Krebs – Page 24 – PossibleThreat Articles

Hacked Ring Cams Used to Record Swatting Victims

December 19, 2022 0 Comments aspertaine, chumlul, james thomas andrew mccarty, kya christian nelson, Ne'er-Do-Well News, SIM swapping, violence-as-a-service

Credit to Author: BrianKrebs| Date: Tue, 20 Dec 2022 01:24:10 +0000

Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.

Independent Krebs Security

Six Charged in Mass Takedown of DDoS-for-Hire Sites

December 14, 2022 0 Comments DDoS-for-hire, Ne'er-Do-Well News

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 19:58:00 +0000

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Independent Krebs Security

Microsoft Patch Tuesday, December 2022 Edition

December 14, 2022 0 Comments apple zero-day, cve-2022-41076, cve-2022-44698, cve-2022-44710, cve-2022-44713, greg wiseman, immersive labs, kevin breen, Latest Warnings, microsoft patch tuesday december 2022, PowerShell, rapid7, security tools, sophos, Time to Patch, trend micro's zero day initiative, will dormann, Windows

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 17:01:07 +0000

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Independent Krebs Security

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

December 13, 2022 0 Comments A Little Sunshine, breached, Data Breaches, FBI, infragard, pompompurin, RaidForums, usdod, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 13 Dec 2022 23:54:21 +0000

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.

Independent Krebs Security

New Ransom Payment Schemes Target Executives, Telemedicine

December 8, 2022 0 Comments alex holden, cl0p, clop ransomware, emsisoft, fabian wosar, Hold Security, Ransomware, ta505, The Coming Storm, tripwire, venus ransomware, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 08 Dec 2022 18:25:04 +0000

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

Independent Krebs Security

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

December 5, 2022 0 Comments A Little Sunshine, dmitry starovikov, glupteba botnet, Google, halimah delaine prado, igor litvak, Ne'er-Do-Well News, royal hansen, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 05 Dec 2022 19:44:50 +0000

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google’s legal fees.

Independent Krebs Security

ConnectWise Quietly Patches Flaw That Helps Phishers

December 1, 2022 0 Comments A Little Sunshine, connectwise, cybir, goto, ken pyle, lastpass, Latest Warnings, tarran street, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 01 Dec 2022 19:35:11 +0000

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Independent Krebs Security

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

November 28, 2022 0 Comments A Little Sunshine, arello-mobile, army times, constella intelligence, foreign adtech, intelligence authorization act for 2023, Latest Warnings, max konev, national training center, pincer trojan, pushwoosh, reuters, The Coming Storm, u.s. army, yuri shmakov, zach edwards

Credit to Author: BrianKrebs| Date: Mon, 28 Nov 2022 22:08:21 +0000

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

Independent Krebs Security

Researchers Quietly Cracked Zeppelin Ransomware Keys

November 17, 2022 0 Comments A Little Sunshine, cybersecurity & infrastructure security agency, digital ocean, FBI, joel lathrop, lance james, Ransomware, security tools, unit 221b, zeppelin decryptor, zeppelin ransomware

Credit to Author: BrianKrebs| Date: Fri, 18 Nov 2022 02:30:26 +0000

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More »

Independent Krebs Security

Disneyland Malware Team: It’s a Puny World After All

November 16, 2022 0 Comments A Little Sunshine, alex holden, disneyland team, gozi trojan, Hold Security, Ne'er-Do-Well News, Web Fraud 2.0, web injects

Credit to Author: BrianKrebs| Date: Wed, 16 Nov 2022 17:32:00 +0000

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.