Nicholas Weaver

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

| | A Little Sunshine, Data breaches, International Computer Science Institute, Karim Toubba, lastpass breach, Nicholas Weaver, The Coming Storm, Web Fraud 2.0, Wladimir Palant
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest ...
Krebs on Security
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

| | 1Password, A Little Sunshine, AdBlock Plus, Ars Technica, Chainalysis, Data breaches, Karim Toubba, lastpass breach, MetaMask, Nicholas Weaver, Nick Bax, Plex, Taylor Monahan, The Coming Storm, Unciphered, Web Fraud 2.0, Wladimir Palant
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a ...
Krebs on Security
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

| | Barracuda Networks, Caitlin Condon, CVE-2023-2868, Email Security Gateway, International Computer Science Institute, Latest Warnings, Mandiant, Nicholas Weaver, rapid7, Time to Patch
It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying ...
Krebs on Security
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

| | A Little Sunshine, Allison Nixon, Data breaches, International Computer Science Institute, Minecraft, Nicholas Weaver, roblox, Security Keys, SIM swapping, T-Mobile, tmo up, Unit 221B, Web Fraud 2.0
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers ...
Krebs on Security
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

| | A Little Sunshine, amazon, Anastacia Brown, Apple, Binance, Employment Fraud, Indeed, Jay Pinho, linkedin, Mandiant, Nicholas Weaver, SignalHire, Web Fraud 2.0
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in ...
Krebs on Security
Experian, You Have Some Explaining to Do

Experian, You Have Some Explaining to Do

| | A Little Sunshine, Arthur Rishi, Emory Roan, Equifax, Experian, John Turner, Latest Warnings, Nicholas Weaver, Privacyrights.org, Transunion, Web Fraud 2.0
Twice in the past month KrebsOnSecurity has heard from readers who've had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both ...
Krebs on Security
DEA Investigating Breach of Law Enforcement Data Portal

DEA Investigating Breach of Law Enforcement Data Portal

| | A Little Sunshine, Data breaches, Department of Justice, Domain Block List, Doxbin, Drug Enforcement Administration, El Paso Intelligence Center, emergency data request, EPIC, esp.usdoj.gov, FBI, ICSI, KT, Lapsus$, Law Enforcement Inquiry and Alerts, LEIA, National Seizure System, Ne'er-Do-Well News, Nicholas Weaver, NSS, spamhaus, The Coming Storm, U.S. Drug Enforcement Agency
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned ...
Krebs on Security
Your Phone May Soon Replace Many of Your Passwords

Your Phone May Soon Replace Many of Your Passwords

| | A Little Sunshine, Apple, FIDO Alliance, google, Johannes Ullrich, Microsoft, Nicholas Weaver, Sampath Srinivas, SANS, Security Tools, SpyCloud, Steve Bellovin, World Wide Web Consortium
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to ...
Krebs on Security
‘Trojan Source’ Bug Threatens the Security of All Code

‘Trojan Source’ Bug Threatens the Security of All Code

| | Bidi override, Cambridge University, CVE-2021-42574, CVE-2021-42694, Johns Hopkins Information Security Institute, Latest Warnings, Matthew Green, Nicholas Weaver, Ross Anderson, rust, The Coming Storm, Time to Patch, Trojan Source bug, University of California Berkeley
Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software ...
Krebs on Security
Indictment, Lawsuits Revive Trump-Alfa Bank Story

Indictment, Lawsuits Revive Trump-Alfa Bank Story

| | 66.216.133.29, A Little Sunshine, Alfa Bank, B.G.R. Group, Daniel J. Jones, dns, FBI, Heartland Payment Systems, Indiana University School of Informatics and Computing, James A. Baker, John H. Durham, L. Jean Camp, Mandiant, Michael Sussmann, Nicholas Weaver, Paul Vixie, Spectrum Health, Stroz Friedberg, The Democracy Integrity Project, Trump Organization, trump1.contact-client.com, University of California Berkeley
In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump ...
Krebs on Security
Load more