Latest Warnings – Computer Security Articles

Crickets from Chirp Systems in Smart Lock Key Leak

April 15, 2024 admin A Little Sunshine, august.com, chirp systems, Latest Warnings, matt brown, ProPublica, realpage inc., Security Tools, u.s. cybersecurity & infrastructure security agency

Credit to Author: BrianKrebs| Date: Mon, 15 Apr 2024 14:51:17 +0000

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Independent Krebs

Fake Lawsuit Threat Exposes Privnote Phishing Sites

April 15, 2024 admin A Little Sunshine, alexandr ermakov, andrey sokol, Breadcrumbs, fory66399, hkleaks, Latest Warnings, metamask, privnote, privnote.com, russia's war on ukraine, taylor monahan, tornote.io, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 04 Apr 2024 14:12:16 +0000

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Independent Krebs

Thread Hijacking: Phishes That Prey on Your Curiosity

April 15, 2024 admin A Little Sunshine, adam kidan, brett sholtis, empire workforce solutions, lancasteronline.com, Latest Warnings, multi-persona phishing, Ne'er-Do-Well News, phishing, proofpoint, ryan kalember, thread hijacking, tom murse, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 28 Mar 2024 23:56:13 +0000

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Independent Krebs

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

April 15, 2024 admin A Little Sunshine, apple, apple recovery key, kishan bagaria, Latest Warnings, mfa bombing, mfa fatigue, parth patel, peopledatalabs, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 26 Mar 2024 15:37:54 +0000

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Independent Krebs

Calendar Meeting Links Used to Spread Mac Malware

February 28, 2024 admin A Little Sunshine, BlueNoroff, chris ueland, hunt.io, kaspersky labs, Latest Warnings, Lazarus Group, mac malware, Recorded Future, Web Fraud 2.0, x-protect

Credit to Author: BrianKrebs| Date: Wed, 28 Feb 2024 16:56:43 +0000

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Independent Krebs

U.S. Internet Leaked Years of Internal, Customer Emails

February 14, 2024 admin A Little Sunshine, alex holden, data breaches, Hold Security, Latest Warnings, securence, travis carter, u.s. internet corp.

Credit to Author: BrianKrebs| Date: Wed, 14 Feb 2024 16:45:46 +0000

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser.

Independent Krebs

Fat Patch Tuesday, February 2024 Edition

February 13, 2024 admin adam barnett, cve-2024-21351, cve-2024-21410, cve-2024-21412, cve-2024-21413, immersive labs, kevin breen, Latest Warnings, Microsoft Office, patch tuesday february 2024, Rapid7, Satnam Narang, Security Tools, Tenable, Time to Patch, Trend Micro, Windows SmartScreen

Credit to Author: BrianKrebs| Date: Tue, 13 Feb 2024 22:28:48 +0000

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

Independent Krebs

Juniper Support Portal Exposed Customer Device Info

February 9, 2024 admin A Little Sunshine, juniper networks, Latest Warnings, logan george, Nicholas Weaver

Credit to Author: BrianKrebs| Date: Fri, 09 Feb 2024 15:34:21 +0000

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including the exact devices each customer bought, as well as each device’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

← Previous