Krebs – Page 16 – PossibleThreat Articles

Patch Tuesday, October 2023 Edition

October 10, 2023 0 Comments adam barnett, amazon, Apple, CloudFlare, cve-2023-35349, cve-2023-36563, cve-2023-36778, cve-2023-41763, cve-2023-44487, damian menscher, Google, immersive labs, ios 17.0.3, ipados 17.0.3, libvpx, Microsoft, natalie silva, patch tuesday october 2023, rapid reset attack, rapid7, security tools, skype for business, Time to Patch, Windows, wordpad

Credit to Author: BrianKrebs| Date: Tue, 10 Oct 2023 22:51:31 +0000

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

Independent Krebs Security

Phishers Spoof USPS, 12 Other Natl’ Postal Services

October 9, 2023 0 Comments A Little Sunshine, alibaba, correos.es, dnslytics.com, domaintools, Latest Warnings, poste italiane, posti, postnl, postnord, ua-80133954-3, urlscan.io, usps, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Oct 2023 20:39:43 +0000

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

Independent Krebs Security

Don’t Let Zombie Zoom Links Drag You Down

October 2, 2023 0 Comments A Little Sunshine, charan akiri, Latest Warnings, LinkedIn, The Coming Storm, zoom, zoom personal meeting id

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2023 15:43:34 +0000

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

Independent Krebs Security

A Closer Look at the Snatch Data Ransom Group

September 30, 2023 0 Comments Breadcrumbs, cisa, constella intelligence, databreaches.net, FBI, flashpoint, Ne'er-Do-Well News, perchatka, Ransomware, semen7907, semyon tretyakov, snatch ransomware, snatch team, tretyakov-files@yandex.ru

Credit to Author: BrianKrebs| Date: Sat, 30 Sep 2023 19:47:57 +0000

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

Independent Krebs Security

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

September 27, 2023 0 Comments @htmalgae, 8base ransomware, atomicstealer, Breadcrumbs, Data Breaches, domaintools.com, google.com, malwarebytes, microsoft teams, mihail kolesnikov, Ne'er-Do-Well News, Ransomware, rilide, trustwave spiderlabs

Credit to Author: BrianKrebs| Date: Wed, 27 Sep 2023 11:48:37 +0000

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

Independent Krebs Security

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

September 22, 2023 0 Comments A Little Sunshine, Data Breaches, international computer science institute, karim toubba, lastpass breach, nicholas weaver, The Coming Storm, Web Fraud 2.0, wladimir palant

Credit to Author: BrianKrebs| Date: Fri, 22 Sep 2023 23:41:09 +0000

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Independent Krebs Security

Who’s Behind the 8Base Ransomware Website?

September 18, 2023 0 Comments @htmalgae, 8base ransomware, A Little Sunshine, andrei kolev, gitlab, jcube group, Ne'er-Do-Well News, Ransomware, vmware

Credit to Author: BrianKrebs| Date: Tue, 19 Sep 2023 02:12:53 +0000

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.

Independent Krebs Security

FBI Hacker Dropped Stolen Airbus Data on 9/11

September 13, 2023 0 Comments A Little Sunshine, airbus, breachforums, Data Breaches, FBI, genesis market, hudson rock, infragard, Microsoft, redline, The Coming Storm, usdod

Credit to Author: BrianKrebs| Date: Thu, 14 Sep 2023 00:22:05 +0000

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI’s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

Independent Krebs Security

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

September 12, 2023 0 Comments Adobe, Apple, automox, cve-2023-26369, cve-2023-36761, cve-2023-36802, cve-2023-38148, cve-2023-41064, Google, ios 16.16.1, lockdown mode, Microsoft, microsoft patch tuesday september 2023, Microsoft Word, Time to Patch, tom bowyer

Credit to Author: BrianKrebs| Date: Tue, 12 Sep 2023 22:36:01 +0000

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Independent Krebs Security

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

September 5, 2023 0 Comments 1password, A Little Sunshine, adblock plus, ars technica, chainalysis, Data Breaches, karim toubba, lastpass breach, metamask, nicholas weaver, nick bax, plex, taylor monahan, The Coming Storm, unciphered, Web Fraud 2.0, wladimir palant

Credit to Author: BrianKrebs| Date: Wed, 06 Sep 2023 00:21:07 +0000

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.