Thursday, July 3, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Latest Warnings

IndependentKrebs
admin

Calendar Meeting Links Used to Spread Mac Malware

Credit to Author: BrianKrebs| Date: Wed, 28 Feb 2024 16:56:43 +0000

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Read More
IndependentKrebs
admin

U.S. Internet Leaked Years of Internal, Customer Emails

Credit to Author: BrianKrebs| Date: Wed, 14 Feb 2024 16:45:46 +0000

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser.

Read More
IndependentKrebs
admin

Juniper Support Portal Exposed Customer Device Info

Credit to Author: BrianKrebs| Date: Fri, 09 Feb 2024 15:34:21 +0000

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including the exact devices each customer bought, as well as each device’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Read More
IndependentKrebs
admin

Using Google Search to Find Software Can Be Risky

Credit to Author: BrianKrebs| Date: Thu, 25 Jan 2024 18:38:43 +0000

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Read More
IndependentKrebs
admin

Microsoft Patch Tuesday, December 2023 Edition

Credit to Author: BrianKrebs| Date: Tue, 12 Dec 2023 22:21:00 +0000

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.

Read More
IndependentKrebs
admin

Okta: Breach Affected All Customer Support Users

Credit to Author: BrianKrebs| Date: Wed, 29 Nov 2023 19:41:14 +0000

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Read More
IndependentKrebs
admin

It’s Still Easy for Anyone to Become You at Experian

Credit to Author: BrianKrebs| Date: Sat, 11 Nov 2023 17:59:07 +0000

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hijacked, and the only way I could recover access was by recreating the account.

Read More