Conti Ransomware Group Diaries, Part I: Evasion.
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer...
Russia Sanctions May Spark Escalating Cyber Conflict.
President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its alli...
IRS: Selfies Now Optional, Biometric Data to Be Deleted.
The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs...
Report: Missouri Governor’s Office Responsible for Teacher Data Leak.
Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they… Read More »
Red Cross Hack Linked to Iranian Influence Operation?.
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the...
Wazawaka Goes Waka Waka.
In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a w...
Russian Govt. Continues Carding Shop Crackdown.
Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown -- the second closure of major card fraud shops by Russian authorities in as many weeks -- comes closely behind Russia's arrest of 14 alleged a...
Microsoft Patch Tuesday, February 2022 Edition.
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month's relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including sev...
IRS To Ditch Biometric Requirement for Online Access.
The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency's website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less ...
How Phishers Are Slinking Their Links Into LinkedIn.
If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne'er-do-wells are hoping you will, because they've long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link tha...
Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams.
Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars. Bernard's latest victim -- a Norwegian startup hoping to build a fleet of environmentally...
Who Wrote the ALPHV/BlackCat Ransomware Strain?.
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll explore some of the clues left behind by the...
Scary Fraud Ensues When ID Theft & Usury Collide.
What's worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader's nightmare experience spotlights what ca...
Crime Shop Sells Hacked Logins to Other Crime Shops.
Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and tho...
IRS Will Soon Require Selfies for Online Access.
If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verificatio...
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates.
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a r...
Who is the Network Access Broker ‘Wazawaka?’.
In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman kno...
‘Wormable’ Flaw Leads January 2022 Patch Tuesday.
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns tha...
500M Avira Antivirus Users Introduced to Cryptomining.
Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide...
Norton 360 Now Comes With a Cryptominer.
Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers' computers. Norton's parent firm says the cloud-based service that activates the program and enables customers to profit from the scheme -- in which the compa...
Krebs on Security Feed.
This is a non-official / unaffiliated RSS->Social feed from Brian Krebs website https://krebsonsecurity.com/.
Since many of us are leaving twitter, this feed can be useful to stay on track of his site updates.
Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.