Warning: file_get_contents() [function.file-get-contents]: SSL operation failed with code 1. OpenSSL Error messages: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents(http://slashdot.org/stories/security) [function.file-get-contents]: failed to open stream: operation failed in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents() [function.file-get-contents]: SSL operation failed with code 1. OpenSSL Error messages: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents() [function.file-get-contents]: Failed to enable crypto in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents(http://infosecisland.com/) [function.file-get-contents]: failed to open stream: operation failed in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42
All Headlines
Krebs on Security
 

Senator Chides FBI for Weak Advice on Mobile Security

Jun 30, 2025 | Krebs on Security

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

  (Read Story...)

Big Tech’s Mixed Response to U.S. Treasury Sanctions

Jul 03, 2025 | Krebs on Security

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.

  (Read Story...)

Microsoft Patch Tuesday, July 2025 Edition

Jul 09, 2025 | Krebs on Security

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

  (Read Story...)

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Jul 10, 2025 | Krebs on Security

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

  (Read Story...)

DOGE Denizen Marko Elez Leaked API Key for xAI

Jul 15, 2025 | Krebs on Security

Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.

  (Read Story...)

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Jul 18, 2025 | Krebs on Security

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.

  (Read Story...)

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Jul 21, 2025 | Krebs on Security

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

  (Read Story...)

Phishers Target Aviation Execs to Scam Customers

Jul 24, 2025 | Krebs on Security

KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.

  (Read Story...)

Scammers Unleash Flood of Slick Online Gaming Sites

Jul 30, 2025 | Krebs on Security

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

  (Read Story...)

Who Got Arrested in the Raid on the XSS Crime Forum?

Aug 06, 2025 | Krebs on Security

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

  (Read Story...)

Who Got Arrested in the Raid on the XSS Crime Forum?

Aug 06, 2025 | Krebs on Security

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

  (Read Story...)

Scammers Unleash Flood of Slick Online Gaming Sites

Jul 30, 2025 | Krebs on Security

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

  (Read Story...)

Phishers Target Aviation Execs to Scam Customers

Jul 24, 2025 | Krebs on Security

KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.

  (Read Story...)

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Jul 21, 2025 | Krebs on Security

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

  (Read Story...)

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Jul 18, 2025 | Krebs on Security

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.

  (Read Story...)

DOGE Denizen Marko Elez Leaked API Key for xAI

Jul 15, 2025 | Krebs on Security

Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.

  (Read Story...)

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Jul 10, 2025 | Krebs on Security

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

  (Read Story...)

Microsoft Patch Tuesday, July 2025 Edition

Jul 09, 2025 | Krebs on Security

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

  (Read Story...)

Big Tech’s Mixed Response to U.S. Treasury Sanctions

Jul 03, 2025 | Krebs on Security

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.

  (Read Story...)

Senator Chides FBI for Weak Advice on Mobile Security

Jun 30, 2025 | Krebs on Security

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

  (Read Story...)

←  1 / 1010  →