Latest Warnings – Computer Security Articles

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

January 11, 2022 admin cve-2021-22947, cve-2021-36976, cve-2022-21846, cve-2022-21907, dustin childs, Exchange Server, http protocol stack, Latest Warnings, microsoft patch tuesday january 2022, national security agency, Rapid7, Satnam Narang, Tenable, The Coming Storm, Time to Patch, Trend Micro, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Independent Krebs

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

November 19, 2021 admin A Little Sunshine, bob sullivan, Consumer Financial Protection Bureau, cuna mutual insurance, ken otsuka, Latest Warnings, Web Fraud 2.0, zelle scam

Credit to Author: BrianKrebs| Date: Fri, 19 Nov 2021 21:36:30 +0000

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Independent Krebs

SMS About Bank Fraud as a Pretext for Voice Phishing

November 10, 2021 admin A Little Sunshine, kris stevens, Latest Warnings, smishing, voice phishing

Credit to Author: BrianKrebs| Date: Wed, 10 Nov 2021 21:12:03 +0000

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Independent Krebs

Microsoft Patch Tuesday, November 2021 Edition

November 9, 2021 admin Allan Liska, cve-2021-41371, cve-2021-42292, cve-2021-42321, cve-20213-38631, dustin childs, Latest Warnings, microsoft excel, microsoft exchange server zero-day, Recorded Future, Remote Desktop Protocol, Security Tools, Time to Patch, trend micro zero day initiative

Credit to Author: BrianKrebs| Date: Tue, 09 Nov 2021 20:39:07 +0000

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Independent Krebs

‘Tis the Season for the Wayward Package Phish

November 4, 2021 admin A Little Sunshine, fedeex, FedEx, Latest Warnings, louis morton, smishing, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 04 Nov 2021 16:49:59 +0000

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.

Independent Krebs

‘Trojan Source’ Bug Threatens the Security of All Code

November 1, 2021 admin bidi override, cambridge university, cve-2021-42574, cve-2021-42694, johns hopkins information security institute, Latest Warnings, matthew green, Nicholas Weaver, ross anderson, rust, The Coming Storm, Time to Patch, trojan source bug, university of california berkeley

Credit to Author: BrianKrebs| Date: Mon, 01 Nov 2021 04:23:36 +0000

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Independent Krebs

The Rise of One-Time Password Interception Bots

September 29, 2021 admin Intel 471, Latest Warnings, otp agency, otp circumvention bot, otp interception bot, Security Tools, sms buster, sms interception bot, smsranger, telegram, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 29 Sep 2021 12:22:03 +0000

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Independent Krebs

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

September 28, 2021 admin apple airtag, Ars Technica, bobby rauch, good samaritan attack, jim salter, Latest Warnings, washington post, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Sep 2021 15:49:46 +0000

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.

← Previous