Latest Warnings – PossibleThreat Articles

Booking.com Phishers May Leave You With Reservations

November 1, 2024 0 Comments A Little Sunshine, booking.com, Latest Warnings, phishing, secureworks, spear phishing, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 01 Nov 2024 21:12:38 +0000

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

Independent Krebs Security

Change Healthcare Breach Hits 100M Americans

October 30, 2024 0 Comments alphv, anthem inc., blackcat, Data Breaches, Equifax, experian, hipaa journal, idx, Latest Warnings, ransomhub, sen. mark warner, sen. ron wyden, The Coming Storm, transunion, u.s. department of health and human resources, united health group

Credit to Author: BrianKrebs| Date: Wed, 30 Oct 2024 13:34:08 +0000

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.

Independent Krebs Security

The Global Surveillance Free-for-All in Mobile Ad Data

October 23, 2024 0 Comments A Little Sunshine, accuweather, adx, android advertising id, app tracking transparency, Apple, associated press, bid request, br24, daniel's law, Electronic Frontier Foundation, eva galperin, fog reveal, gasbuddy, Google, grindr, identifier for advertisers, judge andrew f. wilkinson judicial security act, justin sherman, justyna maloney, Latest Warnings, macy's, maid, mobile advertising id, myfitnesspal, netzpolitik.org, scott maloney, sen. ron wyden, silentpush, tangles, The Coming Storm, troutman pepper, U.S. Securities and Exchange Commission, webloc, zach edwards

Credit to Author: BrianKrebs| Date: Wed, 23 Oct 2024 11:30:18 +0000

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.

Independent Krebs Security

Patch Tuesday, October 2024 Edition

October 8, 2024 0 Comments .net, Adobe, adobe framemaker, adobe substance 3d painter, animate, Apple, Azure, commerce, cve-2024-43572, cve-2024-43573, dimension, elastic security labs, grimresource, immersive labs, incopy, indesign, Latest Warnings, lightroom, macos 15, mshtml, nikolas cemerikic, office, openssh for windows; power bi; windows hyper-v; windows mobile broadband, satnam narang, security tools, sequoia, substance 3d stager, tenable, Time to Patch, visual studio

Credit to Author: BrianKrebs| Date: Tue, 08 Oct 2024 22:21:19 +0000

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools.

Independent Krebs Security

Timeshare Owner? The Mexican Drug Cartels Want You

September 25, 2024 0 Comments A Little Sunshine, Breadcrumbs, constella intelligence, datasur host, escshieldsecurity network, jalisco drug cartel, Latest Warnings, Ne'er-Do-Well News, telemarketing scams, timeshare scams

Credit to Author: BrianKrebs| Date: Wed, 25 Sep 2024 16:26:12 +0000

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Independent Krebs Security

This Windows PowerShell Phish Has Scary Potential

September 19, 2024 0 Comments A Little Sunshine, captcha, github, Latest Warnings, lumma stealer, microsoft powershell, virustotal.com, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 19 Sep 2024 19:39:09 +0000

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Independent Krebs Security

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

September 18, 2024 0 Comments 148.251.54.196, A Little Sunshine, apkdownloadweb, Breadcrumbs, constella intelligence, domaintools, facebook funeral scams, Latest Warnings, mohammod abdullah khondokar, mohammod mehedi hasan, Web Fraud 2.0, webhostbd

Credit to Author: BrianKrebs| Date: Wed, 18 Sep 2024 13:43:51 +0000

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

Independent Krebs Security

Sextortion Scams Now Include Photos of Your Home

September 12, 2024 0 Comments A Little Sunshine, FBI, google maps, Latest Warnings, sextortion, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 03 Sep 2024 15:45:49 +0000

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.

Independent Krebs Security

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

August 27, 2024 0 Comments A Little Sunshine, black lotus labs, bronze silhouette, christopher wray, cve-2024-39717, cybersecurity & infrastructure security agency, federal bureau of investigation, insidious taurus, internet of things (iot), kv-botnet, Latest Warnings, lumen technologies, michael horka, National Security Agency, ryan english, The Coming Storm, u.s. department of justice, versa director 22.1.4, volt typhoon

Credit to Author: BrianKrebs| Date: Tue, 27 Aug 2024 14:26:41 +0000

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Independent Krebs Security

Local Networks Go Global When Domain Names Collide

August 23, 2024 0 Comments A Little Sunshine, active directory, andorra, dns name devolution, Latest Warnings, memphis real-time crime center, memrtcc.ad, mike barlow, mike o'connor, namespace collision, philippe caturegli, seralys, The Coming Storm, Web Fraud 2.0, web proxy auto-discovery protocol, wpad.ad, wpad.dk

Credit to Author: BrianKrebs| Date: Fri, 23 Aug 2024 14:12:31 +0000

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

← Previous