Category Archives: Latest Warnings

Voice Phishing Scams Are Getting More Clever

Posted on by

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly). Continue reading Voice Phishing Scams Are Getting More Clever

Beware of Hurricane Florence Relief Scams

Posted on by

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.

For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc. Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds. Continue reading Beware of Hurricane Florence Relief Scams

Browser Extensions: Are They Worth the Risk?

Posted on by

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack … Continue reading Browser Extensions: Are They Worth the Risk?

Experts Urge Rapid Patching of ‘Struts’ Bug

Posted on by

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside. Continue reading Experts Urge Rapid Patching of ‘Struts’ Bug

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Posted on by

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a “confusingly worded typed letter with occasional Chinese characters.” Continue reading State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Sextortion Scam Uses Recipient’s Hacked Passwords

Posted on by

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address. Continue reading Sextortion Scam Uses Recipient’s Hacked Passwords

Plant Your Flag, Mark Your Territory

Posted on by

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you. Continue reading Plant Your Flag, Mark Your Territory

Google to Fix Location Data Leak in Google Home, Chromecast

Posted on by

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Continue reading Google to Fix Location Data Leak in Google Home, Chromecast

FBI: Kindly Reboot Your Router Now, Please

Posted on by

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to r… Continue reading FBI: Kindly Reboot Your Router Now, Please

Mobile Giants: Please Don’t Share the Where

Posted on by

Your mobile phone is giving away your approximate location all day long. This isn’t exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your lo… Continue reading Mobile Giants: Please Don’t Share the Where