Independent – Page 52 – PossibleThreat Articles

Credit to Author: Lucas Mearian| Date: Thu, 01 Sep 2022 16:46:00 -0700

Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.

The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates.

To read this article in full, please click here

Independent Krebs Security

Final Thoughts on Ubiquiti

August 31, 2022 0 Comments other

Credit to Author: BrianKrebs| Date: Wed, 31 Aug 2022 15:14:29 +0000

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false… Read More »

Independent Krebs Security

How 1-Time Passcodes Became a Corporate Liability

August 30, 2022 0 Comments 0ktapus, christopher knauer, CloudFlare, Data Breaches, digitalocean, doordash, group-ib, klaviyo, mailchimp, matthew prince, security keys, security tools, signal, sitel group, T-Mobile, teleperformance, twilio, twitter, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

ComputerWorld Independent

Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach

August 29, 2022 0 Comments data breach, facebook, legal

Credit to Author: Varun Aggarwal| Date: Mon, 29 Aug 2022 04:19:00 -0700

The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.

ComputerWorld Independent

What is Managed Device Attestation on Apple platforms?

August 26, 2022 0 Comments Apple, endpoint protection, iOS, mobile device management, Security

Credit to Author: Jonny Evans| Date: Fri, 26 Aug 2022 09:43:00 -0700

Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.

Secure the endpoints, not the end times

This adjustment reflects a reality shift. Work doesn’t happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.

Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.

To read this article in full, please click here

ComputerWorld Independent

Planned ‘fixes’ for credit-card interchange fees will actually make fraud easier

August 26, 2022 0 Comments finance and accounting systems, Financial Services Industry, Security

Credit to Author: Evan Schuman| Date: Fri, 26 Aug 2022 03:00:00 -0700

I love it when organizations try and do something good, but don’t think things through and end up delivering unintended negative consequences.

Today’s case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce high interchange costs, but are unintentionally increasing costs for merchants and sharply boosting the undiscovered fraud rate. Not bad for government work.

Let’s start with the Senate, where Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) have crafted The Credit Card Competition Act of 2022. Its stated goal: reduce the interchange fee that financial institutions and card brands (Visa, MasterCard, Amex, etc.) charge retailers.

To read this article in full, please click here

Independent Krebs Security

PayPal Phishing Scam Uses Invoices Sent Via PayPal

August 18, 2022 0 Comments A Little Sunshine, Latest Warnings, Paypal, paypal business, paypayl invoice scam, Web Fraud 2.0, zelle fraud scam

Credit to Author: BrianKrebs| Date: Thu, 18 Aug 2022 15:27:53 +0000

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.

Independent Krebs Security

When Efforts to Contain a Data Breach Backfire

August 16, 2022 0 Comments A Little Sunshine, banorte breach, cloudsecurityalliance, cti league, Data Breaches, group-ib, kurt seifried, ohad zaidenberg, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 16 Aug 2022 17:06:00 +0000

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.

ComputerWorld Independent

What is USB Restricted Mode in macOS Ventura, and why do you want it?

August 15, 2022 0 Comments computers and peripherals, iOS, MacOS, Security

Credit to Author: Jonny Evans| Date: Mon, 15 Aug 2022 06:35:00 -0700

Once upon a time, one attack vector for industrial sabotage consisted of exfiltrating data from Macs using a standard-issue USB storage card. Researchers have also shown that it’s possible to hijack computers with malware-infested cables. It’s a jungle out there, so Apple has toughened up (Apple Silicon) Mac protection with USB Restricted Mode.

What is USB Restricted Mode?

Beginning with macOS Ventura, the new layer of protection comes in the form of USB Restricted mode, which should provide a little reassurance to enterprise IT and is enabled by default.

To read this article in full, please click here

ComputerWorld Independent