Latest Warnings – Page 2 – PossibleThreat Articles

Using Google Search to Find Software Can Be Risky

January 25, 2024 0 Comments A Little Sunshine, domaintools, Google, Latest Warnings, malvertising, sentinel one, tom hegel, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 25 Jan 2024 18:38:43 +0000

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Independent Krebs Security

Microsoft Patch Tuesday, December 2023 Edition

December 12, 2023 0 Comments cve-2023-35628, cve-2023-35636, cve-2023-35641, immersive labs, kevin breen, Latest Warnings, microsoft patch tuesday december 2023, satnam narang, tenable, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 12 Dec 2023 22:21:00 +0000

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.

Independent Krebs Security

Okta: Breach Affected All Customer Support Users

November 29, 2023 0 Comments Data Breaches, Latest Warnings, okta breach, The Coming Storm

Credit to Author: BrianKrebs| Date: Wed, 29 Nov 2023 19:41:14 +0000

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Independent Krebs Security

It’s Still Easy for Anyone to Become You at Experian

November 11, 2023 0 Comments A Little Sunshine, experian, identity theft, Latest Warnings, scott anderson

Credit to Author: BrianKrebs| Date: Sat, 11 Nov 2023 17:59:07 +0000

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hijacked, and the only way I could recover access was by recreating the account.

Independent Krebs Security

The Fake Browser Update Scam Gets a Makeover

October 18, 2023 0 Comments A Little Sunshine, binance smart chain, bnb smart chain, clearfake, dusty miller, guardio labs, Latest Warnings, nati tal, oleg zaytsev, randy mceoin, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 18 Oct 2023 14:03:28 +0000

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Independent Krebs Security

Phishers Spoof USPS, 12 Other Natl’ Postal Services

October 9, 2023 0 Comments A Little Sunshine, alibaba, correos.es, dnslytics.com, domaintools, Latest Warnings, poste italiane, posti, postnl, postnord, ua-80133954-3, urlscan.io, usps, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Oct 2023 20:39:43 +0000

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

Independent Krebs Security

Don’t Let Zombie Zoom Links Drag You Down

October 2, 2023 0 Comments A Little Sunshine, charan akiri, Latest Warnings, LinkedIn, The Coming Storm, zoom, zoom personal meeting id

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2023 15:43:34 +0000

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

Independent Krebs Security

U.S. Hacks QakBot, Quietly Removes Botnet Infections

August 29, 2023 0 Comments doj, don alway, FBI, federal bureau of investigation, Latest Warnings, martin estrada, qakbot, Qbot, Ransomware, The Coming Storm, u.s. department of justice

Credit to Author: BrianKrebs| Date: Tue, 29 Aug 2023 18:35:25 +0000

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

Independent Krebs Security

Kroll Employee SIM-Swapped for Crypto Investor Data

August 25, 2023 0 Comments A Little Sunshine, blockfi, Data Breaches, ftx, kroll breach, Latest Warnings, SIM swapping, T-Mobile

Credit to Author: BrianKrebs| Date: Fri, 25 Aug 2023 18:05:10 +0000

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll — the company handling both firms’ bankruptcy restructuring.

Independent Krebs Security

Teach a Man to Phish and He’s Set for Life

August 4, 2023 0 Comments A Little Sunshine, check point software, Latest Warnings, LinkedIn, Microsoft, Microsoft 365, phishing, right to left override, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 04 Aug 2023 13:49:15 +0000

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.