Be Very Sparing in Allowing Site Notifications

Credit to Author: BrianKrebs| Date: Tue, 17 Nov 2020 14:13:29 +0000

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Read more

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Credit to Author: BrianKrebs| Date: Thu, 29 Oct 2020 00:43:30 +0000

On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”

Read more

Breach at Dickey’s BBQ Smokes 3M Cards

Credit to Author: BrianKrebs| Date: Thu, 15 Oct 2020 20:44:44 +0000

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.

Read more

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Credit to Author: BrianKrebs| Date: Fri, 21 Aug 2020 20:34:18 +0000

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.

Read more

Voice Phishers Targeting Corporate VPNs

Credit to Author: BrianKrebs| Date: Wed, 19 Aug 2020 13:55:46 +0000

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Read more

Microsoft Patch Tuesday, August 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 11 Aug 2020 20:55:02 +0000

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!

Read more

Is Your Chip Card Secure? Much Depends on Where You Bank

Credit to Author: BrianKrebs| Date: Thu, 30 Jul 2020 15:09:24 +0000

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

Read more

Turn on MFA Before Crooks Do It For You

Credit to Author: BrianKrebs| Date: Fri, 19 Jun 2020 19:19:10 +0000

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident.

Read more