A Little Sunshine – Page 5 – WindowsTechs.com

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Posted on April 3, 2024 by BrianKrebs

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. Continue reading ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec→

Thread Hijacking: Phishes That Prey on Your Curiosity

Posted on March 28, 2024 by BrianKrebs

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. Continue reading Thread Hijacking: Phishes That Prey on Your Curiosity→

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Posted on March 26, 2024 by BrianKrebs

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. Continue reading Recent ‘MFA Bombing’ Attacks Targeting Apple Users→

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Posted on March 22, 2024 by BrianKrebs

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years. Continue reading Mozilla Drops Onerep After CEO Admits to Running People-Search Networks→

The Not-so-True People-Search Network from China

Posted on March 21, 2024 by BrianKrebs

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. Continue reading The Not-so-True People-Search Network from China→

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

Posted on March 14, 2024 by BrianKrebs

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Continue reading CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms→

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Posted on March 11, 2024 by BrianKrebs

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform. Continue reading Incognito Darknet Market Mass-Extorts Buyers, Sellers→

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Posted on March 6, 2024 by BrianKrebs

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV”) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data that Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely. Continue reading BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare→

Fulton County, Security Experts Call LockBit’s Bluff

Posted on February 29, 2024 by BrianKrebs

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. Instead, LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming county officials had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement. Continue reading Fulton County, Security Experts Call LockBit’s Bluff→

Calendar Meeting Links Used to Spread Mac Malware

Posted on February 28, 2024 by BrianKrebs

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. Continue reading Calendar Meeting Links Used to Spread Mac Malware→