Patch Tuesday, June 2024 “Recall” Edition

Credit to Author: BrianKrebs| Date: Tue, 11 Jun 2024 22:57:35 +0000

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Read more

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Credit to Author: BrianKrebs| Date: Wed, 10 Apr 2024 14:28:17 +0000

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to redirect to “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.

Read more

“TootRoot” Mastodon vulnerabilities fixed: Admins, patch now!

Categories: Personal

Tags: tootroot

Tags: mastodon

Tags: server

Tags: patch

Tags: update

Tags: CVE

Tags: flaw

Tags: vulnerability

Tags: social media

Tags: network

Tags: networking

We take a look at a collection of issues (now patched) which were affecting Mastodon servers. It’s time to apply the fix for TootRoot.

(Read more…)

The post “TootRoot” Mastodon vulnerabilities fixed: Admins, patch now! appeared first on Malwarebytes Labs.

Read more

Service Rents Email Addresses for Account Signups

Credit to Author: BrianKrebs| Date: Tue, 06 Jun 2023 20:09:13 +0000

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.

Read more

Phishing Domains Tanked After Meta Sued Freenom

Credit to Author: BrianKrebs| Date: Fri, 26 May 2023 16:37:15 +0000

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Read more

Interview With a Crypto Scam Investment Spammer

Credit to Author: BrianKrebs| Date: Tue, 23 May 2023 00:15:30 +0000

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

Read more

Hive Social pulls the plug on itself after security flaws found

Categories: News

Tags: Hive social

Tags: app

Tags: mobile

Tags: social media

Tags: socmed

Tags: mastodon

Tags: twitter

Tags: security

Hive was taken offline last Wednesday, after researchers found security issues which could have had major ramifications for service users.

(Read more…)

The post Hive Social pulls the plug on itself after security flaws found appeared first on Malwarebytes Labs.

Read more