Recycle Your Phone, Sure, But Maybe Not Your Number

Credit to Author: BrianKrebs| Date: Wed, 19 May 2021 15:13:30 +0000

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Read more

Try This One Weird Trick Russian Hackers Hate

Credit to Author: BrianKrebs| Date: Mon, 17 May 2021 14:14:01 +0000

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.

Read more

Microsoft Patch Tuesday, February 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Feb 2021 22:37:19 +0000

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.

Read more

Patch Tuesday, Good Riddance 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 Dec 2020 23:47:38 +0000

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

Read more

IRS to Make ID Protection PIN Open to All

Credit to Author: BrianKrebs| Date: Fri, 04 Dec 2020 14:50:05 +0000

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.

Read more

Patch Tuesday, November 2020 Edition

Credit to Author: BrianKrebs| Date: Wed, 11 Nov 2020 01:56:41 +0000

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.

Read more

Microsoft Patch Tuesday, Sept. 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 Sep 2020 21:33:26 +0000

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users.

Read more

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Credit to Author: BrianKrebs| Date: Fri, 21 Aug 2020 20:34:18 +0000

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.

Read more