Hot Topics

Latest Warnings

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Phishers Spoof USPS, 12 Other Natl’ Postal Services

| | @chenlun, A Little Sunshine, Alibaba, Correos.es, dnslytics.com, DomainTools, Latest Warnings, Poste Italiane, Posti, PostNL, PostNord, UA-80133954-3, urlscan.io, USPS, Web Fraud 2.0
Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal ...
Krebs on Security
Don’t Let Zombie Zoom Links Drag You Down

Don’t Let Zombie Zoom Links Drag You Down

| | A Little Sunshine, Charan Akiri, Latest Warnings, linkedin, The Coming Storm, Zoom, Zoom Personal Meeting ID
Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom ...
Krebs on Security
U.S. Hacks QakBot, Quietly Removes Botnet Infections

U.S. Hacks QakBot, Quietly Removes Botnet Infections

| | DOJ, Don Alway, FBI, Federal Bureau of Investigation, Latest Warnings, Martin Estrada, Qakbot, Qbot, Ransomware, The Coming Storm, U.S. Department of Justice
The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved ...
Krebs on Security
Kroll Employee SIM-Swapped for Crypto Investor Data

Kroll Employee SIM-Swapped for Crypto Investor Data

| | A Little Sunshine, BlockFi, Data breaches, FTX, Kroll breach, Latest Warnings, SIM swapping, T-Mobile
Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services ...
Krebs on Security
Teach a Man to Phish and He’s Set for Life

Teach a Man to Phish and He’s Set for Life

| | A Little Sunshine, Check Point Software, Latest Warnings, linkedin, Microsoft, Microsoft 365, Phishing, right to left override, Web Fraud 2.0
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a ...
Krebs on Security
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

| | A Little Sunshine, Adidas, Apple, Brian Hughes, Latest Warnings, Lego, smishing, SMS phishing, United Parcel Service, ups, UPS Canada Ltd., Web Fraud 2.0
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages ...
Krebs on Security
CISA Order Highlights Persistent Risk at Network Edge

CISA Order Highlights Persistent Risk at Network Edge

| | Adam Boileau, Barracuda Networks, cisa, CVE-2023-27997, Cybersecurity and Infrastructure Security Agency, Fortinet, Fortra, GoAnywhere, Latest Warnings, Mandiant, MOVEit Transfer, Patrick Gray, Progress Software, risky-business-podcast, The Coming Storm, Time to Patch
The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes ...
Krebs on Security
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

| | Barracuda Networks, Caitlin Condon, CVE-2023-2868, Email Security Gateway, International Computer Science Institute, Latest Warnings, Mandiant, Nicholas Weaver, rapid7, Time to Patch
It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying ...
Krebs on Security
Verification Tutorial

Discord Admins Hacked by Malicious Bookmarks

| | Aura Network, Berk Yilmaz, bookmarklets, Breadcrumbs, Latest Warnings, Levatax, MetrixCoin, Nahmii, Nicholas Scavuzzo, Ocean Protocol, Web Fraud 2.0
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark ...
Krebs on Security
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

| | Breadcrumbs, Farmer's Market, federaljobscenter.com, Gary Plott, Latest Warnings, Muhammed Tabish Mirza, Nextlevelsupportcenters, Postal Career Placement LLC, Postal Job Services Inc., Postal Operations Inc., Russell Ramage, Ryan Rawls, Smart Logistics, Stephanie Dayton, [email protected], U.S. Federal Trade Commission, United States Postal Service, US Job Services, USPS, USPS jobs
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal ...
Krebs on Security
Load more