The Coming Storm – Page 3 – WindowsTechs.com

3CX Breach Was a Double Supply Chain Compromise

Posted on April 21, 2023 by BrianKrebs

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks. Continue reading 3CX Breach Was a Double Supply Chain Compromise→

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Posted on April 12, 2023 by BrianKrebs

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs. Continue reading Microsoft (& Apple) Patch Tuesday, April 2023 Edition→

Microsoft Patch Tuesday, March 2023 Edition

Posted on March 15, 2023 by BrianKrebs

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. Continue reading Microsoft Patch Tuesday, March 2023 Edition→

Highlights from the New U.S. Cybersecurity Strategy

Posted on March 3, 2023 by BrianKrebs

The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and names China as the single biggest cyber threat to U.S. interests. Continue reading Highlights from the New U.S. Cybersecurity Strategy→

New Protections for Food Benefits Stolen by Skimmers

Posted on February 17, 2023 by BrianKrebs

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. Continue reading New Protections for Food Benefits Stolen by Skimmers→

New T-Mobile Breach Affects 37 Million Accounts

Posted on January 20, 2023 by BrianKrebs

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Continue reading New T-Mobile Breach Affects 37 Million Accounts→

New Ransom Payment Schemes Target Executives, Telemedicine

Posted on December 8, 2022 by BrianKrebs

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. Continue reading New Ransom Payment Schemes Target Executives, Telemedicine→

ConnectWise Quietly Patches Flaw That Helps Phishers

Posted on December 1, 2022 by BrianKrebs

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks. Continue reading ConnectWise Quietly Patches Flaw That Helps Phishers→

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Posted on November 28, 2022 by BrianKrebs

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices. Continue reading U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer→

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Posted on October 7, 2022 by BrianKrebs

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. Continue reading Report: Big U.S. Banks Are Stiffing Account Takeover Victims→