Krebs on Security: Microsoft Patch Tuesday, March 2023 Edition. “Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.”
KrebsonSecurity: Happy 13th Birthday, KrebsOnSecurity!. “KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was!”
Krebs on Security: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”. “On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from ‘Meris,’ the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.”
Krebs on Security: What the Marriott Breach Says About Security. “We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.”
Krebs on Security: How to Shop Online Like a Security Pro. “‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.”
Happy birthday to that young whippersnapper, Krebs On Security. “This past year KrebsOnSecurity published nearly 160 stories, generating more than 11,000 reader comments. The pace of publications here slowed down in 2017, but then again I have been trying to focus on quality over quantity, and many of these stories took weeks or months to report and write.” My favorite security blog, possibly…
Krebs on Security: How Cybercrooks Put the Beatdown on My Beats. “Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant’s account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how his account was hacked. But such attacks are becoming more prevalent of late as crooks increasingly turn to online crimeware services that make it a cakewalk to cash out stolen passwords.”
Krebs on Security: Ransomware for Dummies: Anyone Can Do It. “Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.”
Brian Krebs: Who is Anna-Senpai, the Mirai Worm Author? “On September 22, 2016, this site was forced offline for nearly four days after it was hit with ‘Mirai,’ a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack — using the name ‘Anna-Senpai’ — released the source code for Mirai, spawning dozens of copycat attack armies online. After months of digging, KrebsOnSecurity is now confident to have uncovered Anna-Senpai’s real-life identity, and the identity of at least one co-conspirator who helped to write and modify the malware.” Long but fascinating article – he weaves tons of little bits of information into one cohesive whole.
Hey! KrebsonSecurity – my favorite blog for security news and thoughts – is seven years old! “Hard to believe it’s time to celebrate another go ’round the Sun for KrebsOnSecurity! Today marks exactly seven years since I left The Washington Post and started this here solo thing. And what a remarkable year 2016 has been!”
Krebs on Security is supposedly back online due to Google’s Project Shield. I say “supposedly” because when I try to connect I get a “connection refused” error, and I’m not sure if it’s me or him. I’m linking to a Slashdot story about Mr. Krebs’ return.
My go-to security blog, Krebs on Security, has been shut down after an astounding DDOS attack earlier this week. “Since Tuesday, Krebs’ site has been under sustained distributed denial-of-service, or DDoS, a crude method of flooding a website with traffic to deny legitimate users from being able to access it. The assault has flooded Krebs’ site with more than 620 gigabits per second of traffic — nearly double what Akamai has seen in the past.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.