings

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kuntop and TheDonaldwin in helping to organize and galvanize supporters who responded to former President Trump’s invitation to “be wild” in Washington, D.C....
Brian Krebs

Microsoft Patch Tuesday, July 2022 Edition

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also...
Brian Krebs

Experian, You Have Some Explaining to Do

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to...
Brian Krebs

The Link Between AWM Proxy & the Glupteba Botnet

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy —...
Brian Krebs

Meet the Administrators of the RSOCKS Proxy Botnet

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their...
Brian Krebs

Why Paper Receipts are Money at the Drive-Thru

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …