A Little Sunshine – Page 21 – PossibleThreat Articles

Crafty Web Skimming Domain Spoofs “https”

March 17, 2020 0 Comments .ps, A Little Sunshine, Akamai, cheney bros. inc., content security policy, denis sinegubko, grandwesternsteaks.com, jerome segura, malwarebytes, privacy.com, publicwww, ryan barnett, subresource integrity, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 12 Mar 2020 00:28:57 +0000

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site’s source code: “http[.]ps” (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).

Independent Krebs Security

Hackers Were Inside Citrix for Five Months

February 19, 2020 0 Comments A Little Sunshine, citrix systems, cve-2019-19781, Data Breaches, FBI, shitrix

Credit to Author: BrianKrebs| Date: Wed, 19 Feb 2020 15:55:04 +0000

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

Independent Krebs Security

Encoding Stolen Credit Card Data on Barcodes

February 18, 2020 0 Comments A Little Sunshine, The Coming Storm, U.S. Secret Service

Credit to Author: BrianKrebs| Date: Tue, 18 Feb 2020 18:00:29 +0000

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.

Independent Krebs Security

A Light at the End of Liberty Reserve’s Demise?

February 14, 2020 0 Comments A Little Sunshine, arthur budovsky, irs, liberty reserve, u.s. internal revenue service, u.s. justice department

Credit to Author: BrianKrebs| Date: Fri, 14 Feb 2020 18:48:39 +0000

In May 2013, the U.S. Justice Department seized Liberty Reserve, alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim shortly thereafter to see if and when this process might take place. This week, an investigator with the U.S. Internal Revenue service finally got in touch to discuss my claim.

Independent Krebs Security

When Your Used Car is a Little Too ‘Mobile’

February 5, 2020 0 Comments A Little Sunshine, focus ev, ford, mathew marulla, myfordmobile.com, u.s. federal trade commission

Credit to Author: BrianKrebs| Date: Thu, 06 Feb 2020 00:44:26 +0000

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended.

Independent Krebs Security

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

January 31, 2020 0 Comments A Little Sunshine, ars technica, chad leonard, chris nickerson, coalfire, dallas county, dallas county attorney charles sinnard, dan goodin, gary demercurio, justin wynn, matthew linholm, sen. zach whiting, state sen. amy sinclair, tom mcandrew

Credit to Author: BrianKrebs| Date: Fri, 31 Jan 2020 21:06:18 +0000

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below).

Independent Krebs Security

Apple Addresses iPhone 11 Location Privacy Concern

January 22, 2020 0 Comments A Little Sunshine, Apple, brandon butch, iphone 11, Time to Patch, ultra wideband

Credit to Author: BrianKrebs| Date: Wed, 22 Jan 2020 23:14:48 +0000

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month.

Independent Krebs Security

The Hidden Cost of Ransomware: Wholesale Password Theft

January 6, 2020 0 Comments A Little Sunshine, alex holden, Hold Security, karen christianson, mark schafer, Ransomware, ryuk, sva consulting, The Coming Storm, vcpi

Credit to Author: BrianKrebs| Date: Mon, 06 Jan 2020 18:17:21 +0000

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.

Independent Krebs Security

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

December 16, 2019 0 Comments A Little Sunshine, aqua, aquamo, bugat, dridex, europol, evgeniy mikhailovich bogachev, evil corp, igor “enki” turashev, jabberzeus, luck12345, maksim v. yukabets, money mules, Ne'er-Do-Well News, slavik, target: small businesses, u.s. justice department, u.s. treasury department, zeus trojan

Credit to Author: BrianKrebs| Date: Mon, 16 Dec 2019 14:08:21 +0000

The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “Evil Corp” and stole roughly $100 million from businesses and consumers. As it happens, for several years KrebsOnSecurity closely monitored the day-to-day communications and activities of the accused and his accomplices. What follows is an insider’s look at the back-end operations of this gang.