Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a […]
Category Archives: Latest Warnings
Auto Added by WPeMatico
.top, A Little Sunshine, Anti-Phishing Working Group, Dave Piscitello, Interisle Consulting Group, Internet Corporation for Assigned Names and Numbers, Jiangsu Bangning Science & Technology Co. Ltd, Krebs, Latest Warnings, News, Security, The Coming Storm
Phish-Friendly Domain Registry “.top” Put on Notice
23
Jul
Jul
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top […]
19
Jul
Jul
A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be […]
15
Jul
Jul
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, […]
A Little Sunshine, Advance Auto Parts, Allstate, Anheuser-Busch, AT&T breach, Data Breaches, fbi, Krebs, Latest Warnings, Los Angeles Unified, Mitsubishi, Neiman Marcus, News, Progressive, Pure Storage, Santander Bank, Security, Snowflake hack, State Farm, Techcrunch, Ticketmaster, U.S. Securities and Exchange Commission, wired
Hackers Steal Phone, SMS Records for Nearly All AT&T Customers
12
Jul
Jul
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be […]
21
May
May
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — […]
A Little Sunshine, Bill Woodcock, Dani Cronce, DHCP option 121, DHCP starvation attack, Dynamic Host Control Protocol, John Kristoff, Krebs, Latest Warnings, Leviathan Security, Lizzie Moratti, News, Packet Clearing House, Security, The Coming Storm, Web Fraud 2.0
Why Your VPN May Not Be As Secure As It Claims
06
May
May
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by […]
15
Apr
Apr
The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, […]
04
Apr
Apr
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses […]
A Little Sunshine, Adam Kidan, Brett Sholtis, Empire Workforce Solutions, Krebs, LancasterOnline.com, Latest Warnings, multi-persona phishing, Ne'er-Do-Well News, News, phishing, proofpoint, Ryan Kalember, Security, thread hijacking, Tom Murse, Web Fraud 2.0
Thread Hijacking: Phishes That Prey on Your Curiosity
28
Mar
Mar
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s […]