Krebs – Page 2 – PossibleThreat Articles

Thread Hijacking: Phishes That Prey on Your Curiosity

April 15, 2024 0 Comments A Little Sunshine, adam kidan, brett sholtis, empire workforce solutions, lancasteronline.com, Latest Warnings, multi-persona phishing, Ne'er-Do-Well News, phishing, proofpoint, ryan kalember, thread hijacking, tom murse, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 28 Mar 2024 23:56:13 +0000

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Independent Krebs Security

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

April 15, 2024 0 Comments A Little Sunshine, Apple, apple recovery key, kishan bagaria, Latest Warnings, mfa bombing, mfa fatigue, parth patel, peopledatalabs, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 26 Mar 2024 15:37:54 +0000

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Independent Krebs Security

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

March 22, 2024 0 Comments A Little Sunshine, dimitiri shelest, firefox, firefox monitor, haveibeenpwned, haveibeenpwned.com, Mozilla Foundation, mozilla monitor, Ne'er-Do-Well News, nuwber, onerep, spamit, troy hunt, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 22 Mar 2024 19:02:41 +0000

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Independent Krebs Security

The Not-so-True People-Search Network from China

March 20, 2024 0 Comments A Little Sunshine, alibaba cloud, alina clark, beenverified, Breadcrumbs, cocodoc, cocofinder, cocosign, domaintools.com, eden cheng, fastpeoplesearch, findpeoplefast, forbes.com, h.i.g. capital, harriet chan, instant checkmate, intelius, marilyn gaskell, neighborwho, numberguru, onerep, ownerly, peopleconnect inc., peoplefinderfree, peoplelooker, peoplesmart, radaris, ross cohen, sally stevens, shenzhen duiyun technology co, spokeo, stephen curry, the lifetime value co., truepeoplesearch, truthfinder, u.s. federal trade commission

Credit to Author: BrianKrebs| Date: Thu, 21 Mar 2024 03:18:26 +0000

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Independent Krebs Security

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

March 14, 2024 0 Comments 375-292-7027-786, A Little Sunshine, ahavoila.com, azersab.com, Breadcrumbs, constella intelligence, constella.ai, d.sh@nuwber.com, dimitri shelest, dmitrcox@gmail.com, findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, nuwber.at, nuwber.ch, nuwber.dk, nuwber.fr, onerep.com, peeepl.br.com, peeepl.co.uk, peeepl.in, peeepl.it, peepull.com, permanente medicine, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke.com, pplcrwlr.dk, pplcrwlr.fr, pplcrwlr.in, pplcrwlr.jp, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, viadin.ca, viadin.com, viadin.de, viadin.hk, waatp1.fr, waatpp.de, webmeek.com

Credit to Author: BrianKrebs| Date: Thu, 14 Mar 2024 21:13:38 +0000

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.

Independent Krebs Security

Patch Tuesday, March 2024 Edition

March 12, 2024 0 Comments adobe acrobat, adobe ai assistant, adobe animate, adobe bridge, adobe experience manager, adobe premier pro, automox, coldfusion 2023 and 2021, cve-2024-21334, cve-2024-21390, cve-2024-21433, cve-2024-21435, cve-2024-21437, cve-2024-23225, cve-2024-23296, cve-2024-26170, cve-2024-26182, immersive labs, ios 16.7.6, ios 17.4, ipados 17.4, jason kitka, kevin breen, lightroom, Microsoft Authenticator, Microsoft Azure, satnam narang, security tools, tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 12 Mar 2024 20:36:33 +0000

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

Independent Krebs Security

Incognito Darknet Market Mass-Extorts Buyers, Sellers

March 11, 2024 0 Comments A Little Sunshine, brett johnson, double extortion, exit scam, incognito market, Ne'er-Do-Well News, shadowcrew, The Coming Storm

Credit to Author: BrianKrebs| Date: Mon, 11 Mar 2024 16:19:36 +0000

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Independent Krebs Security

A Close Up Look at the Consumer Data Broker Radaris

March 8, 2024 0 Comments affiliate.ru, american russian media inc., arrestfacts.com, atlas data privacy corp., bitseller expert ltd, bizstanding.com, Breadcrumbs, centeda.com, channel one, clubset.com, consumer reporting agencies, daniel's law, dating factory, difive.com, dmitry lybarsky, epop@comby.com, fact magazine, fair credit reporting act, gary nard, gary norden, gary@barksy.com, gary1@eprofit.com, homeflock.com, homemetry.com, igor lybarsky, instantcheckmate.com, kworld.com, newenglandfacts.com, ntv, persontrust.com, projectlab.com, pub360.com, publicreports.com, radaris.com, radaris.ru, rehold.com, rosconcert.com, trustoria.com, truthfinder, u.s. department of justice, u.s. federal communications commission, u.s. federal trade commission, unipoint technology inc., virtory.com

Credit to Author: BrianKrebs| Date: Fri, 08 Mar 2024 13:02:48 +0000

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the co-founders of Radaris operate multiple Russian-language dating services and affiliate programs. It also appears many of their businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.

Independent Krebs Security

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

March 5, 2024 0 Comments A Little Sunshine, alphv ransomware, blackcat ransomware, change healthcare, Data Breaches, dmitry smilyanets, emsisoft, fabian wosar, FBI, lockbit, nca, optum, ramp, Ransomware, recorded future, wired.com

Credit to Author: BrianKrebs| Date: Wed, 06 Mar 2024 00:22:56 +0000

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV”) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data that Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely.

Independent Krebs Security

Fulton County, Security Experts Call LockBit’s Bluff

February 29, 2024 0 Comments A Little Sunshine, brett callow, Data Breaches, emsisoft, FBI, fulton county hack, lockbit, lockbitsupp, nca, Ransomware, redsense, robb pitts

Credit to Author: BrianKrebs| Date: Thu, 29 Feb 2024 22:18:54 +0000

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. Instead, LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming county officials had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement.