Hot Topics

Latest Warnings

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

| | A Little Sunshine, Adidas, Apple, Brian Hughes, Latest Warnings, Lego, smishing, SMS phishing, United Parcel Service, ups, UPS Canada Ltd., Web Fraud 2.0
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages ...
Krebs on Security
CISA Order Highlights Persistent Risk at Network Edge

CISA Order Highlights Persistent Risk at Network Edge

| | Adam Boileau, Barracuda Networks, cisa, CVE-2023-27997, Cybersecurity and Infrastructure Security Agency, Fortinet, Fortra, GoAnywhere, Latest Warnings, Mandiant, MOVEit Transfer, Patrick Gray, Progress Software, risky-business-podcast, The Coming Storm, Time to Patch
The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes ...
Krebs on Security
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

| | Barracuda Networks, Caitlin Condon, CVE-2023-2868, Email Security Gateway, International Computer Science Institute, Latest Warnings, Mandiant, Nicholas Weaver, rapid7, Time to Patch
It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying ...
Krebs on Security
Verification Tutorial

Discord Admins Hacked by Malicious Bookmarks

| | Aura Network, Berk Yilmaz, bookmarklets, Breadcrumbs, Latest Warnings, Levatax, MetrixCoin, Nahmii, Nicholas Scavuzzo, Ocean Protocol, Web Fraud 2.0
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark ...
Krebs on Security
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

| | Breadcrumbs, Farmer's Market, federaljobscenter.com, Gary Plott, Latest Warnings, Muhammed Tabish Mirza, Nextlevelsupportcenters, Postal Career Placement LLC, Postal Job Services Inc., Postal Operations Inc., Russell Ramage, Ryan Rawls, Smart Logistics, Stephanie Dayton, [email protected], U.S. Federal Trade Commission, United States Postal Service, US Job Services, USPS, USPS jobs
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal ...
Krebs on Security
Many Public Salesforce Sites are Leaking Private Data

Many Public Salesforce Sites are Leaking Private Data

| | A Little Sunshine, Charan Akiri, DC Health, DC Health Link, Huntington Bank, Latest Warnings, Matthew Jennings, Mike Rupert, Salesforce Community websites, Scott Carbee, TCF Bank, The Coming Storm, Time to Patch, Vermont
A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem ...
Krebs on Security
3CX Breach Was a Double Supply Chain Compromise

3CX Breach Was a Double Supply Chain Compromise

| | 3CX, A Little Sunshine, ClearSky Security, Diamond Sleet, double supply chain breach, Elastic Security, ESET, ICONICSTEALER, Kaspersky Lab, kim zetter, Latest Warnings, macos, Mandiant, Marc-Etienne M.Leveille, Microsoft, Ne'er-Do-Well News, Peter Kalnai, supply chain, The Coming Storm, Trading Technologies, X_Trader, zero-day, ZINC
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North ...
Krebs on Security
The FBI Is Serious About Juice Jacking

Why is ‘Juice Jacking’ Suddenly Back in the News?

| | A Little Sunshine, Aries Security, Brian Markus, defcon, FBI, fcc, Juice jacking, Latest Warnings, OMG cable, Security Tools, Snopes
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined ...
Krebs on Security
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

| | A Little Sunshine, BreachForums, Bytedance, DarkNavy, Data breaches, google, Latest Warnings, Liu Huafang, PDD Holdings, Pinduoduo, Project Zero, Temu, TikTok, Web Fraud 2.0, weibo
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published ...
Krebs on Security
Microsoft Patch Tuesday, February 2023 Edition

Microsoft Patch Tuesday, February 2023 Edition

| | CVE-2023-21529, CVE-2023-21706, CVE-2023-21707, CVE-2023-21715, CVE-2023-21716, CVE-2023-21823, CVE-2023-23376, Dustin Childs, Immersive Labs, Internet Explorer 11, Johannes Ullrich, Kevin Breen, Latest Warnings, Mandiant, Microsoft Office, Microsoft Patch Tuesday February 2023, SANS Internet Storm Center, Security Tools, Time to Patch, Trend Micro Zero Day Initiative
Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's ...
Krebs on Security
Load more