Microsoft Patch Tuesday, November 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Nov 2021 20:39:07 +0000

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Read more

The Rise of One-Time Password Interception Bots

Credit to Author: BrianKrebs| Date: Wed, 29 Sep 2021 12:22:03 +0000

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Read more

Does Your Organization Have a Security.txt File?

Credit to Author: BrianKrebs| Date: Mon, 20 Sep 2021 21:57:27 +0000

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting “Security.txt,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.

Read more

Microsoft Patch Tuesday, July 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 13 Jul 2021 21:41:47 +0000

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. A half of dozen of the vulnerabilities addressed today are under active attack, according to Microsoft.

Read more

Microsoft Issues Emergency Patch for Windows Flaw

Credit to Author: BrianKrebs| Date: Wed, 07 Jul 2021 14:34:59 +0000

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “PrintNightmare,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

Read more

Recycle Your Phone, Sure, But Maybe Not Your Number

Credit to Author: BrianKrebs| Date: Wed, 19 May 2021 15:13:30 +0000

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Read more

Try This One Weird Trick Russian Hackers Hate

Credit to Author: BrianKrebs| Date: Mon, 17 May 2021 14:14:01 +0000

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.

Read more

Microsoft Patch Tuesday, February 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Feb 2021 22:37:19 +0000

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.

Read more