Webtagr - Technology News Summarizer

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Musk's xAI Employee Leaks API Key, Raising Security Concerns

2025-07-15

A 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), Marko Elez, inadvertently leaked a private API key granting access to over 50 of xAI's large language models (LLMs). This raises serious concerns about government data security, especially given Elez's history: previously fired for racist posts and security breaches, he was later reinstated and granted access to sensitive databases across multiple government agencies. The leak highlights systemic security flaws and negligence within DOGE, exposing a pattern of irresponsible handling of government data.

(krebsonsecurity.com)

Tech API key leak

Ransomware's Weird Vulnerability: Virtual Keyboards as a Defense

2025-06-30

Security experts have discovered a peculiar vulnerability in nearly all ransomware strains: they refuse to install on Windows computers with virtual keyboards like Russian or Ukrainian already installed. This is because many malware strains originating from Eastern Europe include checks for specific countries (e.g., Russia, Ukraine) to avoid local law enforcement. While not foolproof, installing a virtual keyboard, such as a Russian one, offers a simple, additional security measure to reduce ransomware infection risk. This approach leverages the fact that many cybercriminals avoid targeting computers within their own countries to avoid investigation.

(krebsonsecurity.com)

Tech

Kremlin-Backed Disinfo Bypasses Social Media Moderation via Malicious Ad Tech

2025-06-12

A new report exposes a sprawling ecosystem of malicious ad tech used not only by online scammers and hackers but also by Kremlin-backed disinformation campaigns to bypass social media moderation. The investigation focuses on the “Doppelganger” disinformation network, which uses sophisticated domain cloaking to spread pro-Russian narratives and infiltrate European media. This cloaking service shares infrastructure with VexTrio, arguably the oldest malicious traffic distribution system (TDS), and is linked to affiliate marketing services LosPollos and TacoLoco. These services employ deceptive tactics to trick users into enabling push notifications, which are then used to disseminate malware and scams. Researchers tied these services to Adspro Group, registered in the Czech Republic and Russia, with infrastructure in Switzerland. Despite Adspro's denial of ties to VexTrio, actions like LosPollos suspending its push monetization service and Adspro rebranding to Aimed Global suggest a connection to malicious activity. The report highlights the significant cybersecurity threat posed by this malicious ad tech ecosystem and advises users to be cautious about browser notification requests.

(krebsonsecurity.com)

Tech malicious ad tech

Ukraine's War: The Shadowy Trade in Internet Addresses

2025-06-06

Since the February 2022 Russian invasion of Ukraine, nearly one-fifth of Ukraine's internet address space has fallen under Russian control or been sold to internet address brokers. A new study reveals that large chunks of Ukrainian IP address space are now in the hands of shadowy proxy and anonymity services nested within major US ISPs. Desperate to stay afloat, Ukrainian ISPs have sold off valuable IPv4 addresses. These addresses have ended up in proxy services globally, many of which are used for cyberattacks against Ukraine and Russia's enemies. Some were even used in DDoS attacks and spear-phishing attempts by Russian state-sponsored hacking groups. AT&T, a major US telecom, has changed its policy to prevent the use of static routes with IPs they don't provide, likely forcing many proxy services to migrate to other providers.

(krebsonsecurity.com)

Tech IPv4 Addresses

US Sanctions Funnull, a CDN Powering Pig Butchering Scams

2025-05-30

The US Treasury Department sanctioned Funnull Technology Inc., a Philippines-based company providing infrastructure for hundreds of thousands of websites involved in “pig butchering” cryptocurrency scams. These scams lure victims into fraudulent investment platforms, resulting in over $200 million in US losses. Funnull routed traffic through US cloud providers, masking its criminal activity. The sanctions highlight the ongoing fight against transnational cybercrime and the challenges in combating sophisticated scams. The article also mentions EU sanctions against Stark Industries Solutions, another company facilitating Russian cyberattacks, underscoring the global nature of this problem.

(krebsonsecurity.com)

Tech

FBI Busts DanaBot Malware Ring: $50M in Losses, Espionage Revealed

2025-05-23

The US government unsealed charges against 16 individuals accused of running and selling DanaBot, a prolific information-stealing malware sold on Russian cybercrime forums since 2018. A newer version was used for espionage. The FBI says many defendants exposed themselves by accidentally infecting their own systems. DanaBot infected over 300,000 systems globally, causing over $50 million in losses. The ringleaders include an IT engineer for Gazprom. The FBI seized servers, victim data, and is working with partners to help victims. The case highlights the repurposing of financially-motivated malware for espionage, echoing similar tactics used with the ZeuS Trojan.

