A Little Sunshine – Page 13 – PossibleThreat Articles

3CX Breach Was a Double Supply Chain Compromise

April 24, 2023 0 Comments 3cx, A Little Sunshine, clearsky security, diamond sleet, double supply chain breach, elastic security, eset, iconicstealer, kaspersky lab, kim zetter, Latest Warnings, MacOS, mandiant, marc-etienne m.leveille, Microsoft, Ne'er-Do-Well News, peter kalnai, supply chain, The Coming Storm, trading technologies, x_trader, zero day, zinc

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Independent Krebs Security

Why is ‘Juice Jacking’ Suddenly Back in the News?

April 14, 2023 0 Comments A Little Sunshine, aries security, brian markus, Defcon, FBI, FCC, juice jacking, Latest Warnings, omg cable, security tools, snopes

Credit to Author: BrianKrebs| Date: Fri, 14 Apr 2023 20:27:56 +0000

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “juice jacking,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.

Independent Krebs Security

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

April 4, 2023 0 Comments A Little Sunshine, FBI, flashpoint, genesis market, genesis security, intel 471, u.s. district court for the eastern district of wisconsin

Credit to Author: BrianKrebs| Date: Tue, 04 Apr 2023 21:04:11 +0000

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

Independent Krebs Security

A Serial Tech Investment Scammer Takes Up Coding?

April 3, 2023 0 Comments A Little Sunshine, alan john mykhailov, blackstone corporate alliance ltd, Breadcrumbs, codestoyou, colette davies, david bruno, domaintools.com, drydennow.com, igor gubskyi, igor hubskyi, iryna davies, john bernard, john clifton davies, maria yakovleva, mariya kulikova, mysolve, Ne'er-Do-Well News, safeswiss secure communication ag, secure swiss data, the inside knowledge gmbh

Credit to Author: BrianKrebs| Date: Mon, 03 Apr 2023 16:13:42 +0000

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “CodesToYou,” which purports to be a “full cycle software development company” based in the U.K.

Independent Krebs Security

UK Sets Up Fake Booter Sites To Muddy DDoS Market

March 28, 2023 0 Comments A Little Sunshine, booter, DDoS-for-hire, national crime agency, operation power off, stresser, u.s. department of justice, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Mar 2023 17:26:07 +0000

The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

Independent Krebs Security

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

March 22, 2023 0 Comments A Little Sunshine, breachforums, bytedance, darknavy, Data Breaches, Google, Latest Warnings, liu huafang, pdd holdings, pinduoduo, Project Zero, temu, TikTok, Web Fraud 2.0, weibo

Credit to Author: BrianKrebs| Date: Wed, 22 Mar 2023 23:11:08 +0000

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

Independent Krebs Security

Why You Should Opt Out of Sharing Data With Your Mobile Provider

March 20, 2023 0 Comments A Little Sunshine, AT&T, CCPA, cpni, custom experience plus, customer proprietary network information, Data Breaches, Electronic Privacy Information Center, enhanced relevant advertising program, FCC, Federal Communications Commission, gavin wright, maids, mashable, mobile advertising ids, T-Mobile, techtarget, verizon, verizon custom experience plus, verizon selects, Verizon Wireless

Credit to Author: BrianKrebs| Date: Mon, 20 Mar 2023 14:47:56 +0000

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like “What the heck is CPNI?” And, ‘If it’s so ‘customer proprietary,’ why is AT&T sharing it with marketers?” Also maybe, “What can I do about it?” Read on for answers to all three questions.

Independent Krebs Security

Feds Charge NY Man as BreachForums Boss “Pompompurin”

March 17, 2023 0 Comments A Little Sunshine, breachforums, conor brian fitzpatrick, dc health link, FBI, john langmire, Ne'er-Do-Well News, pompompurin

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2023 23:39:22 +0000

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.

Independent Krebs Security

Two U.S. Men Charged in 2022 Hacking of DEA Portal

March 14, 2023 0 Comments A Little Sunshine, convict, Data Breaches, doxbin, emergency data request, kt, Ne'er-Do-Well News, nicholas ceraolo, ominus, phobia, ryan stevenson, sagar steven singh, u.s. drug enforcement agency, vile, Web Fraud 2.0, weep

Credit to Author: BrianKrebs| Date: Wed, 15 Mar 2023 01:25:20 +0000

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

Independent Krebs Security

Who’s Behind the NetWire Remote Access Trojan?

March 9, 2023 0 Comments A Little Sunshine, Breadcrumbs, constella intelligence, domaintools, dugidox, FBI, mario zanko, Ne'er-Do-Well News, netwire rat

Credit to Author: BrianKrebs| Date: Thu, 09 Mar 2023 18:52:25 +0000

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.