Krebs – Page 17 – Computer Security Articles

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

June 29, 2023 admin arkady bukh, dmitry volkov, dropbox, facct, fight against cybercrime technologies, formspring, Group-IB, ilya sachkov, lamarez, LinkedIn, Ne'er-Do-Well News, oleg tolstikh, oleksandr vitalyevich ieremenko, U.S. Secret Service, u.s. securities & exchange commission, yevgeniy nikulin, zl0m

Credit to Author: BrianKrebs| Date: Thu, 29 Jun 2023 18:30:08 +0000

Nikita Kislitsin, formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin’s prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Independent Krebs

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

June 27, 2023 admin graham ivan clarke, joseph james o'connor, Ne'er-Do-Well News, plugwalkjoe, SIM swapping, twitter hack

Credit to Author: BrianKrebs| Date: Tue, 27 Jun 2023 19:44:03 +0000

Joseph James “PlugwalkJoe” O’Connor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “SIM swapping,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control.

Independent Krebs

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

June 22, 2023 admin A Little Sunshine, Adidas, apple, brian hughes, Latest Warnings, Lego, smishing, sms phishing, united parcel service, UPS, ups canada ltd., Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Independent Krebs

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 admin +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, Intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs

CISA Order Highlights Persistent Risk at Network Edge

June 15, 2023 admin adam boileau, barracuda networks, cisa, cve-2023-27997, cybersecurity and infrastructure security agency, fortinet, fortra, goanywhere, Latest Warnings, Mandiant, moveit transfer, Patrick Gray, progress software, Risky Business podcast, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2023 15:40:09 +0000

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Independent Krebs

Microsoft Patch Tuesday, June 2023 Edition

June 13, 2023 admin action1, cve-2023-28310, cve-2023-29357, cve-2023-29363, cve-2023-32014, cve-2023-32015, cve-2023-32031, immersive labs, kevin breen, microsoft patch tuesday june 2023, Security Tools, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 13 Jun 2023 20:44:28 +0000

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.

Independent Krebs

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

June 8, 2023 admin barracuda networks, caitlin condon, cve-2023-2868, email security gateway, International Computer Science Institute, Latest Warnings, Mandiant, Nicholas Weaver, Rapid7, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Independent Krebs

Service Rents Email Addresses for Account Signups

June 6, 2023 admin impulse scam crypto project, kopeechka, Mastodon, quotpw, renaud chaput, spam, Trend Micro, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 06 Jun 2023 20:09:13 +0000

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.