Latest Warnings – Page 4 – PossibleThreat Articles

Okta: Breach Affected All Customer Support Users

November 29, 2023 0 Comments Data Breaches, Latest Warnings, okta breach, The Coming Storm

Credit to Author: BrianKrebs| Date: Wed, 29 Nov 2023 19:41:14 +0000

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Independent Krebs Security

It’s Still Easy for Anyone to Become You at Experian

November 11, 2023 0 Comments A Little Sunshine, experian, identity theft, Latest Warnings, scott anderson

Credit to Author: BrianKrebs| Date: Sat, 11 Nov 2023 17:59:07 +0000

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hijacked, and the only way I could recover access was by recreating the account.

Independent Krebs Security

The Fake Browser Update Scam Gets a Makeover

October 18, 2023 0 Comments A Little Sunshine, binance smart chain, bnb smart chain, clearfake, dusty miller, guardio labs, Latest Warnings, nati tal, oleg zaytsev, randy mceoin, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 18 Oct 2023 14:03:28 +0000

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Independent Krebs Security

Phishers Spoof USPS, 12 Other Natl’ Postal Services

October 9, 2023 0 Comments A Little Sunshine, alibaba, correos.es, dnslytics.com, domaintools, Latest Warnings, poste italiane, posti, postnl, postnord, ua-80133954-3, urlscan.io, usps, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Oct 2023 20:39:43 +0000

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

Independent Krebs Security

Don’t Let Zombie Zoom Links Drag You Down

October 2, 2023 0 Comments A Little Sunshine, charan akiri, Latest Warnings, LinkedIn, The Coming Storm, zoom, zoom personal meeting id

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2023 15:43:34 +0000

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

Independent Krebs Security

U.S. Hacks QakBot, Quietly Removes Botnet Infections

August 29, 2023 0 Comments doj, don alway, FBI, federal bureau of investigation, Latest Warnings, martin estrada, qakbot, Qbot, Ransomware, The Coming Storm, u.s. department of justice

Credit to Author: BrianKrebs| Date: Tue, 29 Aug 2023 18:35:25 +0000

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

Independent Krebs Security

Kroll Employee SIM-Swapped for Crypto Investor Data

August 25, 2023 0 Comments A Little Sunshine, blockfi, Data Breaches, ftx, kroll breach, Latest Warnings, SIM swapping, T-Mobile

Credit to Author: BrianKrebs| Date: Fri, 25 Aug 2023 18:05:10 +0000

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll — the company handling both firms’ bankruptcy restructuring.

Independent Krebs Security

Teach a Man to Phish and He’s Set for Life

August 4, 2023 0 Comments A Little Sunshine, check point software, Latest Warnings, LinkedIn, Microsoft, Microsoft 365, phishing, right to left override, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 04 Aug 2023 13:49:15 +0000

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Independent Krebs Security

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

June 22, 2023 0 Comments A Little Sunshine, adidas, Apple, brian hughes, Latest Warnings, lego, smishing, sms phishing, united parcel service, ups, ups canada ltd., Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Independent Krebs Security

CISA Order Highlights Persistent Risk at Network Edge

June 15, 2023 0 Comments adam boileau, barracuda networks, cisa, cve-2023-27997, cybersecurity and infrastructure security agency, fortinet, fortra, goanywhere, Latest Warnings, mandiant, moveit transfer, patrick gray, progress software, risky business podcast, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2023 15:40:09 +0000

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.