Krebs – PossibleThreat Articles

Teen on Musk’s DOGE Team Graduated from ‘The Com’

February 7, 2025 0 Comments A Little Sunshine, as400495, backconnect security llc, curtis gervais, diamondcdn, director of national intelligence, doge, dstat, edward coristine, elon musk, eric taylor, marshal webb, Ne'er-Do-Well News, neuralink, packetware, path networks, president trump, rivage, tesla sexy llc, the com, The Coming Storm, tucker preston, wired

Credit to Author: BrianKrebs| Date: Sat, 08 Feb 2025 00:32:53 +0000

Wired reported this week that a 19-year-old working for Elon Musk’s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a former denizen of ‘The Com,’ an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.

Independent Krebs Security

Experts Flag Security, Privacy Risks in DeepSeek AI App

February 6, 2025 0 Comments A Little Sunshine, andrew hoog, app transport security, Apple, Artificial intelligence, bytedance, china, deepseek, deepseek ai, iOS, Latest Warnings, nowsecure, The Coming Storm, volcengine

Credit to Author: BrianKrebs| Date: Thu, 06 Feb 2025 21:12:30 +0000

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks.

Independent Krebs Security

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

February 4, 2025 0 Comments 1337 services gmbh, A Little Sunshine, as210558, Breadcrumbs, constella intelligence, cracked, domaintools, dreamdrive gmbh, finn alexander grimpe, finn@shoppy.gg, finndev, florian, florian marzahl, hrb 164175, intel 471, lucas sohn, northdata.com, nulled, olivia.messla@outlook.de, operation talent, sellix, shoppy ecommerce ltd, starkrdp

Credit to Author: BrianKrebs| Date: Tue, 04 Feb 2025 17:09:16 +0000

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums.

Independent Krebs Security

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

January 31, 2025 0 Comments A Little Sunshine, bec fraud, Breadcrumbs, business email compromise, cracked, domaintools, dutch national police, FBI, fudco, fudpage, fudtools, heartsender, Ne'er-Do-Well News, operation talent, saim raza, sellix, the manipulaters, u.s. department of justice, wecodesolutions

Credit to Author: BrianKrebs| Date: Fri, 31 Jan 2025 18:35:32 +0000

The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

Independent Krebs Security

Infrastructure Laundering: Blending in with the Cloud

January 30, 2025 0 Comments A Little Sunshine, acb group, amazon aws, anjie cdn, crowell & moring llp, fangneng cdn, funnull, infrastructure laundering, Microsoft Azure, Ne'er-Do-Well News, netscout, noname057(16), polyfill, richard hummel, silent push, suncity group, Time to Patch, u.s. department of commerce, Web Fraud 2.0, zach edwards

Credit to Author: BrianKrebs| Date: Thu, 30 Jan 2025 17:10:08 +0000

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “Funnull” — highlights a persistent whac-a-mole problem facing cloud services.

Independent Krebs Security

A Tumultuous Week for Federal Cybersecurity Efforts

January 27, 2025 0 Comments A Little Sunshine, alfa bank, david sacks, house judiciary committee's select subcommittee on the weaponization of the federal government, jack goldsmith, joe hall, john durham, lawfare, melania trump, michael sussman, president trump, quinta jurecic, rep. jim jordan, The Coming Storm, united states council on transnational organized crime, world liberty financial

Credit to Author: BrianKrebs| Date: Tue, 28 Jan 2025 02:50:10 +0000

President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a Biden administration action that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security.

Independent Krebs Security

MasterCard DNS Error Went Unnoticed for Years

January 22, 2025 0 Comments A Little Sunshine, akam.ne, akam.net, Akamai, awsdns-06.ne, az.mastercard.com, Azure, bugcrowd, CloudFlare, Google, how to break into security, mastercard, philippe caturegli, seralys

Credit to Author: BrianKrebs| Date: Wed, 22 Jan 2025 15:24:41 +0000

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.

Independent Krebs Security

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

January 16, 2025 0 Comments @chenlun, A Little Sunshine, csis security group, ezdrivema, FBI, ford merrill, IC3, imessage, Latest Warnings, lighthouse, massdot, north texas toll authority, rcs, secalliance, smishing, sms phishing, sunpass, the toll roads, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 16 Jan 2025 21:18:48 +0000

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Independent Krebs Security

Microsoft: Happy 2025. Here’s 161 Security Updates

January 14, 2025 0 Comments adam barnett, bitlocker, bob hopkins, cve-2024-49142, cve-2025-21186, cve-2025-21210, cve-2025-21298, cve-2025-21311, cve-2025-21333, cve-2025-21334, cve-2025-21335, cve-2025-21366, cve-2025-21395, kev breen, Latest Warnings, microsoft access, microsoft patch tuesday january 2025, rapid7, satnam narang, The Coming Storm, Time to Patch, unpatched.ai, windows 11, windows hyper-v, windows ntlmv1

Credit to Author: BrianKrebs| Date: Tue, 14 Jan 2025 22:50:00 +0000

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Independent Krebs Security

A Day in the Life of a Prolific Voice Phishing Crew

January 7, 2025 0 Comments 800-275-2273, A Little Sunshine, allison nixon, aristotle, autodoxers, Coinbase, crypto chameleon, discord, domaintools, Latest Warnings, lookout, mark cuban, okta, perm, shark tank, star fraud, stotle, telegram, The Coming Storm, trezor, unit 221b, voice phishing, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2025 23:41:53 +0000

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

← Previous