A Little Sunshine – Page 21 – Computer Security Articles

Senators Urge FTC to Probe ID.me Over Selfie Data

May 18, 2022 admin A Little Sunshine, biometrics, blake hall, cyberscoop, Facial Recognition, Federal Trade Commission, ftc chair lina khan, id.me, Internal Revenue Service, sen. alex padilla, sen. cory booker, sen. edward markey, Sen. Ron Wyden, The Coming Storm, tonya riley

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 16:55:40 +0000

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.

Independent Krebs

When Your Smart ID Card Reader Comes With Malware

May 17, 2022 admin A Little Sunshine, cac reader, cert-cc, david dixon, michael danberry, militarycac.com, saicoo, The Coming Storm, u.s. general services administration, will dormann

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 01:07:59 +0000

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

Independent Krebs

DEA Investigating Breach of Law Enforcement Data Portal

May 12, 2022 admin A Little Sunshine, data breaches, Department of Justice, domain block list, Doxbin, drug enforcement administration, el paso intelligence center, emergency data request, Epic, esp.usdoj.gov, FBI, ICSI, kt, lapsus$, law enforcement inquiry and alerts, leia, national seizure system, Ne'er-Do-Well News, Nicholas Weaver, nss, spamhaus, The Coming Storm, u.s. drug enforcement agency

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Independent Krebs

Your Phone May Soon Replace Many of Your Passwords

May 7, 2022 admin A Little Sunshine, apple, FIDO Alliance, google, johannes ullrich, microsoft, Nicholas Weaver, sampath srinivas, sans, Security Tools, spycloud, steve bellovin, World Wide Web Consortium

Credit to Author: BrianKrebs| Date: Sat, 07 May 2022 13:31:17 +0000

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

Independent Krebs

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

May 2, 2022 admin A Little Sunshine, Ne'er-Do-Well News, russia's war on ukraine

Credit to Author: BrianKrebs| Date: Mon, 02 May 2022 21:29:34 +0000

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Independent Krebs

Fighting Fake EDRs With ‘Credit Ratings’ for Police

April 27, 2022 admin A Little Sunshine, apple, AT&T, Coinbase, discord, emergency data request, FBI, GitHub, google, kodex, LinkedIn, matt donahue, meta, microsoft, snapchat, T-Mobile, The Coming Storm, TikTok, twilio, Twitter, Verizon, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.

Independent Krebs

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

April 22, 2022 admin A Little Sunshine, amtrak, apple, bitbucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, everlynn, Flashpoint, genesis, globant, iqor, kt, lapsus$, lapsus$ jobs, michelin, microsoft, Mobile Device Management, mox, Ne'er-Do-Well News, nvidia, recursion team, russian market, Samsung, sascar, SIM swapping, slack, source code theft, SWATting, T-Mobile, t-mobile atlas, whitedoxbin

Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.

Independent Krebs

Conti’s Ransomware Toll on the Healthcare Industry

April 18, 2022 admin A Little Sunshine, conti, emotet, emsisoft, errol weiss, FBI, h-isac, health information sharing & analysis center, healthcare information and management systems society, microsoft, Ne'er-Do-Well News, proofpoint, ransomware, ryuk, Sophos, u.s. cybersecurity & infrastructure security agency, Zloader

Credit to Author: BrianKrebs| Date: Mon, 18 Apr 2022 20:41:08 +0000

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name “Ryuk.”