The Coming Storm – Page 2 – PossibleThreat Articles

Why Your Wi-Fi Router Doubles as an Apple AirTag

May 21, 2024 0 Comments A Little Sunshine, Apple, bssid, david levin, erik rye, ieee, Latest Warnings, security tools, starlink, The Coming Storm, university of maryland, wi-fi location

Credit to Author: BrianKrebs| Date: Tue, 21 May 2024 16:21:20 +0000

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.

Independent Krebs Security

Why Your VPN May Not Be As Secure As It Claims

May 6, 2024 0 Comments A Little Sunshine, bill woodcock, dani cronce, dhcp option 121, dhcp starvation attack, dynamic host control protocol, john kristoff, Latest Warnings, leviathan security, lizzie moratti, packet clearing house, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 06 May 2024 14:24:47 +0000

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

Independent Krebs Security

Why CISA is Warning CISOs About a Breach at Sisense

April 15, 2024 0 Comments A Little Sunshine, Data Breaches, nicholas weaver, sangram dash, sisense breach, The Coming Storm, u.s. cybersecurity and infrastructure security agency

Credit to Author: BrianKrebs| Date: Thu, 11 Apr 2024 20:48:06 +0000

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

Independent Krebs Security

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

April 15, 2024 0 Comments A Little Sunshine, Apple, apple recovery key, kishan bagaria, Latest Warnings, mfa bombing, mfa fatigue, parth patel, peopledatalabs, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 26 Mar 2024 15:37:54 +0000

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Independent Krebs Security

Incognito Darknet Market Mass-Extorts Buyers, Sellers

March 11, 2024 0 Comments A Little Sunshine, brett johnson, double extortion, exit scam, incognito market, Ne'er-Do-Well News, shadowcrew, The Coming Storm

Credit to Author: BrianKrebs| Date: Mon, 11 Mar 2024 16:19:36 +0000

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Independent Krebs Security

Canadian Man Stuck in Triangle of E-Commerce Fraud

January 19, 2024 0 Comments A Little Sunshine, adavio, amazon.ca, duncan's first nation, rcmp, royal canadian mounted police, The Coming Storm, timothy barker, triangulation fraud, walmart, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 19 Jan 2024 15:34:53 +0000

A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card.

Independent Krebs Security

Here’s Some Bitcoin: Oh, and You’ve Been Served!

January 13, 2024 0 Comments A Little Sunshine, Coinbase, ethan mora, judge helena m. march-kuchta, mark rasch, nick bax, ryan dellone, SIM swapping, The Coming Storm

Credit to Author: BrianKrebs| Date: Wed, 10 Jan 2024 13:39:37 +0000

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized… Read More »

Independent Krebs Security

Microsoft Patch Tuesday, December 2023 Edition

December 12, 2023 0 Comments cve-2023-35628, cve-2023-35636, cve-2023-35641, immersive labs, kevin breen, Latest Warnings, microsoft patch tuesday december 2023, satnam narang, tenable, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 12 Dec 2023 22:21:00 +0000

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.

Independent Krebs Security

Okta: Breach Affected All Customer Support Users

November 29, 2023 0 Comments Data Breaches, Latest Warnings, okta breach, The Coming Storm

Credit to Author: BrianKrebs| Date: Wed, 29 Nov 2023 19:41:14 +0000

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Independent Krebs Security

Don’t Let Zombie Zoom Links Drag You Down

October 2, 2023 0 Comments A Little Sunshine, charan akiri, Latest Warnings, LinkedIn, The Coming Storm, zoom, zoom personal meeting id

Credit to Author: BrianKrebs| Date: Mon, 02 Oct 2023 15:43:34 +0000

Many organizations — including quite a few Fortune 500 firms — have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks.