Latest Warnings – Computer Security Articles

FBI, CISA Echo Warnings on ‘Vishing’ Threat

August 21, 2020 admin cisa, covid-19, FBI, Latest Warnings, Security Tools, The Coming Storm, vishing

Credit to Author: BrianKrebs| Date: Fri, 21 Aug 2020 20:34:18 +0000

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.

Independent Krebs

Voice Phishers Targeting Corporate VPNs

August 19, 2020 admin Allison Nixon, domaintools, Latest Warnings, Security Keys, The Coming Storm, unit 221b, urlscan.io, vishing, vpn phishing, Yubico, Yubikey, zack allen, ZeroFOX

Credit to Author: BrianKrebs| Date: Wed, 19 Aug 2020 13:55:46 +0000

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Independent Krebs

Microsoft Patch Tuesday, August 2020 Edition

August 11, 2020 admin adobe acrobat, Adobe Reader, black hat, cve-2020-1048, cve-2020-1337, cve-2020-1380, cve-2020-1464, cve-2020-1472, dustin childs, internet explorer zero-day, Latest Warnings, microsoft patch tuesday august 2020, Other, Satnam Narang, Tenable, Time to Patch, trend micro zero day initiative

Credit to Author: BrianKrebs| Date: Tue, 11 Aug 2020 20:55:02 +0000

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!

Independent Krebs

Is Your Chip Card Secure? Much Depends on Where You Bank

July 30, 2020 admin All About Skimmers, chip cards, cvv, cyber r&d labs, EMV, Gemini Advisory, iCVV, key food breach, Latest Warnings, POS malware, shimmers, skimmers, Stas Alforov, The Coming Storm, Visa

Credit to Author: BrianKrebs| Date: Thu, 30 Jul 2020 15:09:24 +0000

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

Independent Krebs

Turn on MFA Before Crooks Do It For You

June 19, 2020 admin dennis dayman, Latest Warnings, microsoft, multi-factor authentication, Security Tools, twofactorauth.org, xbox

Credit to Author: BrianKrebs| Date: Fri, 19 Jun 2020 19:19:10 +0000

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident.

Independent Krebs

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

June 13, 2020 admin Allison Nixon, Latest Warnings, privnote.com, privnotes.com, unit 221b

Credit to Author: BrianKrebs| Date: Sun, 14 Jun 2020 04:01:22 +0000

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.

Independent Krebs

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

June 9, 2020 admin alex holden, CrowdStrike, DoppelPaymer, emsisoft, fabian wosar, Hold Security, Latest Warnings, ransomware, steve price, yuliana bellini

Credit to Author: BrianKrebs| Date: Tue, 09 Jun 2020 17:05:20 +0000

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

Independent Krebs

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

May 15, 2020 admin Latest Warnings, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Sat, 16 May 2020 04:34:45 +0000

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service sent to field offices around the United States this week says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.”

← Previous