Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. An online post by the attackers who broke into Data Viper. But on Aug.

Hacking 363

Hacking Marketing Cybercrime Accountability 363

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. A screenshot of a Discord discussion between the key Twitter hacker “Kirk” and several people seeking to hijack high-value Twitter accounts.

Hacking 348

Hacking Accountability Scams Media 348

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Malwarebytes

FEBRUARY 14, 2025

The most recent data in this database is from May 2020. Now, a cybercriminal using the monicker Jurak, leaked sensitive information related to roughly 12 million accounts, which allegedly stems from a breach that happened last year. This would be the 2nd (hacked back in 2020) major data breach for Zacks. .

Accountability 95

Accountability Data breaches Passwords Phishing 95

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 145

Accountability Hacking Banking Government 145

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. Five months later, Gunnebo disclosed it had suffered a cyber attack targeting its IT systems that forced the shutdown of internal servers.

Hacking 358

Hacking Ransomware Banking Accountability 358

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor. They can come arrest me.

Cryptocurrency 279

Cryptocurrency Accountability Hacking Mobile 279

Schneier on Security

JANUARY 28, 2019

Further, other devices also come with secret backdoor accounts that in some cases can't be removed without a firmware update. I am less optimistic about the country's ability to secure all of this stuff -- especially before the 2020 Summer Olympics. I am interested in the results of this survey.

IoT 257

IoT Government Firmware Hacking 257

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 250

Hacking Cybercrime Ransomware Government 250

The Hacker News

MAY 10, 2023

national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Department of

Hacking 124

Hacking Accountability 124

Krebs on Security

JANUARY 19, 2021

The release was granted in part due to Ferizi’s 2018 diagnosis if asthma, as well as a COVID outbreak at the facility where he was housed in 2020. He admitted to hacking a U.S.-based ” [Side note: It may be little more than a coincidence, but my PayPal account was hacked in Dec.

Identity Theft 349

Identity Theft Government Accountability Social Engineering 349

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. 10, 2020, Citrix disclosed additional details about the incident. As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly.

VPN 363

VPN Passwords Software Telecommunications 363

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile 114

Mobile Telecommunications Data breaches Hacking 114

Krebs on Security

MAY 5, 2021

Also, the apps will persist in a user’s Office 365 account indefinitely until removed, and will survive even after an account password reset. “Now, they’re compromising accounts in credible tenants first,” Proofpoint explains. A cybercriminal service advertising the sale of access to hacked Office365 accounts.

Accountability 350

Accountability Advertising Passwords Phishing 350

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

DECEMBER 23, 2024

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.

Spyware 110

Spyware Surveillance Software Hacking 110

Joseph Steinberg

DECEMBER 14, 2020

A former Cisco engineer was sentenced this past Wednesday (December 9, 2020) to 24 months in prison (and a $15,000 fine) for accessing Cisco’s network, and subsequently causing a service outage of Cisco’s WebEx Teams video conferencing service. Million in damage (including $1 Million of refunds to impacted customers and $1.4

Engineering 246

Engineering Hacking Accountability Scams 246

Krebs on Security

MARCH 15, 2021

com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 349

Passwords Accountability Hacking Data breaches 349

Security Affairs

SEPTEMBER 30, 2024

The Department of Justice charged a British national for hacking into the systems of five U.S. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. From January 2019 to May 2020, the man carried out a hack-to-trade scheme, earning over $3 million in profits.

Hacking 138

Hacking Accountability Passwords Cybercrime 138

Krebs on Security

SEPTEMBER 2, 2021

The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. Why go after hotel or airline rewards?

Accountability 349

Accountability Authentication Passwords Hacking 349

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. National Security Agency (NSA) warned on Dec. ” Indeed, the NSA’s Dec.

Software 363

Software Authentication Hacking Government 363

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering 293

Social Engineering Phishing Accountability Engineering 293

Krebs on Security

MARCH 17, 2021

In November 2020, KrebsOnSecurity heard from security researcher Abraham Vegh , who noticed something odd while inspecting an email from his financial institution. The messages from Netspend all were to confirm the email address tied to a new account, and concerned “me-to-me transfers” set up through its service.

Banking 350

Banking Accountability Software Mobile 350

SecureList

FEBRUARY 16, 2021

In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. Overall, Q4 remained within the parameters of 2020 trends. Extortionists’ activity regularly made the news throughout 2020. This trend continued in the last months of 2020.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Verified was hacked at least twice in the past five years, and its user database posted online. com (2017).

Ransomware 354

Ransomware Accountability Passwords Cybercrime 354

Krebs on Security

NOVEMBER 6, 2023

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. That same email address is now tied to a Vkontakte account for an Ivan Sherban who lists his home as Saint Petersburg, Russia.

Passwords 313

Passwords Cybercrime Accountability Hacking 313

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime 110

Cybercrime Advertising Phishing Hacking 110

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. So hopefully by this point it should be clear why re-using passwords is generally a bad idea.

Passwords 363

Passwords Password Management Phishing Scams 363

Krebs on Security

JUNE 30, 2020

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. Image: Gemini Advisory.

Banking 347

Banking Retail Hacking Cybercrime 347

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. Escaping this data collection regime has proven difficult for most people.

Scams 141

Scams Identity Theft Cybercrime Accountability 141

The Hacker News

DECEMBER 26, 2024

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020.

Accountability 134

Accountability Hacking 134

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 145

Accountability Malware Data breaches Passwords 145

Krebs on Security

JUNE 29, 2023

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Prosecutors in Northern California indicted Kislitsin in 2014 for his alleged role in stealing account data from Formspring.

Cybersecurity 303

Cybersecurity Cybercrime Hacking Government 303

Security Affairs

NOVEMBER 16, 2024

” NSO Group continued using WhatsApp exploits, including spyware called “Erised,” even after being sued for violating anti-hacking laws. 2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. .

Spyware 120

Spyware Surveillance Malware Hacking 120

Security Affairs

OCTOBER 16, 2024

Among them, it was possible to identify tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone number and city. CrowdStrike identified Luan by tracing this email, which was tied to personal accounts, GitHub edits, domain registrations, and social media profiles.

Data breaches 128

Data breaches Media Cybercrime Accountability 128

Krebs on Security

APRIL 28, 2020

But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams 363

Scams Banking Accountability Financial Services 363