Independent – Page 2 – Computer Security Articles

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

April 15, 2024 admin 0 Comments A Little Sunshine, apple, apple recovery key, kishan bagaria, Latest Warnings, mfa bombing, mfa fatigue, parth patel, peopledatalabs, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 26 Mar 2024 15:37:54 +0000

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Independent Krebs

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

March 22, 2024 admin A Little Sunshine, dimitiri shelest, Firefox, firefox monitor, haveibeenpwned, HaveIBeenPwned.com, Mozilla Foundation, mozilla monitor, Ne'er-Do-Well News, nuwber, onerep, Spamit, Troy Hunt, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 22 Mar 2024 19:02:41 +0000

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Independent Krebs

The Not-so-True People-Search Network from China

March 20, 2024 admin A Little Sunshine, alibaba cloud, alina clark, beenverified, Breadcrumbs, cocodoc, cocofinder, cocosign, DomainTools.com, eden cheng, fastpeoplesearch, findpeoplefast, forbes.com, h.i.g. capital, harriet chan, instant checkmate, intelius, marilyn gaskell, neighborwho, numberguru, onerep, ownerly, peopleconnect inc., peoplefinderfree, peoplelooker, peoplesmart, radaris, ross cohen, sally stevens, shenzhen duiyun technology co, Spokeo, Stephen Curry, the lifetime value co., truepeoplesearch, truthfinder, u.s. federal trade commission

Credit to Author: BrianKrebs| Date: Thu, 21 Mar 2024 03:18:26 +0000

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

ComputerWorld Independent

For March's Patch Tuesday, no zero-day flaws

March 15, 2024 admin microsoft, Microsoft Office, Security, small and medium business, windows

Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they’re just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

Known issues

Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:

To read this article in full, please click here

Independent Krebs

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

March 14, 2024 admin 375-292-7027-786, A Little Sunshine, ahavoila.com, azersab.com, Breadcrumbs, constella intelligence, constella.ai, d.sh@nuwber.com, dimitri shelest, dmitrcox@gmail.com, findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, nuwber.at, nuwber.ch, nuwber.dk, nuwber.fr, onerep.com, peeepl.br.com, peeepl.co.uk, peeepl.in, peeepl.it, peepull.com, permanente medicine, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke.com, pplcrwlr.dk, pplcrwlr.fr, pplcrwlr.in, pplcrwlr.jp, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, viadin.ca, viadin.com, viadin.de, viadin.hk, waatp1.fr, waatpp.de, webmeek.com

Credit to Author: BrianKrebs| Date: Thu, 14 Mar 2024 21:13:38 +0000

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.

ComputerWorld Independent

A call for digital-privacy regulation 'with teeth' at the federal level

March 13, 2024 admin Data Privacy, Government, privacy, Regulation, Technology Industry

Credit to Author: scot.finnie@gmail.com| Date: Wed, 13 Mar 2024 03:00:00 -0700

How did we get to the point where the tech industry is in the user-data business instead of the tech business?

Every day, Google collects data on billions of people worldwide, according to The Regulatory Review. The dodge that users gain some benefit from ad targeting is fallacy. For example, if Google’s search were decoupled from its advertising, there would be less chance for users to be misled by ignored search terms and seemingly hard-wired results.

There’s nothing beneficial to the user about Google’s sponsored search results. That’s also true of the adjacent Google ads that follow you around from site to site.

To read this article in full, please click here

Independent Krebs

Patch Tuesday, March 2024 Edition

March 12, 2024 admin adobe acrobat, adobe ai assistant, adobe animate, adobe bridge, adobe experience manager, Adobe Premier Pro, automox, coldfusion 2023 and 2021, cve-2024-21334, cve-2024-21390, cve-2024-21433, cve-2024-21435, cve-2024-21437, cve-2024-23225, cve-2024-23296, cve-2024-26170, cve-2024-26182, immersive labs, ios 16.7.6, ios 17.4, ipados 17.4, jason kitka, kevin breen, lightroom, Microsoft Authenticator, Microsoft Azure, Satnam Narang, Security Tools, Tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 12 Mar 2024 20:36:33 +0000

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

ComputerWorld Independent

EC's use of Microsoft 365 violates data-privacy rules, watchdog group says

March 12, 2024 admin Data Privacy, Government IT, privacy, Regulation

The European Commission (EC) has violated several key data protection rules in its use of Microsoft 365 regarding the transfer of people’s personal data from Europe to other regions not covered by EU data-protection laws, a key European privacy watchdog found.

The European Data Protection Supervisor (EDPS) on Tuesday chastized the EC after finding it did not take proper protective measures when sending personal data outside the EU and European Economic Area (EEA) when using the cloud-based app.

To read this article in full, please click here