Latest Warnings – Computer Security Articles

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

March 31, 2020 admin 0 Comments A Little Sunshine, chris ueland, escrow.com, godaddy.com, Latest Warnings, Let's Encrypt, matt barrie, SecurityTrails, The Coming Storm

Credit to Author: BrianKrebs| Date: Wed, 01 Apr 2020 03:30:46 +0000

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to briefly hijack domains for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.

Independent Krebs

Zyxel Flaw Powers New Mirai IoT Botnet Strain

March 20, 2020 admin cve-2020-9054, Latest Warnings, Mirai, mukashi, Palo Alto Networks, Time to Patch, zyxel, zyxel communications corp.

Credit to Author: BrianKrebs| Date: Fri, 20 Mar 2020 14:46:15 +0000

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.

Independent Krebs

Zxyel Flaw Powers New Mirai IoT Botnet Strain

March 20, 2020 admin cve-2020-9054, Latest Warnings, Mirai, mukashi, Palo Alto Networks, Time to Patch, zyxel, zyxel communications corp.

Credit to Author: BrianKrebs| Date: Fri, 20 Mar 2020 14:46:15 +0000

Independent Krebs

Coronavirus Widens the Money Mule Pool

March 17, 2020 admin A Little Sunshine, alex holden, bitcoin atm scam, coronavirus scam, globalgiving, Hold Security, Holdsecurity.com, kevin conroy, Latest Warnings, vasty health care foundation, vastyhealthcarefoundation.com, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 17 Mar 2020 22:11:46 +0000

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.”

Independent Krebs

Live Coronavirus Map Used to Spread Malware

March 17, 2020 admin AZORult, coronavirus malware, coronavirus map, covid-19 malware, johns hopkins university, Latest Warnings, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 12 Mar 2020 15:53:26 +0000

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.

Independent Krebs

Zyxel 0day Affects its Firewall Products, Too

February 26, 2020 admin 0day, alex holden, Latest Warnings, Time to Patch, Zero-Day, zyxel

Credit to Author: BrianKrebs| Date: Wed, 26 Feb 2020 14:43:31 +0000

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Independent Krebs

Zyxel Fixes 0day in Network Storage Devices

February 24, 2020 admin 0day, 500mhz, alex holden, cert coordination center, cert-cc, cve-2020-9054, DHS, emotet, Hold Security, Latest Warnings, ransomware, The Coming Storm, Time to Patch, Zero-Day, zyxel communications corp.

Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

Independent Krebs

Dangerous Domain Corp.com Goes Up for Sale

February 8, 2020 admin Active Directory, corp.com, dns name devolution, jas global advisors, jeff schmidt, Latest Warnings, Microsoft Corp., microsoft windows, mike o'connor, namespace collision, The Coming Storm, U.S. Department of Homeland Security

Credit to Author: BrianKrebs| Date: Sat, 08 Feb 2020 17:32:04 +0000

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.

← Previous