(krebsonsecurity.com)

Tech

6.3 Tbps DDoS Attack: The Rise of the Aisuru Botnet and Its Shadowy Creator

2025-05-21

KrebsOnSecurity was hit with a record-breaking 6.3 Tbps DDoS attack originating from a massive IoT botnet called Aisuru. Developed and marketed by a 21-year-old Brazilian known as "Forky," who also runs a hosting and DDoS mitigation company called Botshield, the attack highlights the ongoing threat of powerful, easily accessible botnets. While Forky claims to have left the project, his involvement with Aisuru and his continued operation of DDoS-for-hire services remain a concern. This attack, and a similar one against Cloudflare, are believed to be demonstrations of Aisuru's capabilities. Experts suggest that releasing Aisuru's source code or exploit list, while potentially increasing botnet clones, would ultimately weaken individual botnets, strengthening overall cybersecurity defenses.

(krebsonsecurity.com)

Tech IoT botnet

Massive Scam Network Masquerading as Legitimate Businesses Uses Google Ads

2025-05-07

A Texas firm, eWorldTrade, indicted for conspiring to distribute synthetic opioids, is at the heart of a vast network of US and Pakistani companies accused of using online ads to scam Westerners seeking trademark assistance, book writing, app development, and logo design. Linked to infamous firms like Axact and Abtach, known for trademark scams and fake degrees, the network lures victims with low prices before extorting them. Google Ads Transparency data reveals over $10 million spent on ads. Despite Google's claims of investigations and actions, the network persists, leaving a trail of victims worldwide.

(krebsonsecurity.com)

Tech Online Scam International Crime

xAI's Private LLMs Exposed: Two-Month Security Flaw

2025-05-02

An xAI employee leaked a private key on GitHub, granting access for two months to private xAI large language models (LLMs) seemingly tailored for internal data from SpaceX, Tesla, and X (Twitter). Security firm GitGuardian discovered the key allowed access to at least 60 fine-tuned, private LLMs, some trained on SpaceX and Tesla data. Despite GitGuardian alerting the employee two months prior, xAI only recently removed the repository containing the key. This highlights xAI's security vulnerabilities in key management and internal monitoring, raising concerns about data security.

(krebsonsecurity.com)

Tech AI security flaw

23-Year-Old Extradited to US, Allegedly Part of Notorious Cybercrime Group

2025-05-01

Tyler Robert Buchanan, a 23-year-old Scottish man believed to be a member of the prolific Scattered Spider cybercrime group, was extradited from Spain to the US last week. He faces charges of wire fraud, conspiracy, and identity theft, accused of involvement in attacks that stole over $26 million. The group used SMS phishing and SIM swapping to target numerous companies, including Twilio and LastPass in 2022. Buchanan was arrested in Spain in June 2024 after fleeing the UK following threats from a rival gang. Seized devices revealed evidence linking him to the crimes. He's currently held without bail, awaiting trial and facing significant prison time.

(krebsonsecurity.com)

Tech

Musk's DOGE Team Allegedly Siphoned Sensitive Data from NLRB

2025-04-23

A whistleblower alleges that Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the National Labor Relations Board (NLRB)'s sensitive case files in early March. An investigation reveals a striking similarity between code downloaded from NLRB systems and a program published in January 2025 by DOGE employee Marko Elez, designed to bypass IP restrictions for web scraping and brute-forcing. Elez, who has worked for several Musk companies, faced public scrutiny for racist and eugenicist social media posts. This data breach could unfairly advantage defendants in ongoing labor disputes, as the stolen data includes sensitive employee information and proprietary business documents.

(krebsonsecurity.com)

Tech

NLRB Whistleblower Alleges Musk's DOGE Team Exfiltrated Sensitive Data

2025-04-22

A security architect at the National Labor Relations Board (NLRB) alleges that Elon Musk's Department of Government Efficiency (DOGE) employees transferred gigabytes of sensitive data from agency case files in early March using short-lived accounts designed to leave minimal network traces. The whistleblower, Daniel J. Berulis, claims this coincided with blocked login attempts from a Russian IP address using valid credentials for a newly created DOGE account. Berulis further reports receiving threats and being stripped of his NLRB access. While the NLRB denies a breach, Berulis's allegations raise serious concerns about DOGE's data access and NLRB security practices.

