Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Credit to Author: BrianKrebs| Date: Thu, 24 Sep 2020 17:00:51 +0000

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.

Read more

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Credit to Author: BrianKrebs| Date: Wed, 23 Sep 2020 23:06:38 +0000

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.

Read more

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Credit to Author: BrianKrebs| Date: Thu, 17 Sep 2020 22:03:21 +0000

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

Read more

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Credit to Author: BrianKrebs| Date: Wed, 16 Sep 2020 20:53:17 +0000

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Read more

Due Diligence That Money Can’t Buy

Credit to Author: BrianKrebs| Date: Mon, 14 Sep 2020 19:47:01 +0000

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble.

Read more

Microsoft Patch Tuesday, Sept. 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 Sep 2020 21:33:26 +0000

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users.

Read more

The Joys of Owning an ‘OG’ Email Account

Credit to Author: BrianKrebs| Date: Thu, 03 Sep 2020 01:08:56 +0000

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and often for some fairly sensitive services online.

Read more

Sendgrid Under Siege from Hacked Accounts

Credit to Author: BrianKrebs| Date: Fri, 28 Aug 2020 13:59:23 +0000

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

Read more