Krebs – Page 9 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Tue, 10 Sep 2024 21:46:21 +0000

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Independent Krebs

September 12, 2024 admin

Sextortion Scams Now Include Photos of Your Home

Credit to Author: BrianKrebs| Date: Tue, 03 Sep 2024 15:45:49 +0000

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.

Independent Krebs

September 12, 2024 admin

Owners of 1-Time Passcode Theft Service Plead Guilty

Credit to Author: BrianKrebs| Date: Mon, 02 Sep 2024 16:46:35 +0000

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.

Independent Krebs

September 12, 2024 admin

When Get-Out-The-Vote Efforts Look Like Phishing

Credit to Author: BrianKrebs| Date: Wed, 28 Aug 2024 23:55:17 +0000

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.

Independent Krebs

August 27, 2024 admin

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Credit to Author: BrianKrebs| Date: Tue, 27 Aug 2024 14:26:41 +0000

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Independent Krebs

August 23, 2024 admin

Local Networks Go Global When Domain Names Collide

Credit to Author: BrianKrebs| Date: Fri, 23 Aug 2024 14:12:31 +0000

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

Independent Krebs

August 19, 2024 admin

National Public Data Published Its Own Passwords

Credit to Author: BrianKrebs| Date: Mon, 19 Aug 2024 16:23:31 +0000

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

Independent Krebs

August 15, 2024 admin

NationalPublicData.com Hack Exposes a Nation’s Data

Credit to Author: BrianKrebs| Date: Thu, 15 Aug 2024 22:38:36 +0000

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.