The Coming Storm – Computer Security Articles

Ransomware Group Debuts Searchable Victim Data

June 14, 2022 admin A Little Sunshine, alphv ransomware, blackcat ransomware, brett callow, emsisoft, ransomware, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 14 Jun 2022 19:53:12 +0000

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form.

Independent Krebs

Senators Urge FTC to Probe ID.me Over Selfie Data

May 18, 2022 admin A Little Sunshine, biometrics, blake hall, cyberscoop, Facial Recognition, Federal Trade Commission, ftc chair lina khan, id.me, Internal Revenue Service, sen. alex padilla, sen. cory booker, sen. edward markey, Sen. Ron Wyden, The Coming Storm, tonya riley

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 16:55:40 +0000

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.

Independent Krebs

When Your Smart ID Card Reader Comes With Malware

May 17, 2022 admin A Little Sunshine, cac reader, cert-cc, david dixon, michael danberry, militarycac.com, saicoo, The Coming Storm, u.s. general services administration, will dormann

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 01:07:59 +0000

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

Independent Krebs

DEA Investigating Breach of Law Enforcement Data Portal

May 12, 2022 admin A Little Sunshine, data breaches, Department of Justice, domain block list, Doxbin, drug enforcement administration, el paso intelligence center, emergency data request, Epic, esp.usdoj.gov, FBI, ICSI, kt, lapsus$, law enforcement inquiry and alerts, leia, national seizure system, Ne'er-Do-Well News, Nicholas Weaver, nss, spamhaus, The Coming Storm, u.s. drug enforcement agency

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Independent Krebs

Fighting Fake EDRs With ‘Credit Ratings’ for Police

April 27, 2022 admin A Little Sunshine, apple, AT&T, Coinbase, discord, emergency data request, FBI, GitHub, google, kodex, LinkedIn, matt donahue, meta, microsoft, snapchat, T-Mobile, The Coming Storm, TikTok, twilio, Twitter, Verizon, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.

Independent Krebs

The Original APT: Advanced Persistent Teenagers

April 6, 2022 admin A Little Sunshine, advanced persistent teenagers, amit yoran, APT, cisa, FBI, lapsus$, microsoft, Ne'er-Do-Well News, nvidia, Okta, Samsung, Tenable, The Coming Storm, twitter hack, vishing, voice phishing, wired

Credit to Author: BrianKrebs| Date: Wed, 06 Apr 2022 17:55:38 +0000

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge.

Independent Krebs

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

March 29, 2022 admin anitsu, data extortion, discord, Doxbin, emergency data request, everlynn, fake edr, FBI, kt, lapsus$, mark rasch, microsoft, miku, Ne'er-Do-Well News, oklaqq, Palo Alto Networks, pompompurin, recursion team, The Coming Storm, unit 221b, Web Fraud 2.0, white, whitedoxbin

Credit to Author: BrianKrebs| Date: Tue, 29 Mar 2022 14:07:27 +0000

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.

Independent Krebs

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

March 17, 2022 admin alex holden, GitHub, Hold Security, protestware, russia's war on ukraine, The Coming Storm

Credit to Author: BrianKrebs| Date: Thu, 17 Mar 2022 22:33:21 +0000

Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

← Previous