Security Boulevard

JUNE 27, 2025

While this activity has been limited to distributed-denial-of-service (DDoS) attacks, there have also been recent reports of an increase in targeted phishing attacks. CVE Description CVSSv3 Score VPR CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability 7.8 finance, defense, and energy sectors.

Accountability 58

Accountability Passwords Authentication Energy and Utilities 58

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). put him on a terror watch list after he traveled to Syria in 2017.

Cybercrime 306

Cybercrime Mobile Media Telecommunications 306

Centraleyes

MARCH 3, 2025

The New York Department of Financial Services (DFS) Cybersecurity Regulation, introduced in 2017, was groundbreaking, setting a high bar for financial institutions. Account numbers or credit/debit card numbers that could enable unauthorized transactionseven without a security code. predating similar efforts in many other jurisdictions.

Data breaches 52

Data breaches Risk Financial Services Data privacy 52

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. ” A copy of the indictment is available here.

Hacking 341

Hacking Identity Theft Government Phishing 341

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. million from 158 Poloniex users, and $1.17

Cryptocurrency 363

Cryptocurrency Phishing Accountability Cybercrime 363

Krebs on Security

AUGUST 9, 2021

That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. com, and was wondering when the funds would be reflected in the balance of his account on the shop. Shortly after it came online as a phishing site last year, BriansClub[.]com

Phishing 363

Phishing Cybercrime Accountability Advertising 363

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. The text messages contained a link to unlock their accounts and led customers to a Web site that mimicked the legitimate Fifth Third site. Image: Mastercard.us.

Phishing 278

Phishing Banking Scams Accountability 278

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Phishing 311

Phishing Passwords Accountability Authentication 311

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing 254

Phishing Authentication Mobile Passwords 254

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 364

Phishing VPN Social Engineering Media 364

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 349

Hacking Social Engineering Phishing Scams 349

Schneier on Security

NOVEMBER 13, 2017

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. billion credentials exposed by third-party breaches. The report.

Phishing 194

Phishing Marketing Passwords Accountability 194

Malwarebytes

JANUARY 6, 2022

As early as 2017, cybercriminals have been incorporating capabilities to defeat 2FA into their kits. Academics from Stony Brook University and Palo Alto Networks—namely Brian Kondracki, Babak Amin Azad, Nick Nikiforakis, and Oleksii Starov—have found at least 1,200 phishing kits online capable of capturing or intercepting 2FA security codes.

Phishing 140

Phishing Authentication Accountability Data breaches 140

Krebs on Security

APRIL 11, 2019

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. Many readers have expressed confusion or skepticism about how Security Keys can prevent users from getting hooked by phishing sites or clever man-in-the-middle attacks.

Mobile 278

Mobile Authentication Passwords Accountability 278

Security Affairs

JULY 2, 2019

US Cyber Command posted on Twitter an alert about cyber attacks exploiting the CVE-2017-11774 vulnerability in Outlook. Yesterday I was using Twitter when I noticed the following alert issued by the account managed by the US Cyber Command : USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching.

Energy and Utilities 110

Energy and Utilities Malware InfoSec Advertising 110

Security Affairs

APRIL 25, 2019

Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses. ” reads the post published by Proofpoint.

Phishing 110

Phishing Advertising Accountability Cybercrime 110

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours. Gone in 24 Hours.

Phishing 139

Phishing Accountability Financial Services Cloud Migration 139

Security Affairs

FEBRUARY 25, 2022

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. ua-passport[.]space

Phishing 125

Phishing Social Engineering Government Accountability 125

Krebs on Security

SEPTEMBER 6, 2021

The Manipulaters’ core brand in the underground is a shared cybercriminal identity named “ Saim Raza ,” who for the past decade across dozens of cybercrime sites and forums has peddled a popular spamming and phishing service variously called “ Fudtools ,” “ Fudpage ,” “ Fudsender ,” etc.

Software 340

Software Phishing Cybercrime Accountability 340

Krebs on Security

AUGUST 25, 2023

And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.

Mobile 246

Mobile Cyber Risk Cryptocurrency Data breaches 246

Krebs on Security

JULY 25, 2018

The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. According to LifeLock’s marketing literature as of January 2017, the company has more than 4.5

Identity Theft 202

Identity Theft Consumer Protection Phishing Marketing 202

Krebs on Security

AUGUST 12, 2018

.” Organized cybercrime gangs that coordinate unlimited attacks typically do so by hacking or phishing their way into a bank or payment card processor. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Banking 240

Banking Accountability Phishing Authentication 240

SecureList

MAY 3, 2021

Banking phishing: new version of an old scheme. Clients of several Dutch banks faced a phishing attack using QR codes. The links in their messages took the victim to a well-designed phishing pages with official emblems, business language and references to relevant laws. Quarterly highlights. Vaccine with cyberthreat.

