Catégorie : Actualités

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump’s invitation to “be wild” in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence. In a follow-up video address to his followers, Watkins said the outage happened shortly after the Jan. 6 committee aired his brief video testimony. “Then everything that I have anything to do with seemed to…

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet. In February, security experts hailed Microsoft’s decision to block VBA macros in all documents downloaded from the Internet. The company said it would roll out the changes in stages between April and June 2022. Macros have long been a trusted way for cybercrooks to trick people into running malicious code. Microsoft Office by default warns users that enabling macros in untrusted documents is a security risk, but those warnings…

Posted by Shane Huntley, Director, Threat Analysis Group This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q2 2022. It was last updated on June 30, 2022. May We terminated 20 YouTube channels as part of our investigation into coordinated influence operations linked to Russia. The campaign was linked to a Russian consulting firm and was sharing content in Russian that was supportive of Russia’s actions in Ukraine and Russian President Vladimir Putin and critical of NATO, Ukraine, and Ukrainian President Volodymyr Zelenskyy. We terminated 5 YouTube channels, 1 AdSense account, and 1 Blogger blog as part of our investigation into coordinated influence operations linked to Russia. The campaign was linked to Russian state-sponsored entities and was sharing content in Russian and Bulgarian that was supportive of separatist…

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address. John Turner is a software engineer based in Salt Lake City. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account. Turner said that in early…

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google. AWMproxy, the storefront for renting access to infected PCs, circa 2011. Launched in March 2008, AWM Proxy quickly became the largest service for crooks seeking to route their malicious Web traffic through compromised devices. In 2011, researchers at Kaspersky Lab showed that virtually all of the hacked systems for…

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world’s top Russian spamming forum. The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS. According to a statement by the U.S. Department of Justice, RSOCKS offered clients access to IP addresses assigned to devices that had been hacked: “A cybercriminal who wanted to utilize the RSOCKS platform could use a…

Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters  Are you ready to put your hacking skills to the test? It’s Google CTF time! The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registration is now open at http://goo.gle/ctf. In true old Google CTF fashion, the top 8 teams will qualify for our Hackceler8 speedrunning meets CTFs competition. The prize pool stands similar to previous years at more than $40,000. We can’t wait to see whether PPP will be able to defend their crown. For those of you looking to satisfy your late-night hacking hunger: past year's challenges, including Hackceler8 2021 matches, are open-sourced here. On top of that there are hours of Hackceler8 2020 videos to watch! If…

Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company. In fact, that was my initial assumption when a reader in Missouri shared this photo after being turned away from his favorite local sub shop. But a conversation with the store’s owner Steve Saladin brought home the truth that some of the best solutions to fighting fraud are even more low-tech than BEC scams. Visit any…

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year. Three of the bugs tackled this month earned Microsoft’s most dire “critical” label, meaning they can be exploited remotely by malware or miscreants to seize complete control over a vulnerable system. On top of the critical heap this month is CVE-2022-30190, a vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Dubbed “Follina,” the flaw became public knowledge on May 27,…

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form. The ALPHV site claims to care about people’s privacy, but they let anyone view the sensitive stolen data. ALPHV recently announced on its victim shaming and extortion website that it had hacked a luxury spa and resort in the western United States. Sometime in the last 24 hours, ALPHV published a website with the…