Krebs on Security

FEBRUARY 8, 2021

2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. That vulnerability was documented in more detail at exploit archive Packet Storm Security in March 2020 and indexed by Check Point Software in May 2020, suggesting it still persists in current versions of the product.

Phishing 267

Phishing Scams Banking Mobile 267

Krebs on Security

NOVEMBER 6, 2023

2020, Apathyp sent a private message on Verified to the owner of a stolen credit card shop, saying his credentials no longer worked. .” But the triploo@mail.ru account isn’t connected to much else that’s interesting except a now-deleted account at Vkontakte , the Russian answer to Facebook. However, in Sept.

Passwords 232

Passwords Cybercrime Accountability Hacking 232

Krebs on Security

APRIL 4, 2024

There is no indication these are the real names of the phishers, but the names are useful in pointing to other sites targeting Privnote since 2020. A search at DomainTools.com for privatenote[.]io io shows it has been registered to two names over as many years, including Andrey Sokol from Moscow and Alexandr Ermakov from Kiev.

Phishing 213

Phishing Cryptocurrency DDOS Internet 213

Krebs on Security

JANUARY 29, 2022

But by the spring of 2020, it was clear that Devos and others involved in the shipping project had been tricked, and that all the money which had been paid to Bernard — an estimated NOK 15 million (~USD $1.67 Another investor, a Belgian named Guy Devos , contributed the remaining $750,000. million) — had been lost.

Scams 257

Scams Technology Web Fraud 257

Krebs on Security

OCTOBER 15, 2022

“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero, a cryptoasset offering heightened anonymity,” Robinson said. “The launch of Antinalysis likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds.” ”

Cryptocurrency 228

Cryptocurrency Marketing Cybercrime Technology 228

Krebs on Security

AUGUST 4, 2022

The FBI says that represents a 74 percent increase in losses over losses reported in 2020. .” In 2021, more than 92,000 victims over the age of 60 reported losses of $1.7 billion to the FBI’s Internet Crime Complaint Center (IC3).

Banking 286

Banking Scams Accountability Passwords 286

Krebs on Security

NOVEMBER 21, 2020

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020. This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

JANUARY 30, 2024

The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software. As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Social Engineering 315

Social Engineering Mobile Cybercrime Passwords 315

Krebs on Security

AUGUST 16, 2022

” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. . “Is there one person from our community that think sending cease and desist letter to a hackers forum operator is a good idea?,” “Who does it?

Data breaches 257

Data breaches Banking Cybercrime Marketing 257

Krebs on Security

AUGUST 13, 2021

“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero , a cryptoasset offering heightened anonymity,” he wrote. Robinson says the creator of Antinalysis is also one of the developers of Incognito Market , a darknet marketplace specializing in the sale of narcotics.

Cryptocurrency 301

Cryptocurrency Marketing Ransomware Financial Services 301

Krebs on Security

APRIL 7, 2022

billion euros in 2020 alone. Also this week, German authorities seized the server infrastructure for the Hydra Market, a bustling underground market for illegal narcotics, stolen data and money laundering that’s been operating since 2015. In a statement on the Hydra takedown , the U.S.

Marketing 243

Marketing Energy and Utilities Malware Ransomware 243

Security Boulevard

FEBRUARY 25, 2021

Labor Department's inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That's a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year.

Insurance 64

Insurance Web Fraud 64

Krebs on Security

AUGUST 9, 2021

com says the domain was abandoned or dormant for a period in 2019, only to be scooped up again by someone in May 2020 when it became a phishing site spoofing the real BriansClub. Billionaire did not respond to multiple requests for comment, but it looks like his only crime is being a somewhat cringeworthy DJ.

Phishing 354

Phishing Cybercrime Accountability Advertising 354

Krebs on Security

FEBRUARY 24, 2023

Before that, the resume says he was operations manager of TikTok’s Middle East and North Africa region for approximately seven months ending in April 2020. Abdalla Khafagy’s LinkedIn profile says he was “global director of community” at Crypto.com for about a year ending in January 2022.

Accountability 226

Accountability Advertising Marketing Malware 226

Krebs on Security

AUGUST 30, 2022

Twitter accelerated its plans to improve employee authentication following the July 2020 security incident , wherein several employees were phished and relieved of credentials for Twitter’s internal tools. 2021 post about the change. ”

Mobile 288

Mobile Phishing Authentication Accountability 288

Krebs on Security

JULY 10, 2022

Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account. John Turner is a software engineer based in Salt Lake City.

Accountability 313

Accountability Passwords Authentication Password Management 313

Krebs on Security

FEBRUARY 4, 2021

Indeed, the leaked OGUsers databases — which include private messages on the forum prior to June 2020 — offer a small window into the overall value of the hijacked social media account industry. In his posts, Beam says he has brokered well north of 10,000 transactions.

