Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks: At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago,… krebsonsecurity.com/2024/07/resear…

Global Microsoft Meltdown Tied to Bad Crowstrike Update: A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial… krebsonsecurity.com/2024/07/global…

Phish-Friendly Domain Registry “.top” Put on Notice: The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending… krebsonsecurity.com/2024/07/phish-…

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services: Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace… krebsonsecurity.com/2024/07/crooks…

Don’t Let Your Domain Name Become a “Sitting Duck”: More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a… krebsonsecurity.com/2024/07/dont-l…

U.S. Trades 5 Cybercriminals to Russia in Prisoner Swap: Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were five convicted cybercriminals. In return,… krebsonsecurity.com/2024/08/u-s-tr…

Low-Drama ‘Dark Angels’ Reap Record Ransoms: A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts… krebsonsecurity.com/2024/08/low-dr…

Cybercrime Rapper Sues Bank over Fraud Investigation: In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade's social media profiles promoted… krebsonsecurity.com/2024/08/cyberc…

Six 0-Days Lead Microsoft’s August 2024 Patch Push: Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by… krebsonsecurity.com/2024/08/six-0-…

NationalPublicData.com Hack Exposes a Nation’s Data: A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named… krebsonsecurity.com/2024/08/nation…

National Public Data Published Its Own Passwords: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers… krebsonsecurity.com/2024/08/nation…

Local Networks Go Global When Domain Names Collide: The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names… krebsonsecurity.com/2024/08/local-…

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’: Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt… krebsonsecurity.com/2024/08/new-0-…

When Get-Out-The-Vote Efforts Look Like Phishing: Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging… krebsonsecurity.com/2024/08/when-g…

Owners of 1-Time Passcode Theft Service Plead Guilty: Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as… krebsonsecurity.com/2024/09/owners…

Sextortion Scams Now Include Photos of Your Home: An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a… krebsonsecurity.com/2024/09/sextor…

Bug Left Some Windows PCs Dangerously Unpatched: Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active… krebsonsecurity.com/2024/09/bug-le…

The Dark Nexus Between Harm Groups and ‘The Com’: A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers… krebsonsecurity.com/2024/09/the-da…

Scam ‘Funeral Streaming’ Groups Thrive on Facebook: Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are… krebsonsecurity.com/2024/09/scam-f…

This Windows PowerShell Phish Has Scary Potential: Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by… krebsonsecurity.com/2024/09/this-w…