Krebs – Page 36 – PossibleThreat Articles

The Case for Limiting Your Browser Extensions

March 3, 2020 0 Comments 212b3d4039ab5319ec.js, blue shield of california, Breadcrumbs, cndpps, domaintools.com, frankomedison1020@gmail.com, icontent, linkojager, metrext, monetizus, page ruler extension, peter newnham, thisadsfor

Credit to Author: BrianKrebs| Date: Tue, 03 Mar 2020 15:39:53 +0000

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.

Independent Krebs Security

French Firms Rocked by Kasbah Hacker?

March 2, 2020 0 Comments +212611604438, 4iq.com, Breadcrumbs, domaintools.com, fatal.001, fatalw01, Hyas, hyas.com, ing.equipepro@gmail.com, njRAT, sasha angus, talainine.com, yamosoft, yassine algangaf, yassine majidi

Credit to Author: BrianKrebs| Date: Mon, 02 Mar 2020 18:07:16 +0000

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. The individual thought to be involved has earned accolades from the likes of Apple, Dell, and Microsoft for helping to find and fix security vulnerabilities in their products.

Independent Krebs Security

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

February 28, 2020 0 Comments FCC, Federal Communications Commission, georgetown law institute for technology law and policy, Gigi Sohn, joseph cox, new york times, securus technologies, sen. ron wyden, The Coming Storm, vice.com, wall street journal

Credit to Author: BrianKrebs| Date: Fri, 28 Feb 2020 22:12:10 +0000

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data.

Independent Krebs Security

Zyxel 0day Affects its Firewall Products, Too

February 26, 2020 0 Comments 0day, alex holden, Latest Warnings, Time to Patch, zero day, zyxel

Credit to Author: BrianKrebs| Date: Wed, 26 Feb 2020 14:43:31 +0000

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Independent Krebs Security

Zyxel Fixes 0day in Network Storage Devices

February 24, 2020 0 Comments 0day, 500mhz, alex holden, cert coordination center, cert/cc, cve-2020-9054, dhs, emotet, Hold Security, Latest Warnings, Ransomware, The Coming Storm, Time to Patch, zero day, zyxel communications corp.

Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

Independent Krebs Security

Hackers Were Inside Citrix for Five Months

February 19, 2020 0 Comments A Little Sunshine, citrix systems, cve-2019-19781, Data Breaches, FBI, shitrix

Credit to Author: BrianKrebs| Date: Wed, 19 Feb 2020 15:55:04 +0000

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

Independent Krebs Security

Encoding Stolen Credit Card Data on Barcodes

February 18, 2020 0 Comments A Little Sunshine, The Coming Storm, U.S. Secret Service

Credit to Author: BrianKrebs| Date: Tue, 18 Feb 2020 18:00:29 +0000

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.

Independent Krebs Security

A Light at the End of Liberty Reserve’s Demise?

February 14, 2020 0 Comments A Little Sunshine, arthur budovsky, irs, liberty reserve, u.s. internal revenue service, u.s. justice department

Credit to Author: BrianKrebs| Date: Fri, 14 Feb 2020 18:48:39 +0000

In May 2013, the U.S. Justice Department seized Liberty Reserve, alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim shortly thereafter to see if and when this process might take place. This week, an investigator with the U.S. Internal Revenue service finally got in touch to discuss my claim.

Independent Krebs Security

Microsoft Patch Tuesday, February 2020 Edition

February 11, 2020 0 Comments alan liska, cve-2019-1280, cve-2020-0618, cve-2020-0674, cve-2020-0688, jimmy graham, microsoft patch tuesday february 2020, Qualys, recorded future, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 11 Feb 2020 23:13:57 +0000

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.