The Great $50M African IP Address Heist

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2019 22:31:12 +0000

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.

Read more

Patch Tuesday, December 2019 Edition

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2019 01:51:25 +0000

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.

Read more

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Credit to Author: BrianKrebs| Date: Sat, 07 Dec 2019 21:17:24 +0000

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service.

Read more

Apple Explains Mysterious iPhone 11 Location Requests

Credit to Author: BrianKrebs| Date: Thu, 05 Dec 2019 19:46:02 +0000

KrebsOnSecurity ran a story this week that puzzled over Apple’s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a new short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.

Read more

The iPhone 11 Pro’s Location Data Puzzler

Credit to Author: BrianKrebs| Date: Wed, 04 Dec 2019 03:51:15 +0000

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

Read more

It’s Way Too Easy to Get a .gov Domain Name

Credit to Author: BrianKrebs| Date: Wed, 27 Nov 2019 02:08:55 +0000

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.

Read more