krebsonsecurity.com

VN:F [1.9.22_1171]
Rating: 7.0/10 (1 vote cast)

Security & cybercrime blog

How Each Pillar of the 1st Amendment is Under Attack

31 March 2025 @ 1:22 am

In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.

When Getting Phished Puts You in Mortal Danger

27 March 2025 @ 4:39 pm

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

Arrests in Tap-to-Pay Scheme Powered by Phishing

21 March 2025 @ 7:12 pm

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.

DOGE to Fired CISA Staff: Email Us Your Personal Data

20 March 2025 @ 1:26 am

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment -- presumably with the password needed to view the file included in the body of the email.

ClickFix: How to Infect Your PC in Three Easy Steps

14 March 2025 @ 10:15 pm

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

11 March 2025 @ 11:53 pm

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Alleged Co-Founder of Garantex Arrested in India

11 March 2025 @ 4:49 pm

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.

Feds Link $150M Cyberheist to 2022 LastPass Hacks

8 March 2025 @ 1:20 am

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.

Who is the DOGE and X Technician Branden Spikes?

7 March 2025 @ 12:54 am

At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

28 February 2025 @ 8:14 pm

One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.