The Coming Storm
CISA Order Highlights Persistent Risk at Network Edge
BrianKrebs | | Adam Boileau, Barracuda Networks, cisa, CVE-2023-27997, Cybersecurity and Infrastructure Security Agency, Fortinet, Fortra, GoAnywhere, Latest Warnings, Mandiant, MOVEit Transfer, Patrick Gray, Progress Software, risky-business-podcast, The Coming Storm, Time to Patch
The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes ...
Many Public Salesforce Sites are Leaking Private Data
BrianKrebs | | A Little Sunshine, Charan Akiri, DC Health, DC Health Link, Huntington Bank, Latest Warnings, Matthew Jennings, Mike Rupert, Salesforce Community websites, Scott Carbee, TCF Bank, The Coming Storm, Time to Patch, Vermont
A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem ...
3CX Breach Was a Double Supply Chain Compromise
BrianKrebs | | 3CX, A Little Sunshine, ClearSky Security, Diamond Sleet, double supply chain breach, Elastic Security, ESET, ICONICSTEALER, Kaspersky Lab, kim zetter, Latest Warnings, macos, Mandiant, Marc-Etienne M.Leveille, Microsoft, Ne'er-Do-Well News, Peter Kalnai, supply chain, The Coming Storm, Trading Technologies, X_Trader, zero-day, ZINC
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North ...
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
BrianKrebs | | Bharat Jogi, CVE-2022-37969, CVE-2023-28219, CVE-2023-28220, CVE-2023-28252, DBAPPSecurity, Dustin Childs, iOS 15.5.7, iOS/iPadOS 16.4.1, Mandiant, Nokoyawa ransomware, Qualys, Security Tools, The Coming Storm, Time to Patch, Trend Micro Zero Day Initiative, Windows Common Log System File System
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to ...
Microsoft Patch Tuesday, March 2023 Edition
BrianKrebs | | CVE-2023-23397, CVE-2023-24800, Dustin Childs, Immersive Labs, Kevin Breen, Microsoft 365 Apps for Enterprise, Microsoft Patch Tuesday March 2023, rapid7, Security Tools, The Coming Storm, Time to Patch, Windows SmartScreen, Zero Day Initiative
Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe ...
Highlights from the New U.S. Cybersecurity Strategy
BrianKrebs | | A Little Sunshine, Ballistic Ventures, Brian Fox, CHIPS Act, Emotet, Executive Order (EO) 13984, Internet of things, Keith Alexander, National Cyber Investigative Joint Task Force, National Cybersecurity Strategy 2023, Solar Winds breach, Sonatype, Ted Schlein, The Coming Storm
The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard ...
New Protections for Food Benefits Stolen by Skimmers
BrianKrebs | | A Little Sunshine, All About Skimmers, Consolidated Appropriations Act of 2023, Deborah Harris, EBT fraud, EBT skimming, Electronic Benefits Transfer, Homeless Persons Representation Project, Michelle Salomon Madaio, The Coming Storm, The Massachusetts Law Reform Institute, U.S. Department of Agriculture
Millions of Americans receiving food assistance benefits just earned a new right that they can't yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are ...
New T-Mobile Breach Affects 37 Million Accounts
BrianKrebs | | 2023 T-Mobile Breach, Data breaches, Latest Warnings, Optus, t-mobile breach, The Coming Storm
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation ...
New Ransom Payment Schemes Target Executives, Telemedicine
BrianKrebs | | alex holden, CL0P, clop-ransomware, Emsisoft, Fabian Wosar, Hold Security, Ransomware, TA505, The Coming Storm, tripwire, Venus ransomware, Web Fraud 2.0
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare ...
ConnectWise Quietly Patches Flaw That Helps Phishers
BrianKrebs | | A Little Sunshine, ConnectWise Control, Cybir, GoTo, Ken Pyle, lastpass, Latest Warnings, Tarran Street, The Coming Storm
ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over ...