Phishing 132

Phishing Banking Accountability Computers and Electronics 132

Krebs on Security

APRIL 18, 2019

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro , India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant , new evidence suggests. Image: urlscan.io.

Retail 264

Retail Phishing Antivirus Internet 264

Krebs on Security

JULY 24, 2018

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards. million total. Between Jan.

Banking 202

Banking Insurance Computers and Electronics Cyber Insurance 202

Elie

NOVEMBER 9, 2017

Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account.

Data breaches 112

Data breaches Phishing Risk Malware 112

Hacker Combat

SEPTEMBER 6, 2021

Hackers took advantage of the mishap to gain unauthorized access to email accounts and lots of customer’s data was exposed. SEC insisted Cetera was responsible for exposing the personal data of more than 4,300 clients and customers between 2017 November and 2020 June. Often, hackers use phishing emails to target employees.

Accountability 125

Accountability Hacking Financial Services Data breaches 125

Krebs on Security

APRIL 7, 2022

The other indictment named Russians affiliated with a skilled hacking group known as “Triton” or “Trisis,” which infected a Saudi oil refinery with destructive malware in 2017, and then attempted to do the same to U.S. energy facilities. and international companies and entities, including U.S. ” HYDRA. .

Marketing 328

Marketing Energy and Utilities Malware Ransomware 328

Security Affairs

DECEMBER 1, 2019

Over 90 percent of the users identified by Google were targeted via “credential phishing emails” that attempt to trick victims into providing their password or other account credentials to hijack their Google account. It doesn’t mean that hackers successfully compromised their Google accounts.

Phishing 145

Phishing Accountability Advertising Cyber Attacks 145

Krebs on Security

MARCH 2, 2020

HYAS said given the entities compromised — and that only a handful of known compromises occurred outside of France — there’s a strong possibility this was the result of an orchestrated phishing campaign targeting French infrastructure firms. There is a third Skype account nicknamed “Fatal.001”

DNS 334

DNS Penetration Testing Malware Hacking 334

Security Affairs

MARCH 18, 2019

million phishing ads for violation of its policies. million phishing ads. Google also revealed it was able to identify threat actors behind bad ads with the help of improved machine learning technology, it terminated nearly one million bad advertiser accounts. phishing ads appeared first on Security Affairs.

Phishing 108

Phishing Advertising Scams Cryptocurrency 108

Troy Hunt

JANUARY 8, 2019

Here's a perfect example of what I'm talking about, this one eventually triggering an email to me just last week: Let's imagine you're the first person on the list; you get a notification from HIBP, you check out the paste and see your Hotmail account listed there alongside your Spotify password and the plan you're subscribed to.

Hacking 262

Hacking Passwords Accountability Data breaches 262

SecureList

FEBRUARY 9, 2022

Our Anti-Phishing system blocked 253 365 212 phishing links. Safe Messaging blocked 341 954 attempts to follow phishing links in messengers. The subject of investments gained significant relevance in 2021, with banks and other organizations actively promoting investment and brokerage accounts. Trends of the year.

Phishing 98

Phishing Scams Accountability Banking 98

Security Affairs

MARCH 25, 2024

Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm , TEMP.Zagros , TA450, and Static Kitten ) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems. sender account.

Phishing 141

Phishing Social Engineering Telecommunications Accountability 141

Krebs on Security

NOVEMBER 23, 2018

I later received an email from the seller, who said his Amazon account had been hacked and abused by scammers to create fake sales. But this assurance may ring hollow if you wake up one morning to find your checking accounts emptied by card thieves after shopping at a breached merchant with a debit card. CHCEK THE SHIPPING.

Scams 279

Scams Wireless Phishing Banking 279

Krebs on Security

MAY 16, 2019

They’re also related to the 2016 arrest of Krasimir Nikolov , a 47-year-old Bulgarian man who was extradited to the United States to face charges for allegedly cashing out bank accounts that were compromised by the GozNym malware. Prosecutors say Nikolov, a.k.a. Also charged was 28-year-old Muscovite Konstantin Volchkov , a.k.a.

Cybercrime 251

Cybercrime Banking Small Business Computers and Electronics 251

The Last Watchdog

AUGUST 18, 2021

billion in 2017; Avast acquired AVG for $1.3 There are simple steps consumers can take today, for free, to lower their overall risk of a cyber attack, including using multi-factor authentication for their accounts and using strong passwords. A lot of water has flowed under the bridge since then. billion in 2016, for instance.

Antivirus 223

Antivirus Marketing Identity Theft Social Engineering 223