Patch Tuesday Lowdown, October 2019 Edition

Credit to Author: BrianKrebs| Date: Wed, 09 Oct 2019 06:00:58 +0000

On Tuesday Microsoft issued software updates to fix almost five dozen security problems in Windows and software designed to run on top of it. By most accounts, it’s a relatively light patch batch this month. Here’s a look at the highlights.

Read more

Before He Spammed You, this Sly Prince Stalked Your Mailbox

Credit to Author: BrianKrebs| Date: Wed, 18 Sep 2019 18:53:16 +0000

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: it was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these “advance fee” or “419” scams- – so-called because they violate section 419 of the criminal code of Nigeria where many such lures originate — predate email and have circulated via postal mail in various forms and countries over the years.

Read more

Phishers are Angling for Your Cloud Providers

Credit to Author: BrianKrebs| Date: Fri, 30 Aug 2019 16:21:59 +0000

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Read more

Patch Tuesday, August 2019 Edition

Credit to Author: BrianKrebs| Date: Tue, 13 Aug 2019 21:57:13 +0000

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month.

Read more

The Risk of Weak Online Banking Passwords

Credit to Author: BrianKrebs| Date: Mon, 05 Aug 2019 14:04:27 +0000

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.

Read more

The Unsexy Threat to Election Security

Credit to Author: BrianKrebs| Date: Thu, 25 Jul 2019 17:01:41 +0000

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.

Read more

Legal Threats Make Powerful Phishing Lures

Credit to Author: BrianKrebs| Date: Wed, 22 May 2019 19:26:04 +0000

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

Read more

P2P Weakness Exposes Millions of IoT Devices

Credit to Author: BrianKrebs| Date: Fri, 26 Apr 2019 13:17:14 +0000

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

Read more