article thumbnail

Microsoft Patch Tuesday, May 2022 Edition

Krebs on Security

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild.

article thumbnail

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile 336
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security

This latest MSDT bug — CVE-2022-34713 — is a remote code execution flaw that requires convincing a target to open a booby-trapped file, such as an Office document. Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743. The CVSS for this vulnerability is 8.8.”

article thumbnail

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

eSecurity Planet

The attackers, identified as TGR-UNK-0011, or JavaGhost, leverage exposed AWS credentials to gain access to cloud accounts and use legitimate services like Amazon Simple Email Service (SES) and WorkMail to distribute phishing messages. Setting up SES and WorkMail accounts to send phishing emails that appear legitimate.

article thumbnail

Microsoft Patch Tuesday, July 2022 Edition

Krebs on Security

The company said it would roll out the changes in stages between April and June 2022. The zero-day Windows vulnerability already seeing active attacks is CVE-2022-22047 , which is an elevation of privilege vulnerability in all supported versions of Windows.

Internet 269
article thumbnail

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. The next day, half of those profiles no longer existed.

article thumbnail

Twitter Exposes Personal Information for 5.4 Million Accounts

Schneier on Security

million accounts. In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. This includes anonymous accounts.