Kroll Employee SIM-Swapped for Crypto Investor Data

• Post author:Diran Taofeek Folami
• Post published:August 25, 2023
• Post category:Cybersecurity
• Post last modified:August 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on…

Continue ReadingKroll Employee SIM-Swapped for Crypto Investor Data

Teach a Man to Phish and He’s Set for Life

• Post author:Diran Taofeek Folami
• Post published:August 4, 2023
• Post category:Cybersecurity
• Post last modified:August 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email…

Continue ReadingTeach a Man to Phish and He’s Set for Life

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

• Post author:Diran Taofeek Folami
• Post published:June 22, 2023
• Post category:Cybersecurity
• Post last modified:June 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a.…

Continue ReadingSMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

CISA Order Highlights Persistent Risk at Network Edge

• Post author:Diran Taofeek Folami
• Post published:June 15, 2023
• Post category:Cybersecurity
• Post last modified:June 15, 2023

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive…

Continue ReadingCISA Order Highlights Persistent Risk at Network Edge

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

• Post author:Diran Taofeek Folami
• Post published:June 8, 2023
• Post category:Cybersecurity
• Post last modified:June 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to…

Continue ReadingBarracuda Urges Replacing — Not Patching — Its Email Security Gateways

Discord Admins Hacked by Malicious Bookmarks

• Post author:Diran Taofeek Folami
• Post published:May 31, 2023
• Post category:Cybersecurity
• Post last modified:May 31, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.…

Continue ReadingDiscord Admins Hacked by Malicious Bookmarks

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

• Post author:Diran Taofeek Folami
• Post published:May 2, 2023
• Post category:Cybersecurity
• Post last modified:May 2, 2023

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed…

Continue ReadingPromising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Many Public Salesforce Sites are Leaking Private Data

• Post author:Diran Taofeek Folami
• Post published:April 28, 2023
• Post category:Cybersecurity
• Post last modified:April 28, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures…

Continue ReadingMany Public Salesforce Sites are Leaking Private Data

3CX Breach Was a Double Supply Chain Compromise

• Post author:Diran Taofeek Folami
• Post published:April 21, 2023
• Post category:Cybersecurity
• Post last modified:April 21, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel:…

Continue Reading3CX Breach Was a Double Supply Chain Compromise

Why is ‘Juice Jacking’ Suddenly Back in the News?

• Post author:Diran Taofeek Folami
• Post published:April 14, 2023
• Post category:Cybersecurity
• Post last modified:April 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “juice jacking,” a term…

Continue ReadingWhy is ‘Juice Jacking’ Suddenly Back in the News?