Pinned post
You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you.
Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.
It is not uncommon for cybercriminals to accidentally infect their own machines with password-stealing malware, and that is exactly what seems to have happened with one of the more recent administrators of 16Shop.
Constella Intelligence, a data breach and threat actor research platform, now allows users to cross-reference popular cybercrime websites and denizens of these forums with inadvertent malware infections by information-stealing trojans. A search in Constella on 16Shop’s domain name shows that in mid-2022, a key administrator of the phishing service infected their Microsoft Windows desktop computer with the Redline information stealer trojan — apparently by downloading a cracked (and secretly backdoored) copy of Adobe Photoshop.
Redline infections steal gobs of data from the victim machine, including a list of recent downloads, stored passwords and authentication cookies, as well as browser bookmarks and auto-fill data.
More:
https://krebsonsecurity.com/2023/08/karma-catches-up-to-global-phishing-service-16shop/
BrianKrebs<p>John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch, and Diligere[.]co.uk, a scam due diligence company that Equity-Invest insists all investment partners use.</p><p>A native of the United Kingdom, Mr. Davies absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared on suspicion of murdering his third wife on their honeymoon in India.</p><p><a href="https://krebsonsecurity.com/2023/08/diligere-equity-invest-are-new-firms-of-u-k-con-man/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2023/08/di</span><span class="invisible">ligere-equity-invest-are-new-firms-of-u-k-con-man/</span></a></p>
BrianKrebs<p>New. Scoopy. By me. </p><p>"WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by the likes of <a href="https://infosec.exchange/tags/ChatGPT" class="mention hashtag" rel="tag">#<span>ChatGPT</span></a> and Google Bard, has started adding restrictions of its own on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.”</p><p>"The large language models (LLMs) made by ChatGPT parent <a href="https://infosec.exchange/tags/OpenAI" class="mention hashtag" rel="tag">#<span>OpenAI</span></a> or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new, uncensored LLM that was created specifically for cybercrime activities."</p><p><a href="https://krebsonsecurity.com/2023/08/meet-the-brains-behind-the-malware-friendly-ai-chat-service-wormgpt/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2023/08/me</span><span class="invisible">et-the-brains-behind-the-malware-friendly-ai-chat-service-wormgpt/</span></a></p><p><a href="https://infosec.exchange/tags/wormgpt" class="mention hashtag" rel="tag">#<span>wormgpt</span></a>, <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="tag">#<span>malware</span></a> <a href="https://infosec.exchange/tags/chatgpt" class="mention hashtag" rel="tag">#<span>chatgpt</span></a></p>
BrianKrebs<p>Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research.</p><p><a href="https://krebsonsecurity.com/2023/08/how-malicious-android-apps-slip-into-disguise/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2023/08/ho</span><span class="invisible">w-malicious-android-apps-slip-into-disguise/</span></a></p>
BrianKrebs<p>I'm pretty sure Mastodon is the first social network I've been on that didn't immediately ask me to betray all of the people in my address book.</p>
Dissent Doe :cupofcoffee:<p>Snatch Team starts really detailing their attacks and ups the ante for those who don't pay up:</p><p><a href="https://www.databreaches.net/snatch-team-starts-really-detailing-their-attacks-and-ups-the-ante-for-those-who-dont-pay-up/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">databreaches.net/snatch-team-s</span><span class="invisible">tarts-really-detailing-their-attacks-and-ups-the-ante-for-those-who-dont-pay-up/</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@brett" class="u-url mention">@<span>brett</span></a></span> <span class="h-card" translate="no"><a href="https://ioc.exchange/@allan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>allan</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@euroinfosec" class="u-url mention">@<span>euroinfosec</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@ValeryMarchive" class="u-url mention">@<span>ValeryMarchive</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@campuscodi" class="u-url mention">@<span>campuscodi</span></a></span> <br><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="tag">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/ransom" class="mention hashtag" rel="tag">#<span>ransom</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="tag">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cyberinsurance" class="mention hashtag" rel="tag">#<span>cyberinsurance</span></a></p>
