Notices by BrianKrebs (briankrebs@infosec.exchange), page 2

Germany shuts down 47 cryptocurrency exchanges hosted domestically that allegedly facilitated money laundering and operating criminal trading platforms:

https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2024/Presse2024/240919_PM_finalexchange.html

List of exchanges targeted:
https://www.finalexchange.de/en

Something tells me there is more to come.

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased.

Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/

Not sure I can stomach yet another Cybersecurity Awareness Month (which has an unfortunate initialism). The flak emails hawking this theme have begun in earnest. But I'm already feeling a tad too cyber aware for my comfort. Is it too late to take the blue pill?

@GossiTheDog Yep. Just checked and disabled the setting. Anyone know exactly when LI disclosed this change? Or did they?

From the WTAF dept: 3 killed, > 1,000 wounded in Beirut by exploding pagers:

"BEIRUT, Sept 17 (Reuters) - At least three people were killed and more than 1,000 others including Hezbollah fighters, medics and Iran's envoy to Beirut were wounded on Tuesday when the pagers they use to communicate exploded across Lebanon, security sources told Reuters.

A Hezbollah official, speaking on condition of anonymity, said the detonation of the pagers was the "biggest security breach" the group had been subjected to in nearly a year of conflict with Israel."

https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/

via @dangoodin

Anyone know if Signal publishes the SHA-1 (or some hash) of its desktop versions? I don't like installing critical apps like this without verifying their integrity.

I know I'm showing my age in a Man Shakes Fist at Cloud way, but it wasn't so long ago that software makers actually published this information on their downloads page.

Hey kids! Starting tomorrow, you too can give your money over to a new "high-yield crypto investment" scheme endorsed by former president Trump, and run by his sons, including 18 y/o Baron, who is cited as the "chief visionary."

Sounds like a brilliant investment (for the Trump family):

"A whopping 70% of Trump-backed World Liberty Financial's WLFI tokens will be reserved for the project's insiders, according to a white paper draft obtained by CoinDesk. Of the remaining 30% of the tokens distributed via a public sale, the founding team will also receive a portion of the proceeds."

Because nothing screams legit like a high-yield investment scheme. Add crypto and it's uber-legit: https://www.investor.gov/protect-your-investments/fraud/types-fraud/high-yield-investment-programs

CoinDesk quotes a Trump fan and crypto investor predicting disaster: "It'll be the juiciest DeFi target ever and it's forked from a protocol that itself was hacked). it's also an obvious target for the SEC. at best it's an unnecessary distraction, at worst it's a huge embarrassment and source of (additional) legal trouble."

https://www.coindesk.com/business/2024/09/04/in-trump-backed-crypto-project-insiders-are-poised-for-unusually-big-paydays/

#shamelessgrifters

One portion of Trump's replies during the "debate" didn't seem to get enough attention. To me, it was like he was threatening the western world on his pal Putin's behalf, just reminding everyone that Putin has nukes, and that maybe he hasn't been sabre rattling enough on that front.

He actually said all this about his BFF:

"He would have been sitting in Moscow much happier than he is right now. But eventually, you know, he's got a thing that other people don't have. He's got nuclear weapons. They don't ever talk about that. He's got nuclear weapons. Nobody ever thinks about that. And eventually uh maybe he'll use them. Maybe he hasn't been that threatening. But he does have that. Something we don't even like to talk about."

In any government court document, comic relief is often found in the footnotes.

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

https://krebsonsecurity.com/2024/09/bug-left-some-windows-pcs-dangerously-unpatched/

Yeah, maybe not previously reported by the NYT.

https://www.nytimes.com/2024/09/07/technology/telegram-crime-terrorism.html

Someone sent me a note the other day that a funeral service for their late friend was being used to start a new Meta group that claimed to offer live streaming of the service.

But of course, those who clicked the link were sent to fake video streaming websites that try to collect payment information before supposedly letting you watch the service.

A little digging showed that not only are there hundreds of these fake funeral streaming groups, but all of them are tied back to some brainiacs in Bangladesh who naturally exposed their identities and operation by trojaning their own PCs.

