Latest Warnings – Page 6 – WindowsTechs.com

Microsoft Patch Tuesday, December 2022 Edition

Posted on December 14, 2022 by BrianKrebs

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday. Continue reading Microsoft Patch Tuesday, December 2022 Edition→

ConnectWise Quietly Patches Flaw That Helps Phishers

Posted on December 1, 2022 by BrianKrebs

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks. Continue reading ConnectWise Quietly Patches Flaw That Helps Phishers→

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Posted on November 28, 2022 by BrianKrebs

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices. Continue reading U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer→

Microsoft Patch Tuesday, October 2022 Edition

Posted on October 11, 2022 by BrianKrebs

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server. Continue reading Microsoft Patch Tuesday, October 2022 Edition→

Microsoft: Two New 0-Day Flaws in Exchange Server

Posted on September 30, 2022 by BrianKrebs

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks. Continue reading Microsoft: Two New 0-Day Flaws in Exchange Server→

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Posted on August 18, 2022 by BrianKrebs

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. Continue reading PayPal Phishing Scam Uses Invoices Sent Via PayPal→

Sounding the Alarm on Emergency Alert System Flaws

Posted on August 12, 2022 by BrianKrebs

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. Continue reading Sounding the Alarm on Emergency Alert System Flaws→

Scammers Sent Uber to Take Elderly Lady to the Bank

Posted on August 4, 2022 by BrianKrebs

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off. Continue reading Scammers Sent Uber to Take Elderly Lady to the Bank→

Massive Losses Define Epidemic of ‘Pig Butchering’

Posted on July 21, 2022 by BrianKrebs

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out. Continue reading Massive Losses Define Epidemic of ‘Pig Butchering’→

Experian, You Have Some Explaining to Do

Posted on July 11, 2022 by BrianKrebs

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address. Continue reading Experian, You Have Some Explaining to Do→