Krebs – Page 23 – Computer Security Articles

Microsoft Patch Tuesday, January 2023 Edition

January 10, 2023 admin cve-2023-21563, cve-2023-21674, cve-2023-21678, cve-2023-21743, cve-2023-21745, cve-2023-21762, dustin childs, Latest Warnings, microsoft bitlocker, Satnam Narang, Security Tools, Tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 10 Jan 2023 22:28:55 +0000

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

Independent Krebs

Identity Thieves Bypassed Experian Security to View Credit Reports

January 9, 2023 admin A Little Sunshine, annualcreditreport.com, data breaches, Experian, jenya kushnir, Ne'er-Do-Well News, Sen. Ron Wyden, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Jan 2023 14:05:15 +0000

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

Independent Krebs

Happy 13th Birthday, KrebsOnSecurity!

December 29, 2022 admin Other

Credit to Author: BrianKrebs| Date: Thu, 29 Dec 2022 22:35:36 +0000

KrebsOnSecurity turns 12 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m liable to keep doing this as long as they keep letting me! Thanks to your readership and support, I was able to spend more time in 2022 on in-depth investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Breaches review below.

Independent Krebs

The Equifax Breach Settlement Offer is Real, For Now

December 20, 2022 admin data breaches, Equifax breach, equifax class action settlement, myprepaidcenter.com, Other

Credit to Author: BrianKrebs| Date: Tue, 20 Dec 2022 20:08:40 +0000

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.

Independent Krebs

Hacked Ring Cams Used to Record Swatting Victims

December 19, 2022 admin aspertaine, chumlul, james thomas andrew mccarty, kya christian nelson, Ne'er-Do-Well News, SIM swapping, violence-as-a-service

Credit to Author: BrianKrebs| Date: Tue, 20 Dec 2022 01:24:10 +0000

Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.

Independent Krebs

Six Charged in Mass Takedown of DDoS-for-Hire Sites

December 14, 2022 admin ddos-for-hire, Ne'er-Do-Well News

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 19:58:00 +0000

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Independent Krebs

Microsoft Patch Tuesday, December 2022 Edition

December 14, 2022 admin apple zero-day, cve-2022-41076, cve-2022-44698, cve-2022-44710, cve-2022-44713, Greg Wiseman, immersive labs, kevin breen, Latest Warnings, microsoft patch tuesday december 2022, Powershell, Rapid7, Security Tools, Sophos, Time to Patch, trend micro's zero day initiative, will dormann, windows

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 17:01:07 +0000

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Independent Krebs

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

December 13, 2022 admin A Little Sunshine, breached, data breaches, FBI, infragard, pompompurin, RaidForums, usdod, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 13 Dec 2022 23:54:21 +0000

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.