What's crazy is how the fake funeral streaming groups on Meta are just one tiny microcosm of the scams these dudes in Bangladesh are doing.

Also, now I feel like showering after spending a few hours back on Meta. Eww.

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.

Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers who had already stolen someone's bank account credentials could enter the target’s phone number and name, and the service would initiate an automated phone call to the target that warned them about unauthorized activity on their account.

The call would prompt the target to enter a one-time passcode generated by their phone’s mobile app, and the code was then relayed to the scammer’s user panel at the OTP Agency website.

The story I just published includes a hilarious chat conversation between two of the proprietors immediately after I profiled them in a Feb. 2021 story. They deleted their Telegram channel because "our chat is Fraud 100%", but issued a statement calling my story libelous and that they were a legit anti-fraud company. Idiots then went on to rebuild the site at the same address, and were arrested less than a month later.

Picari said: bro we are in big trouble… U will get me bagged… Bro delete the chat

Vijayanathan: Are you sure

Picari: So much evidence in there

Vijayanathan: Are you 100% sure

Picari: It’s so incriminating...Take a look and search 'fraud'...Just think of all the evidence...that we cba to find...in the OTP chat...they will find

Vijayanathan: Exactly so if we just shut EVERYTHING down

Picari: They went to our first ever msg...We look incriminating...if we shut down...I say delete the chat...Our chat is Fraud 100%

Vijayanathan : Everyone with a brain will tell you stop it here and move on

Picari: Just because we close it doesn’t mean we didn’t do it...But deleting our chat...Will f*^k their investigations...There’s nothing fraudulent on the site

Story: https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/

Video of how OTP Agency worked: https://www.youtube.com/watch?v=45GsKWyF63U

Urgh. Yes, restrain journalists from telling other journalists that all of your police files are on the dark web. Way to put the genie back in the bottle there, Columbus Ohio PD!

https://www.youtube.com/watch?v=63mZpvydwUA

@georgetakei Dave Grohl is My Hero. Also, his mom was my public speaking teacher in the 12th grade. True story: She would come into class and play like 15 seconds of some bootleg Nirvana recording, and then continue with class. Badasses don't fall far from the tree.

New, by me: Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

From the story:

"It looks like all of the police cars there have a laptop in the cars, and they're all attached to this memrtcc.ad domain that I now own," Caturegli said, noting wryly that "memrtcc" stands for "Memphis Real-Time Crime Center."

Caturegli said setting up an email server record for memrtcc.ad caused him to begin receiving automated messages from the police department's IT help desk, including trouble tickets regarding the city's Okta authentication system.

https://krebsonsecurity.com/2024/08/local-networks-go-global-when-domain-names-collide/

@horse PRs?

Something to consider in your threat modeling. IDK how common this is, but the gear to do effective wifi signal jamming is not hard to find and works. They're illegal as hell to use in the US, but that isn't going to stop thieves. Argues in favor of direct IP cams or POE-type cams. And cams that allow backup of a certain amount of recording to an SD card.

https://www.kare11.com/article/news/local/edina-burglars-could-be-using-wifi-jammers/89-838f08f6-8e13-4577-8a88-628d757207a2

I think from here on out I'll just use the auto-response options.

Just had another breach notification/quote request go sideways in an icky way. I'm only mentioning it because this has happened to me more times than I care to remember, and it infuriates me every time.

Here's the scenario. I hear from a researcher who finds bad thing, data exposure, etc. If I can confirm the researcher's findings, I'll then seek comment from the organization in question. Mind you, this effort usually includes both written and oral communications clearly stating that I am a journalist, and that I am working on a story about the problem and its hopeful resolution.

The response in this scenario involves a reply from a senior executive -- often the CEO -- thanking me for the information, and in the same breath asking if I do any consulting work.

I can't pretend to know what's going on in the mind of the person who asks me this question in this situation, but as a journalist it always sounds and feels like a thinly veiled bribe offer.

To my mind, it's bit like getting pulled over for plowing through a red light, and then handing the cop a $100 bill along with your license.

I always try to respond charitably, by politely declining and explaining that's not really something I do. If I'm not totally insulted at that point, I may even suggest some competent experts. Because god knows anyone who responds this way needs all the help they can get.