Search Results for “Brian Krebs”


May 27, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Romanian ATM Skimming Group in Mexico Has Been Protected by Senior Government Attorney Complaint Alleges

A group of Romanians operating an ATM company in Mexico suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines has enjoyed legal protection from a senior anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division. The complaint centers on Camilo Constantino Rivera, who heads the unit in the Mexican Special Prosecutor’s office responsible for fighting corruption, and alleges that his brother has served as a security escort and lawyer for Floridan Tudor, the reputed boss of a Romanian crime syndicate recently targeted by the FBI for running an ATM skimming and human trafficking network that operates throughout Mexico and the United States. As a side note, a text exchange seems to indicate Tudor’s group contemplated taking a hit on the life Brian Krebs for uncovering their operation in a 2015 investigation.

May 6, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware Attack, Snake Ransomware Indicated

Against a backdrop of increasing attacks against healthcare providers during the coronavirus pandemic, Europe’s largest private hospital operator, Fresenius, which is also a significant provider of dialysis products and services currently in high demand, has been hit in a ransomware attack. The company said the attack had forced the shut down of some system, but that patient care remains unaffected. One employee said, though, that the attack had affected every part of the company’s operations around the globe and the malware used was the Snake ransomware, a relatively new strain first detailed earlier this year. The company confirmed the attack but declined to answer questions about specific aspects of it.

May 16, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Fraudsters Are Stealing Potentially Hundreds of Millions From State Unemployment Programs

A sophisticated Nigerian crime ring is exploiting multiple state unemployment insurance programs at a time when they are under tremendous strain, committing fraud and stealing potentially hundreds of millions of dollars earmarked for averting an economic collapse, according to a new alert issued by the U.S. Secret Service. The crime ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees,” a memo from the Secret Service says. “The primary state targeted so far is Washington, although there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming, and Florida,” according to the memo. Many states don’t have enough controls in place to detect patterns that might help better screen out fraudulent unemployment application experts say.

May 19, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Cybercriminals on the Dark Web Are Running Vulnerability Testing Services to Help Malware Authors Find and Fix Flaws in Their Code

Cybercriminals on the dark web, such as one called RedBear, the administrator of a Russian-language security site called Krober[.]biz, operate malware testing services to help malware authors, and those who lease or buy malware services find and fix the flaws in their code. Among the malware types reviewed for flaws by these services are bot admin panels, code injection panels, shell control panels, payment card sniffers, traffic direction services, exchange services, spamming software, doorway generators, and scam pages. Among the high-profile malicious tools examined for flaws by RedBear are the Black Energy DDoS bot administration panel, malware loading panels tied to the Smoke and Andromeda bot loaders, the RMS, and Spyadmin trojans; and a popular loan scan script.

May 12, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues 111 Software Updates for Windows, Windows-Based Programs, Adobe Releases Two Dozen Patches for Acrobat and Reader

Microsoft issued software updates to plug at least 111 security holes in Windows and Windows-based programs, the third month in a row that Microsoft has pushed out patches for more than 110 flaws. Sixteen of the bugs are labeled critical, but virtually all of the non-critical flaws in this month’s batch earned Microsoft’s “Important” rating. Adobe also issued its Patch Tuesday updates for some of its products. An update for Adobe Acrobat and Reader covers two dozen critical and important vulnerabilities, but once again, there were no security fixes for Adobe’s problematic Flash player.

Related: Qualys Blog, The State of Security, Tenable Blog, Talos Intel, ZDNet Security, WCCFtech, BleepingComputer.com, Rapid7, SC Magazine, Dark Reading: Threat Intelligence, Cyberscoop, gHacks, The Zero Day Initiative

Tweets:@briankrebs @thezdi @campuscodi

Qualys Blog: May 2020 Patch Tuesday – 111 Vulns, 16 Critical, SharePoint, VS Code, Adobe Patches
The State of Security: VERT Threat Alert: May 2020 Patch Tuesday Analysis
Tenable Blog: Microsoft’s May 2020 Patch Tuesday Addresses 111 CVEs
Talos Intel: Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
ZDNet Security: Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities
WCCFtech: Patch Tuesday Brings Windows 10 Cumulative Updates for All Versions of the OS
BleepingComputer.com: Windows 10 Cumulative Updates KB4556799 & KB4551853 Released
Rapid7: Patch Tuesday – May 2020
SC Magazine: Microsoft again surpasses 100 vulnerabilities on Patch Tuesday | SC Media
Dark Reading: Threat Intelligence: Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
Cyberscoop: Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities
gHacks: Microsoft Windows Security Updates May 2020 overview
The Zero Day Initiative:</span? The May 2020 Security Update Review 

