2022, Accountability, Hacking and Web Fraud

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

men have been charged with hacking into a U.S. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. federal government portal without authorization. ” Image: USDOJ.

Hacking

Hacking Government Media Accountability

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. GoDaddy’s latest SEC filing indicates the company had nearly 7,000 employees as of December 2022.

Hacking

Hacking Social Engineering Phishing Scams

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary.

Mobile

Mobile Phishing Authentication Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. Department of Defense. USDoD’s InfraGard sales thread on Breached.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Security Boulevard

MARCH 14, 2023

men have been charged with hacking into a U.S. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. The post Two U.S.

Hacking

Hacking Government Accountability Web Fraud

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. KrebsOnSecurity last month interviewed a victim who recently saw more than three million dollars worth of cryptocurrency siphoned from his account.

Passwords

Passwords Encryption Password Management Cryptocurrency

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. “We’ve reviewed the ads in question, removed those that violated our policies, and suspended the associated accounts. billion ads in 2022, and restricted more than 4.3 million advertiser accounts.

Software

Software Advertising Malware Accountability

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. The various “iboss” email accounts appear to have been shared by multiple parties.

Malware

Malware Cybercrime Internet Internet

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability

Accountability Passwords Authentication Password Management

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The account didn’t resume posting on the forum until April 2014. Reached via LinkedIn, Mr. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014.

Accountability

Accountability Advertising Marketing Malware

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. re is was one of the original “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for his/her Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web.

Cybercrime

Cybercrime Software VPN Backups

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device. That Weibo post has since been deleted.

Malware

Malware eCommerce Mobile Media

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

On August 3, 2022, someone using the alias “ Holistic-K1ller ” posted on Breached a thread selling data allegedly stolen from Grupo Financiero Banorte , Mexico’s second-biggest financial institution by total loans. There was no reason to believe Holistic-K1ller had fabricated their breach claim.

Data breaches

Data breaches Banking Cybercrime Marketing

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. 2022 closure of LuxSocks , another malware-based proxy network. ”

VPN

VPN Computers and Electronics Antivirus Software

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices. Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication. healthcare organizations.

Healthcare

Healthcare Backups Ransomware Insurance

Cyber Security Informer

Two U.S. Men Charged in 2022 Hacking of DEA Portal

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

Trending Sources

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Webinars

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Using Google Search to Find Software Can Be Risky

No SOCKS, No Shoes, No Malware Proxy Services!

Experian, You Have Some Explaining to Do

Who’s Behind the Botnet-Based Service BHProxies?

Interview With a Crypto Scam Investment Spammer

911 Proxy Service Implodes After Disclosing Breach

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

When Efforts to Contain a Data Breach Backfire

A Deep Dive Into the Residential Proxy Service ‘911’

New Ransom Payment Schemes Target Executives, Telemedicine

Stay Connected