(krebsonsecurity.com)

Tech

Veteran Forensics Expert's Credentials Under FBI Scrutiny, Cases Reopened

2025-04-04

Mark Lanterman, a cybersecurity and computer forensics expert with a 30-year career and thousands of courtroom testimonies, is facing an FBI investigation into his credentials. Questions arose after attorney Sean Harrington challenged Lanterman's claims of degrees from Upsala College and Harvard University, which proved unsubstantiated. The investigation revealed falsified testimony and accusations of extorting clients with their own data. Lanterman has since ceased operations, prompting the reopening of numerous cases and raising serious concerns about the validity of his past testimony and potential miscarriages of justice.

(krebsonsecurity.com)

Tech forensics investigation

Trump's Unprecedented Assault on the First Amendment

2025-03-31

Following his re-election, the Trump administration has launched an unprecedented attack on the five pillars of the First Amendment: the right to petition, freedom of assembly, freedom of the press, freedom of speech, and freedom of religion. Through actions such as firing those processing FOIA requests, threatening sanctions against lawyers suing the government, defunding universities, suing news organizations, restricting government employee language, and rescinding protections for religious sites, the administration systematically erodes these fundamental rights. This mirrors the repressive tactics of Hungarian Prime Minister Viktor Orbán, raising serious concerns about the future of American democracy.

(krebsonsecurity.com)

Tech

LastPass Breach Fuels Massive Crypto Heists: FBI Confirms Link

2025-03-08

A 2022 LastPass breach, where hackers stole user master passwords, has led to a string of six- and seven-figure cryptocurrency heists. The FBI and Secret Service have confirmed a connection, stating that stolen passwords were used to access victims' crypto wallets. A $150 million theft from Ripple co-founder Chris Larsen resulted in $24 million being recovered. Security researchers found that victims were often older LastPass users with weak master passwords and had stored their crypto seed phrases in LastPass's "Secure Notes". LastPass denies direct responsibility, but experts criticize the company's response and urge users to improve password security practices.

(krebsonsecurity.com)

Tech

Kaspersky Network Allegedly Provides Transit for Notorious 'Bulletproof' Host

2025-03-04

KrebsOnSecurity reports that Prospero OOO, a notorious provider of 'bulletproof' web hosting for cybercriminals, has begun routing its operations through networks run by Kaspersky Lab, the Russian antivirus and security firm. Prospero OOO has long been a source of malware, botnet controllers, and phishing websites. Security experts express concern that Kaspersky's provision of network services, even if denied by Kaspersky, exacerbates worries about facilitating cybercrime. The use of Kaspersky's network as a transit point raises questions about its security practices, especially considering the US government's previous ban on Kaspersky software for federal agencies.

(krebsonsecurity.com)

Tech

Army Soldier Who Leaked Officials' Phone Records Sought Asylum, Faced Treason Question

2025-02-27

Cameron Wagenius, a 20-year-old U.S. Army soldier operating under the alias "Kiberphant0m," pleaded guilty to leaking phone records of high-ranking U.S. government officials. He was part of a hacking group that exploited a vulnerability in Snowflake's cloud storage to steal data from AT&T and other major corporations. Prosecutors revealed Wagenius searched online for non-extradition countries and inquired about whether hacking constitutes treason. He also attempted to sell stolen information to a foreign military intelligence service. Wagenius faces up to ten years in prison and a $250,000 fine, while his accomplices, one of whom is in Turkish custody, face similar charges.

(krebsonsecurity.com)

Tech

Mozilla's Continued Partnership with Onerep: A Year After Broken Promises?

2025-02-13

In March 2024, KrebsOnSecurity revealed that Onerep's founder also runs numerous people-search companies, including the data broker Nuwber. Following this revelation, Mozilla announced it would end its partnership with Onerep. However, nearly a year later, Onerep remains bundled with Firefox. Despite Mozilla's assurances of user data safety, the continued partnership raises questions about its commitment to its stated values. Further complicating matters, Onerep appears to be collaborating with another problematic people-search service, Radaris. This situation highlights the complexities and challenges within the personal data removal industry and prompts ethical considerations regarding data broker business models.

(krebsonsecurity.com)

Tech

Musk's DOGE Team: A 19-Year-Old Hacker and a Massive Government Data Breach

2025-02-09

Wired revealed that a 19-year-old working for Elon Musk's so-called "Department of Government Efficiency" (DOGE) gained access to sensitive US government systems despite his past association with cybercrime communities. This teen, a former member of 'The Com,' a distributed cybercriminal network, has raised serious concerns. Since Trump's second inauguration, DOGE has accessed vast amounts of sensitive data, controlling databases at the Treasury, OPM, and other departments. The 19-year-old, Edward Coristine, known online as "Big Balls," founded Tesla.Sexy LLC and runs the ISP Packetware, with links to cybercrime. His past actions are incompatible with government security clearance standards, leading to significant security risks and widespread lawsuits.

