‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Read more

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Credit to Author: BrianKrebs| Date: Fri, 19 Nov 2021 21:36:30 +0000

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Read more

SMS About Bank Fraud as a Pretext for Voice Phishing

Credit to Author: BrianKrebs| Date: Wed, 10 Nov 2021 21:12:03 +0000

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Read more

Microsoft Patch Tuesday, November 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Nov 2021 20:39:07 +0000

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Read more

‘Tis the Season for the Wayward Package Phish

Credit to Author: BrianKrebs| Date: Thu, 04 Nov 2021 16:49:59 +0000

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.

Read more

‘Trojan Source’ Bug Threatens the Security of All Code

Credit to Author: BrianKrebs| Date: Mon, 01 Nov 2021 04:23:36 +0000

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Read more

The Rise of One-Time Password Interception Bots

Credit to Author: BrianKrebs| Date: Wed, 29 Sep 2021 12:22:03 +0000

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Read more

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Credit to Author: BrianKrebs| Date: Tue, 28 Sep 2021 15:49:46 +0000

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.

Read more