Independent – Page 58 – PossibleThreat Articles

Ransomware Group Debuts Searchable Victim Data

June 14, 2022 0 Comments A Little Sunshine, alphv ransomware, blackcat ransomware, brett callow, emsisoft, Ransomware, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 14 Jun 2022 19:53:12 +0000

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form.

Independent Krebs Security

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

June 13, 2022 0 Comments ampnode, booter, DDoS-for-hire, downthem, juan "severon" martinez, matthew gatrel, Ne'er-Do-Well News, stresser

Credit to Author: BrianKrebs| Date: Tue, 14 Jun 2022 00:09:09 +0000

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.

ComputerWorld Independent

Before Patch Tuesday, a to-do list to avoid trouble

June 13, 2022 0 Comments Microsoft, Security, small and medium business, Windows

Credit to Author: Susan Bradley| Date: Mon, 13 Jun 2022 10:11:00 -0700

You could call today Patch-Tuesday Eve. It’s the day before Windows machines get offered updates from Microsoft. What should you be doing to prepare?

It depends on what kind of computer user you are.

If your files are stored in the cloud

You keep everything in the cloud, you use a Microsoft account, you don’t mind reinstalling your OS if need be. Your data is protected by a username and a password, and if you are savvy, your data is protected by two-factor authentication.

Prior to Patch Tuesday, you might decide you don’t need to back up your computer system since you know if something happens to your computer, you can reinstall the operating system and merely reconnect to your various online storage services. You’ve double-checked that all cloud services you use have file versioning enabled, so if you need to roll back to a prior version of a file, you can do so.

To read this article in full, please click here

Independent Krebs Security

Adconion Execs Plead Guilty in Federal Anti-Spam Case

June 10, 2022 0 Comments A Little Sunshine, Adconion Direct, afrinic, Amobee, ARIN, can-spam act, Daniel Dye, inspiring networks, Jacob Bychak, maikel uerlings, Mark Manoogian, Media Breakaway, Micfo, Mohammed Abdul Qayyum, mybroadband.co.za, Ne'er-Do-Well News, Optinrealbig, Petr Pacas, Scott Richter

Credit to Author: BrianKrebs| Date: Sat, 11 Jun 2022 00:04:22 +0000

On the eve of their federal criminal trial for allegedly stealing vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct have agreed to plead guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

ComputerWorld Independent

WWDC: Apple, Cloudflare, Fastly plot the end of CAPTCHA

June 10, 2022 0 Comments Apple, Internet, iOS, MacOS, Security

Credit to Author: Jonny Evans| Date: Fri, 10 Jun 2022 08:59:00 -0700

Apple took several steps toward a password-free future at its Worldwide Developer Conference, but another component of its strategy will be to replace CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) with a more private solution.

Introducing: Private Access Tokens

Apple is working with Cloudflare (with whom most think it developed the tech behind iCloud Private Relay). It is also working with Google and Fastly to deploy a standardized alternative to CAPTCHA called Private Access Tokens.

To read this article in full, please click here

ComputerWorld Independent

Microsoft commits to ban non-competes and increase pay transparency in the US

June 9, 2022 0 Comments employee protection, it jobs, Microsoft, Technology Industry

Credit to Author: Charlotte Trueman| Date: Thu, 09 Jun 2022 04:21:00 -0700

Microsoft has launched four new employee workforce initiatives aimed at creating a more transparent workplace culture, including the banning of non-compete clauses in contracts and a commitment to improved pay transparency.

The four commitments have been categorized by Microsoft as:

Empowering employee mobility
Fostering a safe space for concerns
Increasing pay transparency
Conducting a civil rights audit

The new policies aim to address concerns raised by employees that current non-compete obligations are being used as a forced retention tactic. Consequently, the company will be removing non-compete clauses from US employee agreements and will not enforce existing clauses for workers outside of Microsoft’s senior leadership team.

To read this article in full, please click here

Independent Krebs Security

KrebsOnSecurity in New Netflix Series on Cybercrime

June 7, 2022 0 Comments Netflix, SWATting, Web Fraud 2.0, web of make believe and lies

Credit to Author: BrianKrebs| Date: Tue, 07 Jun 2022 14:58:56 +0000

Netflix has a new documentary series airing next week — “Web of Make Believe: Death, Lies & the Internet” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “swatting” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

ComputerWorld Independent

WWDC22: Apple brings declarative device management to the Mac?

June 6, 2022 0 Comments Apple, MacOS, mobile device management, Operating Systems, Security, Software Development

Credit to Author: Jonny Evans| Date: Mon, 06 Jun 2022 08:11:00 -0700

More opportunities for engineers and developers to implement declarative device management solutions are likely to emerge at WWDC 2022, at least, according to MacAdmins.

Speaking during the pre-event podcast, speakers argue that Apple will eventually require that all mobile device management (MDM) providers introduce support for declarative management. Might this include bringing declarative device management to the Mac?

What is declarative device management?

Apple first introduced declarative device management last year, largely for two reasons: to make devices more proactive, and to reduce the impact on MDM servers that handle large fleets of devices. This should boost performance and scalability.

To read this article in full, please click here

ComputerWorld Independent

After a Windows update, what should you expect?

June 6, 2022 0 Comments Microsoft, Security, small and medium business, Windows

Credit to Author: Susan Bradley| Date: Mon, 06 Jun 2022 05:17:00 -0700

Let’s get this straight: It’s not normal for a Windows update to remove software. It’s designed to install the update, not change software already in place on your system.

At least, updates are not supposed to remove software. Since March, however, if you run the RDgateway broker service on Server 2022 (and only that version), the monthly cumulative updates have removed that service. This behavior is not normal; this is a bug.

As Microsoft notes in the Microsoft 365 Admin dashboard: “We have received reports that after installing KB5005575 or later updates on Windows Server 2022 Standard Edition, Remote Desktop Services Connection Broker role and supporting services might be removed unexpectedly. We have expedited investigation and are working on a resolution. Note: Windows Server 2022 Datacenter edition and other versions of Windows Server are not affected by this issue.”

To read this article in full, please click here

Independent Krebs Security

What Counts as “Good Faith Security Research?”

June 3, 2022 0 Comments A Little Sunshine, Computer Fraud and Abuse Act, Department of Justice, deputy attorney general lisa o. monaco, digital millennium copyright act, good faith security research, orin kerr, university of california berkley, van buren v. united states

Credit to Author: BrianKrebs| Date: Fri, 03 Jun 2022 19:33:03 +0000

The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.