Independent – Page 53 – PossibleThreat Articles

Credit to Author: Greg Lambert| Date: Sat, 13 Aug 2022 04:58:00 -0700

Microsoft’s August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it’s back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update, it will require planning and testing before deployment.

The first (CVE-2022-34713) occurs in the Windows diagnostic tools and the second (CVE-2022-30134) affects Microsoft Exchange. Basically, the holidays are over and it’s time to pay attention to Microsoft updates again. We have made “Patch Now” recommendations for Windows, Exchange and Adobe for this month.

To read this article in full, please click here

Independent Krebs Security

Sounding the Alarm on Emergency Alert System Flaws

August 12, 2022 0 Comments A Little Sunshine, comcast, cybir, david mcguire, Defcon, department of homeland security, digital alert systems, emergency alert system, ken pyle, Latest Warnings, monroe electronics, The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 12 Aug 2022 15:26:58 +0000

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.

Independent Krebs Security

It Might Be Our Data, But It’s Not Our Breach

August 11, 2022 0 Comments A Little Sunshine, alex holden, AT&T, at&t internet, bellsouth.net, bleeping computer, Data Breaches, databreaches.net, Hold Security, lawrence abrams, new jersey cybersecurity & communications integration cell, sbcglobal.net, shinyhunters, T-Mobile, The Coming Storm, u-verse, white house market

Credit to Author: BrianKrebs| Date: Thu, 11 Aug 2022 17:45:31 +0000

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.

Independent Krebs Security

The Security Pros and Cons of Using Email Aliases

August 10, 2022 0 Comments A Little Sunshine, alex holden, allekabels, Data Breaches, email alias, haveibeenpwned.com, Hold Security, rtl nieuws, security tools, troy hunt

Credit to Author: BrianKrebs| Date: Wed, 10 Aug 2022 15:10:59 +0000

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website.

ComputerWorld Independent

Microsoft urges Windows users to run patch for DogWalk zero-day exploit

August 10, 2022 0 Comments Security, small and medium business, Windows

Credit to Author: Charlotte Trueman| Date: Wed, 10 Aug 2022 07:37:00 -0700

Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.

The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.

To read this article in full, please click here

Independent Krebs Security

Microsoft Patch Tuesday, August 2022 Edition

August 9, 2022 0 Comments cve-2022-21980, cve-2022-24477, cve-2022-24516, cve-2022-30133, cve-2022-30134, cve-2022-34713, cve-2022-35743, follina, greg wiseman, immersive labs, kevin breen, microsoft patch tuesday august 2022, rapid7, sans internet storm center, Time to Patch, visual studio, windows hello

Credit to Author: BrianKrebs| Date: Tue, 09 Aug 2022 23:01:10 +0000

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.

ComputerWorld Independent

Banks face a WhatsApp reckoning as regulators clamp down on messaging apps

August 8, 2022 0 Comments Data privacy, Financial Services Industry, mobile apps

Credit to Author: Matthew Finnegan| Date: Mon, 08 Aug 2022 03:01:00 -0700

As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant.

“The explosion of new electronic communications channels — and the pervasive use of these — raises lots of red flags for the regulators,” said Anthony Diana, a partner at law firm Reed Smith’s Tech & Data Group. “The fear is that, if bad things are happening, they’re happening on these personal apps, not on the sanctioned communication channels that are surveilled.”

Anthony Diana, a partner at law firm Reed Smith’s Tech & Data Group.
To read this article in full, please click here

Independent Krebs Security

Class Action Targets Experian Over Account Security

August 5, 2022 0 Comments A Little Sunshine, The Coming Storm

Credit to Author: BrianKrebs| Date: Sat, 06 Aug 2022 01:54:35 +0000

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.

ComputerWorld Independent

Microsoft boosts threat intelligence with new Defender programs

August 4, 2022 0 Comments Threat and Vulnerability Management

Credit to Author: Shweta Sharma| Date: Thu, 04 Aug 2022 08:39:00 -0700

Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence.

Independent Krebs Security

Scammers Sent Uber to Take Elderly Lady to the Bank

August 4, 2022 0 Comments elder scams, email scam, FBI, Latest Warnings, The Coming Storm, travis hardaway, uber, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 04 Aug 2022 15:41:09 +0000

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.