- Okta: Breach Affected All Customer Support Users
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.
- ID Theft Service Resold Access to USInfoSearch Data
One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned.
- Alleged Extortioner of Psychotherapy Patients Faces Trial
Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.
- Microsoft Patch Tuesday, November 2023 Edition
Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks.
- It’s Still Easy for Anyone to Become You at Experian
In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hijacked, and the only way I could recover access was by recreating the account.
- Who’s Behind the SWAT USA Reshipping Service?
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today's Part II, we'll examine clues about the real-life identity left behind by "Fearless," the nickname chosen by the proprietor of the SWAT USA Drops service.
- Russian Reshipping Service ‘SWAT USA Drop’ Exposed
One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.
- Feed has no items.
- Apple Patches WebKit Flaws Exploited on Older iPhones
Apple's security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek.
- Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks. The post Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices appeared first on SecurityWeek.
- Meta Takes Action Against Multiple Foreign Influence Campaigns
Meta removed three foreign influence operations from the Facebook platform during Q3, 2023. Two were Chinese in origin, and one was Russian, the company says. The post Meta Takes Action Against Multiple Foreign Influence Campaigns appeared first on SecurityWeek.
- Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks. The post Qlik Sense Vulnerabilities Exploited in Ransomware Attacks appeared first on SecurityWeek.
- Black Basta Ransomware Group Received Over $100 Million From 90 Victims
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments. The post Black Basta Ransomware Group Received Over $100 Million From 90 Victims appeared first on SecurityWeek.
- US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers
US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus. The post US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers appeared first on SecurityWeek.
- Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments
Palo Alto Networks has launched a new rugged firewall for industrial environments and announced several OT security improvements. The post Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments appeared first on SecurityWeek.