@briankrebs: It's Patch Tuesday, peeps! This means all you MS Windows (ab)users should soon see prompts to restart your PC and install updates. Back up your data/system first, please! Microsoft fixed 111 flaws in Windows software. Also, updates for Adobe Reader/Acrobat https://krebsonsecurity.com/2020/05/micros
@thezdi: It's the 2nd Tuesday of the month, which means the latest #security patches from #Adobe and #Microsoft are here. Join @dustin_childs as he breaks down the details of another large release. https://bit.ly/3bsYQWx #PatchTuesday
@campuscodi: Microsoft May 2020 Patch Tuesday started rolling out earlire today -This month, Microsoft fixed 111 vulnerabilities - No zero-days this time - 3rd largest PT in MSFT's history https://zdnet.com/article/micros


Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
ATM Maker Diebold Nixdorf Hit With ProLock Ransomware, ATMs and Customer Networks Unaffected

Major automatic teller machines (ATMs) and payment technology company Diebold Nixdorf suffered a ransomware attack that disrupted some corporate network operations but did not affect its ATMs or customer networks. The attack involved the relatively rarely used ProLock ransomware, until recently better known as “PwndLocker,” which experts say has gone through several changes in recent months. On April 25, the company’s security team discovered anomalous behavior on its corporate network and, suspecting a ransomware attack, began disconnecting systems on that network to contain the spread of the malware. This response affected services for over 100 of the company’s customers by disrupting a system that automates field service technician requests.

April 8, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Buys Domain Corp.Com to Protect Countless Windows Computers from Criminals, Owner Had Been Asking $1.7 Million for It

Microsoft has agreed to buy the domain Corp.com in a bid to keep it out of the hands of those who might abuse its power. The domain can give the owner access to a constant stream of passwords, email, and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. Mike O’Connor, who bought corp.com 26 years ago, was asking for $1.7 million for the prized domain, which decades ago was used as an internal Microsoft company domain as part of Microsoft’s innovation called Active Directory. Many companies adopted the Microsoft setting that used corp.com without modifying it to use a domain they controlled. Hundreds of millions of laptops probably still attempt to access that internal domain, leaving them ripe for abuse by whichever entity owns it. So Microsoft bought it, although terms of the deal were not disclosed.

March 23, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Technology Supplier to Banks Finastra Is Recovering From Ransomware Attack

Finastra, a technology supplier to banks, shut down its critical systems in response to a ransomware attack on March 20 and is now in recovery mode. The company said it does “not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted.” Finastra said, “our teams continue to work to restore full IT operations.”

April 15, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues Fixes for 113 Security Vulnerabilities Including Three Zero-Day Flaws Exploited in the Wild, Adobe Issues Skinny Bundle of Updates but None for Flash

In its monthly security fixes collectively known as Patch Tuesday, Microsoft released updates to fix 113 security vulnerabilities across its Windows operating systems and related software, including at least three flaws that are actively being exploited. The three flaws exploited in the wild include CVE-2020-1020, a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March.  The Adobe Font Manager library is the source of yet another zero-day flaw — CVE-2020-0938. The final zero-day flaw fixed is a slightly less dangerous elevation of privilege vulnerability (CVE-2020-1027) affecting Windows 7 and Windows 10 systems. Adobe issued up a skinny bundle of updates for Cold Fusion, Adobe After Effects, and Adobe Digital Editions, although no fixes for its usually problematic Flash player.

Related: Appuals.com, Petri, Threatpost, Talos Intel, BleepingComputer.com, SANSThe Register – Security, ZDNet Security, SC Magazine,SC Magazine, Sophos News, Tenable Blog, Rapid7gHacks, BleepingComputer.com, The Hacker News


March 20, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
New Variant of Mirai Botnet Malware Exploits Previously Patched Zero-Day Flaw in Zyxel’s Routers, VPN Firewalls and NAS Devices

Researchers at Palo Alto Networks have spotted a zero-day vulnerability in Taiwanese vendor Zyxel’s routers and VPN firewall products that fixed by the manufacturer being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. The experts at Palo Alto Networks’s Unit 42 said that their sensors detected the new Mirai variant, dubbed Mukashi, on March 12.  This new strain targets CVE-2020-9054, a critical flaw that exists in many VPN firewalls and network-attached storage (NAS) devices made by Zyxel, which boasts around 100 million devices deployed worldwide. IoT systems infected by Mukashi report back to a control server, which can be used to issue new instructions such as downloading additional software or launching distributed denial of service (DDoS) attacks. Zyxel issued a patch for the flaw on February 24, but the update did not fix the problem on many older Zyxel devices, which are no longer being supported by the company. Zyxel said to disconnect those devices from the internet.

Related: Threatpost, ZDNet, ComputerWeekly: IT security, Unit42 Palo Alto Networks, Ars Technica, Reddit – cybersecurity, TechTarget, Security Affairs