Latest Warnings – Page 5 – PossibleThreat Articles

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

June 8, 2023 0 Comments barracuda networks, caitlin condon, cve-2023-2868, email security gateway, international computer science institute, Latest Warnings, mandiant, nicholas weaver, rapid7, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Independent Krebs Security

Discord Admins Hacked by Malicious Bookmarks

May 30, 2023 0 Comments aura network, berk yilmaz, bookmarklets, Breadcrumbs, Latest Warnings, levatax, metrixcoin, nahmii, nicholas scavuzzo, ocean protocol, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 31 May 2023 00:19:17 +0000

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.

Independent Krebs Security

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

May 2, 2023 0 Comments Breadcrumbs, farmer's market, federaljobscenter.com, gary plott, Latest Warnings, muhammed tabish mirza, nextlevelsupportcenters, postal career placement llc, postal job services inc., postal operations inc., russell ramage, ryan rawls, smart logistics, stephanie dayton, tab.webcoder@gmail.com, u.s. federal trade commission, united states postal service, us job services, usps, usps jobs

Credit to Author: BrianKrebs| Date: Tue, 02 May 2023 22:08:35 +0000

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016.

Independent Krebs Security

Many Public Salesforce Sites are Leaking Private Data

April 27, 2023 0 Comments A Little Sunshine, charan akiri, dc health, dc health link, huntington bank, Latest Warnings, matthew jennings, mike rupert, salesforce community websites, scott carbee, tcf bank, The Coming Storm, Time to Patch, Vermont

Credit to Author: BrianKrebs| Date: Fri, 28 Apr 2023 02:09:56 +0000

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Independent Krebs Security

3CX Breach Was a Double Supply Chain Compromise

April 24, 2023 0 Comments 3cx, A Little Sunshine, clearsky security, diamond sleet, double supply chain breach, elastic security, eset, iconicstealer, kaspersky lab, kim zetter, Latest Warnings, MacOS, mandiant, marc-etienne m.leveille, Microsoft, Ne'er-Do-Well News, peter kalnai, supply chain, The Coming Storm, trading technologies, x_trader, zero day, zinc

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Independent Krebs Security

Why is ‘Juice Jacking’ Suddenly Back in the News?

April 14, 2023 0 Comments A Little Sunshine, aries security, brian markus, Defcon, FBI, FCC, juice jacking, Latest Warnings, omg cable, security tools, snopes

Credit to Author: BrianKrebs| Date: Fri, 14 Apr 2023 20:27:56 +0000

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “juice jacking,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.

Independent Krebs Security

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

March 22, 2023 0 Comments A Little Sunshine, breachforums, bytedance, darknavy, Data Breaches, Google, Latest Warnings, liu huafang, pdd holdings, pinduoduo, Project Zero, temu, TikTok, Web Fraud 2.0, weibo

Credit to Author: BrianKrebs| Date: Wed, 22 Mar 2023 23:11:08 +0000

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

Independent Krebs Security

Microsoft Patch Tuesday, February 2023 Edition

February 14, 2023 0 Comments cve-2023-21529, cve-2023-21706, cve-2023-21707, cve-2023-21715, cve-2023-21716, cve-2023-21823, cve-2023-23376, dustin childs, immersive labs, internet explorer 11, johannes ullrich, kevin breen, Latest Warnings, mandiant, Microsoft Office, microsoft patch tuesday february 2023, sans internet storm center, security tools, Time to Patch, trend micro zero day initiative

Credit to Author: BrianKrebs| Date: Tue, 14 Feb 2023 21:01:41 +0000

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks.

Independent Krebs Security

New T-Mobile Breach Affects 37 Million Accounts

January 19, 2023 0 Comments 2023 t-mobile breach, Data Breaches, Latest Warnings, optus, t-mobile breach, The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 20 Jan 2023 04:09:22 +0000

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Independent Krebs Security

Microsoft Patch Tuesday, January 2023 Edition

January 10, 2023 0 Comments cve-2023-21563, cve-2023-21674, cve-2023-21678, cve-2023-21743, cve-2023-21745, cve-2023-21762, dustin childs, Latest Warnings, microsoft bitlocker, satnam narang, security tools, tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 10 Jan 2023 22:28:55 +0000

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.