krebs on security – in-depth security news and investigation (https://krebsonsecurity.com)

page = krebs on security – in-depth security news and …

url = https://krebsonsecurity.com analysed @ 2022-05-20 15:32 UTC

“Within days, the company edited the numerous blog posts and white papers on its website that previously stated the company did not use one-to-many to reflect the truth,” the letter alleges. “According to media reports, the company’s decision to correct its prior misleading statements came after mounting internal pressure from its employees.” Continue reading →
“Actually, it’s not carrying any virus as you can trust us, if you have our reader on hand, please just ignore it and continue the installation steps,” the message continued. “When driver installed, this message will vanish out of sight. Don’t worry.” Continue reading →
Continue reading →
“CVE-2021-36942 was so bad it made CISA’s catalog of Known Exploited Vulnerabilities ,” Wiseman said. Continue reading →
“I worry about people who can’t afford an extra device, or can’t easily replace a broken or stolen device,” Bellovin said. “I worry about forgotten password recovery for cloud accounts.” Continue reading →
According to Russian media site Lenta.ru, since March 21 nearly 95,000 vacancies in IT have remained unfilled in Russia . Lenta says the number unfilled job slots actually shrank 25 percent from the previous month, officially because “many Russian companies are currently reviewing their plans and budgets, and some projects have been postponed.” The story fails to even mention the recent economic sanctions that are currently affecting many Russian companies thanks to Russia’s invasion of Ukraine in late February. Continue reading →
BriansClub has long abused my name and likeness to pimp its wares on the hacking forums. Its homepage includes a copy of my credit report, Social Security card, phone bill, and a fake but otherwise official looking government ID card. Continue reading →
Fake EDRs have become such a reliable method in the cybercrime underground for obtaining information about account holders that several cybercriminals have started offering services that will submit these fraudulent EDRs on behalf of paying clients to a number of top social media and technology firms. Continue reading →
On March 19, 2022, the logs and accompanying screenshots show LAPSUS$ had gained access to Atlas , a powerful internal T-Mobile tool for managing customer accounts.
Perhaps to mollify his furious teammates, White changed the subject and told them he’d gained access to T-Mobile’s Slack and Bitbucket accounts. He said he’d figured out how to upload files to the virtual machine he had access to at T-Mobile. Continue reading →
“Hospitals reported revenue losses due to Ryuk infections of nearly $100 million from data I obtained through interviews with hospital staff, public statements, and media articles,” Weiss wrote. “The Ryuk attacks also caused an estimated $500 million in costs to respond to the attacks – costs that include ransomware payments, digital forensic services, security improvements and upgrading impacted systems plus other expenses.” Continue reading →