Latest Warnings – Page 4 – PossibleThreat Articles

The Fake Browser Update Scam Gets a Makeover

October 18, 2023 0 Comments A Little Sunshine, binance smart chain, bnb smart chain, clearfake, dusty miller, guardio labs, Latest Warnings, nati tal, oleg zaytsev, randy mceoin, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 18 Oct 2023 14:03:28 +0000

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Independent Krebs Security

Phishers Spoof USPS, 12 Other Natl’ Postal Services

October 9, 2023 0 Comments A Little Sunshine, alibaba, correos.es, dnslytics.com, domaintools, Latest Warnings, poste italiane, posti, postnl, postnord, ua-80133954-3, urlscan.io, usps, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Oct 2023 20:39:43 +0000

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

Independent Krebs Security

Don’t Let Zombie Zoom Links Drag You Down

October 2, 2023 0 Comments A Little Sunshine, charan akiri, Latest Warnings, LinkedIn, The Coming Storm, zoom, zoom personal meeting id

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2023 15:43:34 +0000

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.

Independent Krebs Security

U.S. Hacks QakBot, Quietly Removes Botnet Infections

August 29, 2023 0 Comments doj, don alway, FBI, federal bureau of investigation, Latest Warnings, martin estrada, qakbot, Qbot, Ransomware, The Coming Storm, u.s. department of justice

Credit to Author: BrianKrebs| Date: Tue, 29 Aug 2023 18:35:25 +0000

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

Independent Krebs Security

Kroll Employee SIM-Swapped for Crypto Investor Data

August 25, 2023 0 Comments A Little Sunshine, blockfi, Data Breaches, ftx, kroll breach, Latest Warnings, SIM swapping, T-Mobile

Credit to Author: BrianKrebs| Date: Fri, 25 Aug 2023 18:05:10 +0000

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll — the company handling both firms’ bankruptcy restructuring.

Independent Krebs Security

Teach a Man to Phish and He’s Set for Life

August 4, 2023 0 Comments A Little Sunshine, check point software, Latest Warnings, LinkedIn, Microsoft, Microsoft 365, phishing, right to left override, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 04 Aug 2023 13:49:15 +0000

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Independent Krebs Security

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

June 22, 2023 0 Comments A Little Sunshine, adidas, Apple, brian hughes, Latest Warnings, lego, smishing, sms phishing, united parcel service, ups, ups canada ltd., Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Independent Krebs Security

CISA Order Highlights Persistent Risk at Network Edge

June 15, 2023 0 Comments adam boileau, barracuda networks, cisa, cve-2023-27997, cybersecurity and infrastructure security agency, fortinet, fortra, goanywhere, Latest Warnings, mandiant, moveit transfer, patrick gray, progress software, risky business podcast, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2023 15:40:09 +0000

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Independent Krebs Security

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

June 8, 2023 0 Comments barracuda networks, caitlin condon, cve-2023-2868, email security gateway, international computer science institute, Latest Warnings, mandiant, nicholas weaver, rapid7, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Independent Krebs Security

Discord Admins Hacked by Malicious Bookmarks

May 30, 2023 0 Comments aura network, berk yilmaz, bookmarklets, Breadcrumbs, Latest Warnings, levatax, metrixcoin, nahmii, nicholas scavuzzo, ocean protocol, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 31 May 2023 00:19:17 +0000

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.