stux⚡<p>"Here's a clip from today's hearing where the Twitter exec explains why sharing child sexual abuse material isn't an automatic ban. And then an Australian senator explains why that's idiotic"</p><p>Via <a href="https://twitter.com/paleofuture/status/1689489799349207040" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/paleofuture/status</span><span class="invisible">/1689489799349207040</span></a></p><p><a href="https://www.forbes.com/sites/mattnovak/2023/08/09/twitter-exec-defends-restoring-account-that-shared-child-sex-abuse-material/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forbes.com/sites/mattnovak/202</span><span class="invisible">3/08/09/twitter-exec-defends-restoring-account-that-shared-child-sex-abuse-material/</span></a></p>
Marc Elias<p>In the last two days, a federal courts in Texas and Georgia struck down key provisions of their states' voter suppression laws.</p><p>The next time the cynics and vote suppressors tell you that the we shouldn't sue and that the courts won't protect voting rights, don't believe them.</p>
Marcus Hutchins :verified:<p>"I'm getting rid of the block feature because it makes no sense" <br />Translation: "a lot of people have blocked me because I behave like a 5.2 year old instead of the 52 year old I am and this hurts my feelings"</p>
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:<p>Removing the ability to block someone on a social network? Wowza. I better get some new servers going.</p>
BrianKrebs<p>et tu, LinkedIn?</p>
BrianKrebs<p>Google says it is changing its account deletion policy so that accounts not logged into or used for two years or more will be eligible for deletion starting Dec. 1, 2023. On the bright side, Google says after an account is deleted, the Gmail address can't be used again when creating a new Google Account.</p><p>"....we are updating the inactivity period for a Google Account to two years across all our products and services. This change starts rolling out today and will apply to any Google Account that’s been inactive, meaning it has not been signed into or used within a two-year period. An inactive account and any content in it will be eligible for deletion from December 1, 2023. </p><p>What this means for you:</p><p> These changes do not impact you unless you have been inactive in your Google Account for two years or have not used your account to sign in to any Google service for over two years.<br /> While the changes go into effect today, the earliest we would enforce any account deletion would be December 2023.<br /> If your account is considered inactive, we will send several reminder emails to both you and your recovery emails (if any have been provided) before we take any action or delete any account content. These reminder emails will go out at least 8 months before any action is taken on your account.<br /> After a Google Account is deleted, the Gmail address for the deleted account cannot be used again when creating a new Google Account."</p><p><a href="https://blog.google/technology/safety-security/updating-our-inactive-account-policies/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">blog.google/technology/safety-</span><span class="invisible">security/updating-our-inactive-account-policies/</span></a></p>
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:<p>I just noticed firefish (running on Infosec.town and fedia.social) shows the number of replies and likes for posts in the timeline - that’s pretty neat. (And yes, I’m aware the counts are probably incomplete for posts not originating from someone on the same instance)</p>
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:<p>Wow - mastodon.social grew by more accounts in the last month than Infosec.exchange has accounts (~80k)</p><p>Edit: month, not week</p>
BrianKrebs boosted
@railmeat @mcc Windows is wild now. When you install it, it asks permission to tailor ads to your interests. Bruh I paid $150 for this OS, the number of ads I want you to show me is *zero*.
BrianKrebs boosted
Going back to the former Twitter these days feels a little like going back to your old high school once you've graduated; everything is familiar but it's not your place anymore, and you don't necessarily want to spend more time there than you have to.
This is not to disparage people who are still using it as their primary social media outlet (I still post career news/updates there). But I am glad it's no longer the focus of my social media life. There are other places to be.
Like here! Hello!
BrianKrebs boosted
> As of this month, the Times' TOS prohibits any use of its content for "the development of any software program, including, but not limited to, training a machine learning or artificial intelligence (AI) system."
Excellent!
Every content creator Everywhere All at Once should add something similar to this to their policies immediately.
See also:
https://www.theregister.com/2023/08/08/openai_scraping_software/
BrianKrebs boosted
Over at Twitter, Musk is deleting the "Block" option except for DMs. Given the increasing numbers of extremists there, this is guaranteed to piss off all kinds of people who routinely get trolled. Based on experience and observation, journalists are among them.
When will journalists realize they should leave that vile platform, and bring their followers to better places like this one?
Maybe now?
BrianKrebs boosted
don’t let the book ban people know I found this in a drawer at the library
If you are in California, especially SoCal, be prepared: Hurricane Hilary is coming and it's expected to reach us and we'll feel the effects of it late Saturday to Monday morning. Expect heavy rain and high winds. 
