The Coming Storm – Page 5 – PossibleThreat Articles

ConnectWise Quietly Patches Flaw That Helps Phishers

December 1, 2022 0 Comments A Little Sunshine, connectwise, cybir, goto, ken pyle, lastpass, Latest Warnings, tarran street, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 01 Dec 2022 19:35:11 +0000

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Independent Krebs Security

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

November 28, 2022 0 Comments A Little Sunshine, arello-mobile, army times, constella intelligence, foreign adtech, intelligence authorization act for 2023, Latest Warnings, max konev, national training center, pincer trojan, pushwoosh, reuters, The Coming Storm, u.s. army, yuri shmakov, zach edwards

Credit to Author: BrianKrebs| Date: Mon, 28 Nov 2022 22:08:21 +0000

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

Independent Krebs Security

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

October 7, 2022 0 Comments A Little Sunshine, aite-novarica, bank of america, biocatch, capital one, jpmorgan chase, pnc bank, sen. elizabeth warren, seth rudin, The Coming Storm, trace fooshee, truist, u.s. bank, wells fargo, Zelle

Credit to Author: BrianKrebs| Date: Fri, 07 Oct 2022 18:46:12 +0000

When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule.

Independent Krebs Security

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

October 5, 2022 0 Comments A Little Sunshine, hamish taylor, isoutsource, jason lathrop, linkedin bots, mark miller, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 05 Oct 2022 21:20:53 +0000

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Independent Krebs Security

Microsoft: Two New 0-Day Flaws in Exchange Server

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, gtsc, Latest Warnings, microsoft exchange server zero-day, steven adair, The Coming Storm, Time to Patch, volexity, zimbra collaboration suite

Credit to Author: BrianKrebs| Date: Fri, 30 Sep 2022 16:51:57 +0000

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Independent Krebs Security

Fake CISO Profiles on LinkedIn Target Fortune 500s

September 29, 2022 0 Comments A Little Sunshine, fake cisos, LinkedIn, Ne'er-Do-Well News, rich mason, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 29 Sep 2022 20:52:43 +0000

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

Independent Krebs Security

Botched Crypto Mugging Lands Three U.K. Men in Jail

September 16, 2022 0 Comments brickings, disco dog, discoli, joseph james o'connor, leonardo sapiano, Ne'er-Do-Well News, patrick mcgovern-allen, plugwalkjoe, rayhan miah, robert lewis barr, SIM swapping, SWATting, The Coming Storm, thomas green, violence-as-a-service

Credit to Author: BrianKrebs| Date: Fri, 16 Sep 2022 17:55:25 +0000

Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies.

Independent Krebs Security

Sounding the Alarm on Emergency Alert System Flaws

August 12, 2022 0 Comments A Little Sunshine, comcast, cybir, david mcguire, Defcon, department of homeland security, digital alert systems, emergency alert system, ken pyle, Latest Warnings, monroe electronics, The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 12 Aug 2022 15:26:58 +0000

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.

Independent Krebs Security

It Might Be Our Data, But It’s Not Our Breach

August 11, 2022 0 Comments A Little Sunshine, alex holden, AT&T, at&t internet, bellsouth.net, bleeping computer, Data Breaches, databreaches.net, Hold Security, lawrence abrams, new jersey cybersecurity & communications integration cell, sbcglobal.net, shinyhunters, T-Mobile, The Coming Storm, u-verse, white house market

Credit to Author: BrianKrebs| Date: Thu, 11 Aug 2022 17:45:31 +0000

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.

Independent Krebs Security

Class Action Targets Experian Over Account Security

August 5, 2022 0 Comments A Little Sunshine, The Coming Storm

Credit to Author: BrianKrebs| Date: Sat, 06 Aug 2022 01:54:35 +0000

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.