The Coming Storm – Page 8 – WindowsTechs.com

‘Trojan Source’ Bug Threatens the Security of All Code

Posted on November 1, 2021 by BrianKrebs

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Continue reading ‘Trojan Source’ Bug Threatens the Security of All Code→

How Coinbase Phishers Steal One-Time Passwords

Posted on October 13, 2021 by BrianKrebs

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Continue reading How Coinbase Phishers Steal One-Time Passwords→

What Happened to Facebook, Instagram, & WhatsApp?

Posted on October 4, 2021 by BrianKrebs

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online. Continue reading What Happened to Facebook, Instagram, & WhatsApp?→

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Posted on September 10, 2021 by BrianKrebs

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Continue reading KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”→

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Posted on September 8, 2021 by BrianKrebs

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat. Continue reading Microsoft: Attackers Exploiting Windows Zero-Day Flaw→

Wanted: Disgruntled Employees to Deploy Ransomware

Posted on August 19, 2021 by BrianKrebs

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company. Continue reading Wanted: Disgruntled Employees to Deploy Ransomware→

Spike in “Chain Gang” Destructive Attacks on ATMs

Posted on July 9, 2021 by BrianKrebs

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ATM smash-and-grab” and “chain gang” attacks — is rapidly increasing in other states. Continue reading Spike in “Chain Gang” Destructive Attacks on ATMs→

Another 0-Day Looms for Many Western Digital Users

Posted on July 2, 2021 by BrianKrebs

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system. Continue reading Another 0-Day Looms for Many Western Digital Users→

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Posted on July 1, 2021 by BrianKrebs

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month.

Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit. Continue reading Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax→

We Infiltrated a Counterfeit Check Ring! Now What?

Posted on June 30, 2021 by BrianKrebs

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be?

Such is the curse of the fraud fighter known online by the handles “Brianna Ware” and “BWare” for short, a longtime member of a global group of volunteers who’ve infiltrated a cybercrime gang that disseminates fraudulent checks tied to a dizzying number of online scams. Continue reading We Infiltrated a Counterfeit Check Ring! Now What?→