Independent – Page 67 – PossibleThreat Articles

Conti Ransomware Group Diaries, Part II: The Office

March 2, 2022 0 Comments A Little Sunshine, bentley, bleeping computer, conti, emotet, hof, lawrence abrams, mango, Ne'er-Do-Well News, palo alto networks, Ransomware, reverse, ryuk, stern, The Coming Storm, trickbot

Credit to Author: BrianKrebs| Date: Wed, 02 Mar 2022 17:49:52 +0000

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves.

Independent Krebs Security

Conti Ransomware Group Diaries, Part I: Evasion

March 1, 2022 0 Comments alex holden, alla witte, conti, conti breach, conti ransomware, contileaks, emercoin, emerdns, hof, Hold Security, Ne'er-Do-Well News, Ransomware, revil ransomware, stern, The Coming Storm, trickbot, ukraine

Credit to Author: BrianKrebs| Date: Tue, 01 Mar 2022 20:50:30 +0000

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.

ComputerWorld Independent

In a time of war, it’s important to stay secure

February 28, 2022 0 Comments Apple, Security, small and medium business, Windows

Credit to Author: Susan Bradley| Date: Mon, 28 Feb 2022 06:09:00 -0800

As Russia invaded Ukraine, seeing the disruption in the world occur in near real time on social media brought poignancy to what was happening. While I don’t know anyone in Ukraine, I know many people who have friends or family members that have been impacted by the war. Ukraine has many technology ties around the world. It’s also been a source of cyberattacks, which is why there’s extra concern about what we can do to protect ourselves in case of attack. (Eastern Europe has often been the source of many of the ransomware attacks that occur around the world.)

So what can tech users do to ensure you protect yourself from possible cyberattacks arising from the conflict?

To read this article in full, please click here

ComputerWorld Independent

Behavioral Analytics is getting trickier

February 28, 2022 0 Comments Mobile, Security, small and medium business

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800

Behavioral analytics is one of the best authentication methods around — especially when it’s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn’t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here

Independent Krebs Security

Russia Sanctions May Spark Escalating Cyber Conflict

February 25, 2022 0 Comments Latest Warnings, The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 25 Feb 2022 19:10:04 +0000

President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.

ComputerWorld Independent

Windows is in Moscow’s crosshairs, too

February 25, 2022 0 Comments Security, small and medium business, Windows

Credit to Author: Preston Gralla| Date: Fri, 25 Feb 2022 03:00:00 -0800

Russia telegraphed its intentions to invade Ukraine well ahead of this week’s attack by massing nearly 200,000 soldiers along Ukraine’s borders, and by Vladimir Putin’s increasingly belligerent threats.

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.

“We’ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post in mid-January. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.” In a related technical post detailing how the malware works, Microsoft added: “These systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine.”

To read this article in full, please click here

Independent Krebs Security

IRS: Selfies Now Optional, Biometric Data to Be Deleted

February 22, 2022 0 Comments A Little Sunshine, id.me, internal revenue service, irs, login.gov, sen. ron wyden, u.s. general services administration

Credit to Author: BrianKrebs| Date: Tue, 22 Feb 2022 17:50:33 +0000

The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs the agency’s identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.

Independent Krebs Security

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

February 22, 2022 0 Comments A Little Sunshine, Data Breaches, elad gross, josh renaud, mallory mcgowin, missouri gov. mike parson, missouri highway patrol, shaji khan, st. louis post-dispatch

Credit to Author: BrianKrebs| Date: Tue, 22 Feb 2022 16:18:57 +0000

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they… Read More »

Independent Krebs Security

Red Cross Hack Linked to Iranian Influence Operation?

February 16, 2022 0 Comments Data Breaches, FBI, fireeye, icrc hack, international committee for the red cross, kela, kelvinmiddelkoop@hotmail.com, Ne'er-Do-Well News, RaidForums, Ransomware, red cross and red crescent movement, restoring family links, sheriff, threat_actor, unindicted

Credit to Author: BrianKrebs| Date: Wed, 16 Feb 2022 16:44:19 +0000

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.

Independent Krebs Security

Wazawaka Goes Waka Waka

February 14, 2022 0 Comments #babuk, A Little Sunshine, babuk ransomware, biba99, boriselcin, Cisco Talos, cve-2021-20028, dmitry smilyanets, groove ransom, mikhail pavlovich matveev, Ne'er-Do-Well News, orange, RaidForums, ramp, Ransomware, sonicwall vpn, teresacox19963@gmail.com, tox, verified, washington metropolitan police department, wazawaka

Credit to Author: BrianKrebs| Date: Mon, 14 Feb 2022 18:22:38 +0000

In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”