Independent – Page 4 – Computer Security Articles

Local Networks Go Global When Domain Names Collide

August 23, 2024 admin A Little Sunshine, Active Directory, andorra, dns name devolution, Latest Warnings, memphis real-time crime center, memrtcc.ad, mike barlow, mike o'connor, namespace collision, philippe caturegli, seralys, The Coming Storm, Web Fraud 2.0, web proxy auto-discovery protocol, wpad.ad, wpad.dk

Credit to Author: BrianKrebs| Date: Fri, 23 Aug 2024 14:12:31 +0000

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

Independent Krebs

National Public Data Published Its Own Passwords

August 19, 2024 admin A Little Sunshine, atlas data privacy corp., Breadcrumbs, creationnext, data breaches, national public data breach, npd.pentester.com, npdbreach.com, salvatore verini, The Coming Storm, usinfosearch.com

Credit to Author: BrianKrebs| Date: Mon, 19 Aug 2024 16:23:31 +0000

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

Independent Krebs

NationalPublicData.com Hack Exposes a Nation’s Data

August 15, 2024 admin A Little Sunshine, atlas data privacy corp., data breaches, FBI, HaveIBeenPwned.com, infragard, instant checkmate, jerico pictures, national criminal data llc, national public data breach, peopleconnect, recordscheck.net, sal verini, salvatore verini, shadowglade llc, sxul, The Coming Storm, trinity entertainment, Troy Hunt, truthfinder, twisted history llc, usdod, vx-underground

Credit to Author: BrianKrebs| Date: Thu, 15 Aug 2024 22:38:36 +0000

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.

Independent Krebs

Six 0-Days Lead Microsoft’s August 2024 Patch Push

August 13, 2024 admin cve-2024-38106, cve-2024-38107, cve-2024-38178, cve-2024-38189, cve-2024-38193, cve-2024-38213, kev breen, mark of the web, microsoft project, Time to Patch, windows edge, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Tue, 13 Aug 2024 21:43:05 +0000

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.

Independent Krebs

Cybercrime Rapper Sues Bank over Fraud Investigation

August 7, 2024 admin 859-963-6243, A Little Sunshine, constella.ai, devon turner, DomainTools.com, Ne'er-Do-Well News, punchmade dev

Credit to Author: BrianKrebs| Date: Wed, 07 Aug 2024 19:01:49 +0000

In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing his financial institution after it blocked a $75,000 wire transfer and froze his account, citing an active law enforcement investigation.

Independent Krebs

Low-Drama ‘Dark Angels’ Reap Record Ransoms

August 5, 2024 admin A Little Sunshine, amerisourcebergen corporation, Bleeping Computer, brett stone-gross, cencora, dark angels, data breaches, dunghill leak, ransomware, SABRE, Sophos, sysco, threatlabz, zscaler

Credit to Author: BrianKrebs| Date: Mon, 05 Aug 2024 19:52:35 +0000

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim’s operations.

Independent Krebs

U.S. Trades Cybercriminals to Russia in Prisoner Swap

August 1, 2024 admin alexander vinnik, alsu kurmasheva, btc-e, evan gershkovich, german moyzhes, ivan ermakov, maxim marchenko, Mt Gox, Ne'er-Do-Well News, paul whelan, ransomware, Roman Seleznev, russia's war on ukraine, trickbot, vadim krasikov, Vladimir Putin, vladislav klyushin

Credit to Author: BrianKrebs| Date: Fri, 02 Aug 2024 00:15:44 +0000

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were five convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan.

Independent Krebs

Don’t Let Your Domain Name Become a “Sitting Duck”

July 31, 2024 admin A Little Sunshine, apwg, dave mitchell, digicert, Digital Ocean, dnsmadeeasy, eclypsium, hostinger, infoblox, Latest Warnings, Matthew Bryant, sitting duck domains, steve job, Time to Patch, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 31 Jul 2024 12:06:45 +0000

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds.