The Coming Storm – Page 5 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Fri, 23 Aug 2024 14:12:31 +0000

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

Independent Krebs

August 19, 2024 admin

National Public Data Published Its Own Passwords

Credit to Author: BrianKrebs| Date: Mon, 19 Aug 2024 16:23:31 +0000

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

Independent Krebs

August 15, 2024 admin

NationalPublicData.com Hack Exposes a Nation’s Data

Credit to Author: BrianKrebs| Date: Thu, 15 Aug 2024 22:38:36 +0000

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.

Independent Krebs

July 23, 2024 admin

Phish-Friendly Domain Registry “.top” Put on Notice

Credit to Author: BrianKrebs| Date: Tue, 23 Jul 2024 19:41:51 +0000

The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”

Independent Krebs

May 30, 2024 admin

‘Operation Endgame’ Hits Malware Delivery Platforms

Credit to Author: BrianKrebs| Date: Thu, 30 May 2024 15:19:44 +0000

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.

Independent Krebs

May 21, 2024 admin

Why Your Wi-Fi Router Doubles as an Apple AirTag

Credit to Author: BrianKrebs| Date: Tue, 21 May 2024 16:21:20 +0000

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.

Independent Krebs

May 6, 2024 admin

Why Your VPN May Not Be As Secure As It Claims

Credit to Author: BrianKrebs| Date: Mon, 06 May 2024 14:24:47 +0000

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

Independent Krebs

April 15, 2024 admin

Why CISA is Warning CISOs About a Breach at Sisense

Credit to Author: BrianKrebs| Date: Thu, 11 Apr 2024 20:48:06 +0000

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.