A Little Sunshine – Page 16 – Computer Security Articles

Experian Glitch Exposing Credit Files Lasted 47 Days

January 25, 2023 admin A Little Sunshine, data breaches, Experian, Experian breach, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 25 Jan 2023 19:58:46 +0000

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.

Independent Krebs

Administrator of RSOCKS Proxy Botnet Pleads Guilty

January 24, 2023 admin A Little Sunshine, Breadcrumbs, denis emelyantsev, IoT, iot botnets, Ne'er-Do-Well News, rsocks botnet, rsocks proxy, rusdot, rusdot socks server, spamdot

Credit to Author: BrianKrebs| Date: Tue, 24 Jan 2023 19:00:32 +0000

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”

Independent Krebs

Identity Thieves Bypassed Experian Security to View Credit Reports

January 9, 2023 admin A Little Sunshine, annualcreditreport.com, data breaches, Experian, jenya kushnir, Ne'er-Do-Well News, Sen. Ron Wyden, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Jan 2023 14:05:15 +0000

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

Independent Krebs

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

December 13, 2022 admin A Little Sunshine, breached, data breaches, FBI, infragard, pompompurin, RaidForums, usdod, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 13 Dec 2022 23:54:21 +0000

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.

Independent Krebs

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

December 5, 2022 admin A Little Sunshine, dmitry starovikov, glupteba botnet, google, halimah delaine prado, Igor Litvak, Ne'er-Do-Well News, royal hansen, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 05 Dec 2022 19:44:50 +0000

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google’s legal fees.

Independent Krebs

ConnectWise Quietly Patches Flaw That Helps Phishers

December 1, 2022 admin A Little Sunshine, connectwise, cybir, goto, ken pyle, lastpass, Latest Warnings, tarran street, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 01 Dec 2022 19:35:11 +0000

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Independent Krebs

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

November 28, 2022 admin A Little Sunshine, arello-mobile, army times, constella intelligence, foreign adtech, intelligence authorization act for 2023, Latest Warnings, max konev, national training center, pincer trojan, pushwoosh, Reuters, The Coming Storm, u.s. army, yuri shmakov, zach edwards

Credit to Author: BrianKrebs| Date: Mon, 28 Nov 2022 22:08:21 +0000

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

Independent Krebs

Researchers Quietly Cracked Zeppelin Ransomware Keys

November 17, 2022 admin A Little Sunshine, cybersecurity & infrastructure security agency, Digital Ocean, FBI, joel lathrop, lance james, ransomware, Security Tools, unit 221b, zeppelin decryptor, zeppelin ransomware

Credit to Author: BrianKrebs| Date: Fri, 18 Nov 2022 02:30:26 +0000

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More »