The Coming Storm – Computer Security Articles

Malicious Office 365 Apps Are the Ultimate Insiders

May 5, 2021 admin bec, Business Email Compromise, Latest Warnings, malicious office apps, Microsoft Office 365, phishing, proofpoint, ryan kalember, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 05 May 2021 12:27:50 +0000

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Independent Krebs

Task Force Seeks to Disrupt Ransomware Payments

April 29, 2021 admin Amazon, Cisco, Department of Homeland Security, disrupting ransomware payments, emsisoft, Europol, FBI, FireEye, institute for security and technology, McAfee, microsoft, philip reiner, ransomware, The Coming Storm, The Wall Street Journal, u.k. national crime agency, U.S. Justice Department, u.s. treasury department

Credit to Author: BrianKrebs| Date: Thu, 29 Apr 2021 12:26:09 +0000

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Independent Krebs

Are You One of the 533M People Who Got Facebooked?

April 6, 2021 admin alon gal, data breaches, Facebook breach, HaveIBeenPwned.com, SIM swapping, The Coming Storm, under the breach

Credit to Author: BrianKrebs| Date: Tue, 06 Apr 2021 18:55:53 +0000

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you’re a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.

Independent Krebs

Ransom Gangs Emailing Victim Customers for Leverage

April 5, 2021 admin Bleeping Computer, clop, emsisoft, fabian wosar, Lawrence Abrams, racetrac, ransomware, rEvil, The Coming Storm

Credit to Author: BrianKrebs| Date: Mon, 05 Apr 2021 21:38:38 +0000

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

Independent Krebs

Can We Stop Pretending SMS Is Secure Now?

March 16, 2021 admin Allison Nixon, alt-spid, Latest Warnings, lucky225, netnumber, npac, number portability administration center, SIM swapping, The Coming Storm, unit221b

Credit to Author: BrianKrebs| Date: Tue, 16 Mar 2021 22:30:28 +0000

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of people (many of them low-paid mobile store employees) who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Independent Krebs

Warning the World of a Ticking Time Bomb

March 9, 2021 admin Allison Nixon, check my owa, The Coming Storm, Time to Patch, unit221b

Credit to Author: BrianKrebs| Date: Tue, 09 Mar 2021 21:04:07 +0000

Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has been retrofitted with a “web shell” backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim’s other computers. Researchers are now racing to identify, alert and help victims, and hopefully prevent further mayhem.

Independent Krebs

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

March 6, 2021 admin Andy Greenberg, chris krebs, hafnium, jen psaki, Latest Warnings, microsoft exchange server flaws, steven adair, The Coming Storm, Time to Patch, volexity, wired

Credit to Author: BrianKrebs| Date: Fri, 05 Mar 2021 21:07:07 +0000

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Independent Krebs

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

March 6, 2021 admin cve-2021-26855, cve-2021-26857, cve-2021-26858, cve-2021-27065, hafnium, Latest Warnings, Microsoft Exchange, The Coming Storm, Time to Patch, Zero-Day

Credit to Author: BrianKrebs| Date: Tue, 02 Mar 2021 21:19:17 +0000

Microsoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

← Previous