Accountability 299

Accountability Hacking Media Mobile 299

Krebs on Security

APRIL 30, 2020

In a report published today, the company said since late March 2020 it has observed several crooks complaining about COVID-19 interfering with the daily activities of their various money mules (people hired to help launder the proceeds of cybercrime). ” Alex Holden , founder and CTO of Hold Security , agreed.

Cybercrime 306

Cybercrime Computers and Electronics Marketing Scams 306

Krebs on Security

APRIL 28, 2020

” The incident Jim described happened in late January 2020, and Citi may have changed its procedures since then. . “I was appalled that Citi would do that. So, it seemed the crooks would spoof caller ID when calling Citibank, as well as when calling the target/victim. The company has not yet responded to requests for comment.

Scams 358

Scams Banking Accountability Financial Services 358

Krebs on Security

JANUARY 24, 2020

13, 2020, which was the date the fraudsters got around to changing the domain name system (DNS) settings for e-hawk.net. But as we’ll see in a moment, there are other security precautions that can and do help if your domain somehow ends up getting hijacked. Dijkxhoorn said his company first learned of the domain theft on Jan.

DNS 263

DNS Social Engineering Engineering Accountability 263

Security Boulevard

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites.

Hacking 52

Hacking Phishing Media Malware 52

Krebs on Security

APRIL 27, 2022

” The 30-year-old Donahue said he left the FBI in April 2020 to start Kodex because it was clear that social media and technology companies needed help validating the increasingly large number of law enforcement requests domestically and internationally. Apple’s compliance with EDRs was 93 percent worldwide in 2020.

Mobile 182

Mobile Government Media Technology 182

Krebs on Security

JULY 29, 2021

22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. Allison Nixon , chief research officer with New York City-based cyber intelligence firm Unit221B , recalled what happened in the weeks leading up to Dec.

Passwords 355

Passwords Password Management Phishing Scams 355

Krebs on Security

SEPTEMBER 4, 2022

2020 story from The Press of Atlantic City , a then 19-year-old Patrick McGovern Allen was injured after driving into a building and forcing residents from their home. . “If you live near here and can brick them, dm [address omitted] Richland, WA,” reads another from that same day. McGovern-Allen was in the news not long ago.

Government 55

Government Accountability Cryptocurrency Web Fraud 55

Krebs on Security

JUNE 6, 2023

Launched in 2020, websites under the banner of the Impulse Scam Crypto Project are all essentially “advanced fee” scams that tell people they have earned a cryptocurrency investment credit. The crypto scam affiliate program “Project Impulse,” advertising in 2021.

Accountability 209

Accountability Scams Cryptocurrency Advertising 209

Krebs on Security

SEPTEMBER 5, 2023

The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software. As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Cryptocurrency 348

Cryptocurrency Passwords Encryption Accountability 348

Krebs on Security

APRIL 11, 2022

This is hardly the first time scammers have impersonated Wood or ARKinvest; a tweet from Wood in 2020 warned that the company would never use YouTube, Twitter, Instagram or any social media to solicit money. billion stolen by scammers in 2020, the report found. The ark-x2[.]org According to the U.S.

Scams 190

Scams Cryptocurrency Media Hacking 190

Krebs on Security

FEBRUARY 2, 2021

16, 2020, several of Joker’s long-held domains began displaying notices that the sites had been seized by the U.S. ValidCC’s demise comes close on the heels of the shuttering of Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data. Department of Justice and Interpol.

Cybercrime 206

Cybercrime Media Accountability Hacking 206

Krebs on Security

OCTOBER 8, 2020

” From other classified ads he posted in August and September 2020, it seems clear Dr. Samuil’s team has some kind of privileged access to financial data on targeted companies that gives them a better idea of how much cash the victim firm may have on hand to pay a ransom demand. . “This helps everyone involved to save time.

Cybercrime 305

Cybercrime VPN Malware Penetration Testing 305

Krebs on Security

SEPTEMBER 2, 2021

” In a December 2020 blog post about how Microsoft is moving away from passwords to more robust authentication approaches, the software giant said an average of one in every 250 corporate accounts is compromised each month.

Accountability 288

Accountability Authentication Passwords Hacking 288

Krebs on Security

FEBRUARY 9, 2022

K in January 2020. Flashpoint said the recent arrests represent the first major actions against Russia-based cybercriminals since March 2020, when the FSB detained more than thirty members of an illicit carding operation , charging twenty-five of them with “illegal circulation of means of payment.” It was seized by Dept.

Cybercrime 234

Cybercrime Identity Theft Marketing Retail 234

Krebs on Security

FEBRUARY 25, 2021

Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5

Scams 311

Scams Insurance DDOS Authentication 311