HackDig : Dig high-quality web security articles for hackers

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all f
Publish At:2020-09-30 11:56 | Read:167 | Comments:0 | Tags:Other CVE-2020-1472 microsoft Scott Caveza Tenable Windows S

The Joys of Owning an ‘OG’ Email Account

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails y
Publish At:2020-09-03 18:42 | Read:257 | Comments:0 | Tags:Other

Microsoft Patch Tuesday, August 2020 Edition

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch batch
Publish At:2020-08-11 19:05 | Read:375 | Comments:0 | Tags:Latest Warnings Other Time to Patch adobe acrobat adobe read

Three Charged in July 15 Twitter Compromise

Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. Amazon CEO Jeff Bezos’s Twitter account on the afternoon of July 15. Nima R
Publish At:2020-07-31 20:15 | Read:433 | Comments:0 | Tags:Ne'er-Do-Well News Other Chaewon Ever So Anxious Graham Clar

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan
Publish At:2020-06-18 22:02 | Read:445 | Comments:0 | Tags:Data Breaches Other Tax Refund Fraud AlphaBay DearthStar Evo

How Cybercriminals are Weathering COVID-19

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market the
Publish At:2020-05-03 09:35 | Read:745 | Comments:0 | Tags:Ne'er-Do-Well News Other Web Fraud 2.0 alex holden Coronavir

Security Breach Disrupts Fintech Firm Finastra

Finastra, a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing wit
Publish At:2020-03-20 14:20 | Read:784 | Comments:0 | Tags:Other data breach Finastra ransomware Tom Kilroy

U.S. Govt. Makes it Harder to Get .Gov Domains

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain. In November’s piece It’
Publish At:2020-03-07 11:56 | Read:1136 | Comments:0 | Tags:Other .gov Cybersecurity and Infrastructure Security Agency

Happy 10th Birthday, KrebsOnSecurity.com

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its incepti
Publish At:2019-12-29 21:40 | Read:947 | Comments:0 | Tags:Other

CISO Magazine Honors KrebsOnSecurity

CISO Magazine, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue. KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few pe
Publish At:2019-12-10 15:35 | Read:1301 | Comments:0 | Tags:Other CISO Magazine

Ayuda! (Help!) Equifax Has My Data!

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may not yet be complete: According to information obtained by KrebsO
Publish At:2017-09-30 15:56 | Read:4173 | Comments:0 | Tags:Other alex holden Ayuda Equifax Hold Security LLC Jorge Sper

Adobe, Microsoft Plug Critical Security Holes

Adobe and Microsoft both on Tuesday released patches to plug critical security vulnerabilities in their products. Microsoft’s patch bundles fix close to 80 separate security problems in various versions of its Windows operating system and related software — including two vulnerabilities that already are being exploited in active attacks. Adobe
Publish At:2017-09-30 15:56 | Read:3956 | Comments:0 | Tags:Other adobe adobe flash player Ivanti microsoft Patch Tuesda

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers ini
Publish At:2017-09-30 15:56 | Read:4248 | Comments:0 | Tags:Other apache struts cve-2017-5638 Equifax breach mastercard

Equifax Breach: Setting the Record Straight

Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it
Publish At:2017-09-30 15:56 | Read:3671 | Comments:0 | Tags:Other credit lock Elizabeth Warren Equifax breach Experian T

Experian Site Can Give Anyone Your Credit Freeze PIN

An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian. Experian’s page for retrieving someone’s credit freeze PIN requires little more in
Publish At:2017-09-30 15:56 | Read:4452 | Comments:0 | Tags:Other credit freeze Equifax Experian

Tools

Tag Cloud