(krebsonsecurity.com)

Tech government oversight

FBI, Dutch Police Bust Massive Pakistan-Based Cybercrime Service

2025-01-31

The FBI and Dutch authorities this week dismantled a massive spam and malware distribution service operating out of Pakistan, known as “The Manipulators.” This group, previously profiled multiple times, provided cybercrime tools to transnational organized crime groups. The operation seized dozens of servers and domains, uncovering millions of victim records, including at least 100,000 from Dutch citizens. The service sold phishing kits, scam pages, and email extractors, facilitating Business Email Compromise (BEC) schemes that caused significant financial losses to victims. Ironically, despite their brazen public profile and past media attention, The Manipulators showed little regard for protecting their own or their customers' identities, leading to their downfall. This represents a major blow to cybercrime, but investigations are ongoing to track down buyers of their services.

(krebsonsecurity.com)

Tech

Mastercard's Five-Year-Old DNS Error

2025-01-22

A security researcher, Philippe Caturegli, uncovered a nearly five-year-old error in Mastercard's domain name server settings. This misconfiguration could have allowed anyone to intercept or divert internet traffic for the company by registering an unused domain name. Caturegli spent $300 to register the domain 'akam.ne' to prevent its exploitation by cybercriminals. Mastercard acknowledged the mistake but claimed no real security risk existed. The incident highlights the potential for significant vulnerabilities in even large organizations' DNS configurations.

(krebsonsecurity.com)

Tech DNS error Mastercard

Canadian Crypto Payment Processor Cryptomus Allegedly Aids Russia in Sanctions Evasion

2025-01-22

Cryptomus, a Canadian-registered financial firm, has been identified as the payment processor for dozens of Russian cryptocurrency exchanges and websites offering cybercrime services to Russian-speaking customers. Investigations reveal Cryptomus's registered address is a virtual office shared with numerous other financial entities, raising concerns about large-scale money laundering and sanctions evasion. Researchers found Cryptomus processed transactions for at least 122 cybercrime services, including those selling stolen accounts, anonymity services, and attack infrastructure. These transactions ultimately linked to accounts in major Russian banks, currently sanctioned by the US and other Western nations. The actual operations of Cryptomus and the legitimacy of its registered address are highly questionable, highlighting the potential for cryptocurrency to facilitate sanctions evasion.

(krebsonsecurity.com)

Tech sanctions evasion money laundering

Hacker News: Inside the Operations of a Prolific Voice Phishing Crew

2025-01-08

A KrebsOnSecurity article exposes the inner workings of a prolific voice phishing gang. The group abuses legitimate Apple and Google services, using spoofed phone numbers, phishing emails, and system messages to defraud victims. They even leverage an official Apple support line to send confirmation messages, building trust. The gang has a clear division of labor, including callers, operators, drainers, and owners. The article reveals how they use data breaches and automated tools to target victims, and details internal conflicts and betrayals. The incident highlights the importance of cybersecurity and exposes the complex operation of cybercrime groups.

(krebsonsecurity.com)

Tech voice phishing

US Army Soldier Arrested for AT&T, Verizon Extortion

2024-12-31

A 20-year-old US Army soldier, Cameron John Wagenius, has been arrested and indicted for his alleged role as Kiberphant0m, a cybercriminal who sold and leaked sensitive customer call records stolen from AT&T and Verizon earlier this year. Wagenius, a communications specialist stationed in South Korea, was linked to another cybercriminal, Connor Riley Moucka, who was also arrested for data theft and extortion. The indictment charges Wagenius with illegally transferring confidential phone records, including threats to leak call logs of the President and Vice President, and selling Verizon PTT customer call records and offering SIM-swapping services. The case highlights the need for strong internal security and demonstrates law enforcement's increasing effectiveness in apprehending cybercriminals.

(krebsonsecurity.com)

Tech cybercrime US Army soldier

One Click, Half a Million Lost: Sophisticated Crypto Phishing Scam Exploits Google Services

2024-12-20

Two victims lost nearly $500,000 in cryptocurrency after clicking on a fraudulent Google account recovery prompt. Scammers used a real Google phone number, forged Google security emails, and tricked victims into clicking a Google prompt on their phones, gaining control of their Gmail accounts. One victim's mistake was storing a picture of their cryptocurrency wallet's seed phrase in Google Photos, giving the scammers easy access to their funds. This incident highlights vulnerabilities in Google's authentication system and the sophistication of scammers using Google services for high-tech phishing attacks.

(krebsonsecurity.com)

Tech phishing cryptocurrency security google authentication