Krebs on Security

Daily News Feed

• U.S. Charges Russian Man as Boss of LockBit Ransomware Group
  May 7, 2024
  The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort […]
• Why Your VPN May Not Be As Secure As It Claims
  May 6, 2024
  Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's traffic off of the protection provided by […]
• Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
  April 30, 2024
  A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.
• FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data
  April 29, 2024
  The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers' location information without consent.
• Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
  April 22, 2024
  The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 […]
• Who Stole 3.6M Tax Records from South Carolina?
  April 16, 2024
  For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling […]
• Crickets from Chirp Systems in Smart Lock Key Leak
  April 15, 2024
  The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, […]