Krebs on Security

In-depth security news and investigation
  1. Source: Deloitte Breach Affected All Company Email, Admin Accounts
    Deloitte, one of the world's "big four" accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted "very few" clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte's entire internal email system.
  2. Canadian Man Gets 9 Months Detention for Serial Swattings, Bomb Threats
    A 19-year-old Canadian man was found guilty of making almost three dozen fraudulent calls to emergency services across North America in 2013 and 2014. The false alarms, two of which targeted this author — involved phoning in phony bomb threats and multiple attempts at “swatting” — a dangerous hoax in which the perpetrator spoofs a call […]
  3. Equifax or Equiphish?
    More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet another security stumble, the company appears to be training recipients to fall for phishing scams.
  4. Experian Site Can Give Anyone Your Credit Freeze PIN
    An alert reader recently pointed my attention to a free online service offered big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.
  5. Equifax Breach: Setting the Record Straight
    Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.
  6. Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop
    Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers were first able to steal credit card numbers from Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time -- when hackers accessed the company's systems in mid-May 2017.
  7. Adobe, Microsoft Plug Critical Security Holes
    Adobe and Microsoft both on Tuesday released patches to plug critical security vulnerabilities in their products. Microsoft's patch bundles fix close to 80 separate security problems in various versions of its Windows operating system and related software, including two vulnerabilities that already are being exploited in active attacks. Adobe's new version of its Flash Player software fixes two flaws that malware or attackers could use to seize remote control over vulnerable computers with no help from users.
  8. Ayuda! (Help!) Equifax Has My Data!
    Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may not yet be complete: According to information […]
  9. The Equifax Breach: What You Should Know
    It remains unclear whether those responsible for stealing Social Security numbers and other data on as many as 143 million Americans from big-three credit bureau Equifax intend to sell this data to identity thieves. But if ever there was a reminder that you -- the consumer -- are ultimately responsible for protecting your financial future, this is it. Here's what you need to know and what you should do in response to this unprecedented breach.
  10. Equifax Breach Response Turns Dumpster Fire
    I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.

Is Your Network At Risk?

  • Is Your Network an Easy Target? Search Networks That Can Be Breached

Cyber Security Associations

Cyber Security Tips

  • Microsoft Windows Update+

    Microsoft goes to great lengths to provide security patches through "Windows Update". Apply these patches on a weekly basis to…
  • Virus Protection+

    Make sure to install Virus Protection software and run updates on a weekly basis to catch new threats.…
  • 1