Krebs – Page 38 – PossibleThreat Articles

Lawmakers Prod FCC to Act on SIM Swapping

January 9, 2020 0 Comments ajit pai, anna eshoo, edward markey, FCC, michael terpin, Nicholas Truglia, ron wyden, sherrod brown, SIM swapping, ted lieu, u.s. federal communications commission, yvette clarke

Credit to Author: BrianKrebs| Date: Thu, 09 Jan 2020 19:44:55 +0000

Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via “SIM swapping,” a particularly invasive form of fraud that involves tricking a target’s mobile carrier into transferring someone’s wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of Senate lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping.

Independent Krebs Security

Tricky Phish Angles for Persistence, Not Passwords

January 7, 2020 0 Comments jeff jones, Latest Warnings, login.microsoftonline.com, michael tyler, microsoft office 365, microsoftonline.com, phishlabs, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2020 21:35:40 +0000

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.

Independent Krebs Security

The Hidden Cost of Ransomware: Wholesale Password Theft

January 6, 2020 0 Comments A Little Sunshine, alex holden, Hold Security, karen christianson, mark schafer, Ransomware, ryuk, sva consulting, The Coming Storm, vcpi

Credit to Author: BrianKrebs| Date: Mon, 06 Jan 2020 18:17:21 +0000

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.

Independent Krebs Security

Happy 10th Birthday, KrebsOnSecurity.com

December 29, 2019 0 Comments other

Credit to Author: BrianKrebs| Date: Mon, 30 Dec 2019 00:49:22 +0000

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, […]

Independent Krebs Security

Ransomware at IT Services Provider Synoptek

December 27, 2019 0 Comments Ransomware, revil, Sodinokibi, synoptek

Credit to Author: BrianKrebs| Date: Sat, 28 Dec 2019 01:49:05 +0000

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible. Irvine, Calif.-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries, including state and local governments, financial services, healthcare, manufacturing, media, retail and software. The company employs nearly a thousand employees and brought in more than $100 million in revenue in the past year.

Independent Krebs Security

Nuclear Bot Author Arrested in Sextortion Case

December 17, 2019 0 Comments augustin inzirillo, leparisien, Ne'er-Do-Well News, nuclear bot, sextortion, tinynuke

Credit to Author: BrianKrebs| Date: Tue, 17 Dec 2019 19:09:10 +0000

Last summer, a wave of sextortion emails began flooding inboxes around the world. The spammers behind this scheme claimed they’d hacked your computer and recorded videos of you watching porn, and promised to release the embarrassing footage to all your contacts unless a bitcoin demand was paid. Now, French authorities say they’ve charged two men they believe are responsible for masterminding this scam. One of them is a 21-year-old hacker interviewed by KrebsOnSecurity in 2017 who openly admitted to authoring a banking trojan called “Nuclear Bot.”

Independent Krebs Security

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

December 16, 2019 0 Comments bleepingcomputer, lawrence abrams, maze ransomware, Ransomware, revil, Sodinokibi, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 17 Dec 2019 02:21:23 +0000

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of acquiescing to their tormentors.

Independent Krebs Security

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

December 16, 2019 0 Comments A Little Sunshine, aqua, aquamo, bugat, dridex, europol, evgeniy mikhailovich bogachev, evil corp, igor “enki” turashev, jabberzeus, luck12345, maksim v. yukabets, money mules, Ne'er-Do-Well News, slavik, target: small businesses, u.s. justice department, u.s. treasury department, zeus trojan

Credit to Author: BrianKrebs| Date: Mon, 16 Dec 2019 14:08:21 +0000

The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “Evil Corp” and stole roughly $100 million from businesses and consumers. As it happens, for several years KrebsOnSecurity closely monitored the day-to-day communications and activities of the accused and his accomplices. What follows is an insider’s look at the back-end operations of this gang.

Independent Krebs Security

The Great $50M African IP Address Heist

December 11, 2019 0 Comments A Little Sunshine, Adconion Direct, afrinic, afriq*access, bill woodcock, eddy kayihura, infoplan, ipv4leasing, itc, jan vermeulen, mybroadband.co.za, packet clearing house, ron guilmette, the african network information centre, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2019 22:31:12 +0000

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.

Independent Krebs Security

CISO MAG Honors KrebsOnSecurity

December 11, 2019 0 Comments ciso mag, other

Credit to Author: BrianKrebs| Date: Tue, 10 Dec 2019 16:46:05 +0000

CISO Magazine, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue.