A Little Sunshine – Page 4 – WindowsTechs.com

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Posted on June 20, 2024 by BrianKrebs

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity. Continue reading KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO→

Stark Industries Solutions: An Iron Hammer in the Cloud

Posted on May 23, 2024 by BrianKrebs

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. Continue reading Stark Industries Solutions: An Iron Hammer in the Cloud→

Why Your Wi-Fi Router Doubles as an Apple AirTag

Posted on May 21, 2024 by BrianKrebs

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. Continue reading Why Your Wi-Fi Router Doubles as an Apple AirTag→

How Did Authorities Identify the Alleged Lockbit Boss?

Posted on May 13, 2024 by BrianKrebs

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. Continue reading How Did Authorities Identify the Alleged Lockbit Boss?→

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

Posted on May 7, 2024 by BrianKrebs

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang’s leader “LockbitSupp,” and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. Continue reading U.S. Charges Russian Man as Boss of LockBit Ransomware Group→

Why Your VPN May Not Be As Secure As It Claims

Posted on May 6, 2024 by BrianKrebs

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. Continue reading Why Your VPN May Not Be As Secure As It Claims→

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

Posted on April 22, 2024 by BrianKrebs

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps. Continue reading Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme→

Crickets from Chirp Systems in Smart Lock Key Leak

Posted on April 15, 2024 by BrianKrebs

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. Continue reading Crickets from Chirp Systems in Smart Lock Key Leak→

Why CISA is Warning CISOs About a Breach at Sisense

Posted on April 11, 2024 by BrianKrebs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. Continue reading Why CISA is Warning CISOs About a Breach at Sisense→

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Posted on April 4, 2024 by BrianKrebs

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. Continue reading Fake Lawsuit Threat Exposes Privnote Phishing Sites→