Saturday, May 24, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Krebs

IndependentKrebs
admin

Patch Tuesday Lowdown, July 2019 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Jul 2019 22:32:11 +0000

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.

Read More
IndependentKrebs
admin

Who’s Behind the GandCrab Ransomware?

Credit to Author: BrianKrebs| Date: Mon, 08 Jul 2019 17:27:42 +0000

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Read More
IndependentKrebs
admin

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Credit to Author: BrianKrebs| Date: Fri, 28 Jun 2019 18:01:53 +0000

It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Microsoft Azure and Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors.

Read More
IndependentKrebs
admin

Tracing the Supply Chain Attack on Android

Credit to Author: BrianKrebs| Date: Tue, 25 Jun 2019 15:24:29 +0000

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “Yehuo” or “Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.

Read More
IndependentKrebs
admin

Microsoft Patch Tuesday, June 2019 Edition

Credit to Author: BrianKrebs| Date: Wed, 12 Jun 2019 13:26:21 +0000

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment. And of course Adobe has its customary monthly security update for Flash Player.

Read More
IndependentKrebs
admin

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Credit to Author: BrianKrebs| Date: Tue, 04 Jun 2019 21:45:59 +0000

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients. Just a few days ago, the news was all about how Quest had suffered a major breach. But today’s disclosure by LabCorp. suggests we are nowhere near done hearing about other companies with millions of consumers victimized because of this incident: The AMCA is a New York company with a storied history of aggressively collecting debt for a broad range of businesses, including medical labs and hospitals, direct marketers, telecom companies, and state and local traffic/toll agencies.

Read More