Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile 339

Mobile Accountability Data breaches Identity Theft 339

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing 311

Phishing Telecommunications Government DNS 311

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 293

Phishing Cryptocurrency DDOS Internet 293

Krebs on Security

OCTOBER 7, 2022

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. The findings came in a report released by Sen. Elizabeth Warren (D-Mass.),

Banking 288

Banking Accountability Scams Passwords 288

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Graham Cluley

JUNE 5, 2025

ⓘ MailerLite warns of phishing campaign Graham Cluley @ 4:13 pm, June 5, 2025 @grahamcluley.com @ [email protected] The team at MailerLite have contacted their customers warning them about a phishing campaign that is trying to steal login details. Sync across unlimited devices. Integrated 2FA. Sign up to our free newsletter.

Phishing 64

Phishing Accountability Passwords Hacking 64

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. GoDaddy has not disclosed the source of the breach in December 2022 that led to malware on some customer websites. In a filing with the U.S.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. The messages began at 2022-07-20 22:50 UTC.

Mobile 342

Mobile Phishing Authentication Accountability 342

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 109

Cybercrime Identity Theft Cryptocurrency Phishing 109

Tech Republic Security

APRIL 19, 2022

Phishing attacks aimed at stealing LinkedIn account credentials surged during the first quarter of 2022, says Check Point Research. The post LinkedIn was the most exploited brand in phishing attacks last quarter appeared first on TechRepublic.

Phishing 157

Phishing Accountability 157

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 338

Malware Banking Phishing DDOS 338

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Security Boulevard

DECEMBER 27, 2022

If you haven't yet received phishing emails pretending to be from Amazon, you will soon. Luckily, there are a few steps that can help protect your account and data. The post Fake Amazon Emails sent by Hackers: How to prevent Phishing Scams appeared first on Cyphere | Securing Your Cyber Sphere.

Scams 115

Scams Phishing Accountability 115

Security Affairs

FEBRUARY 19, 2025

Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian intelligence.

Phishing 81

Phishing Accountability Social Engineering Malware 81

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing 145

Phishing Accountability Hacking Scams 145

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 144

Phishing Marketing Scams Accountability 144

Security Affairs

DECEMBER 1, 2024

From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses GAI has captured the attention of researchers and investors for its transformative potential across industries. GAI is also a boon for attackers seeking financial gain.

Artificial Intelligence 132

Artificial Intelligence Phishing Media Cybercrime 132

The Last Watchdog

JULY 27, 2023

In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Phishing 186

Phishing Social Engineering Engineering Media 186

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. pic.twitter.com/BQSB2uV1JW — Life in DeFi (@lifeindefi) April 3, 2022. We have managed to take the phishing domain offline.

Phishing 136

Phishing Data breaches Cryptocurrency Social Engineering 136

Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. ” Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia [91.215.85-166]

Phishing 327

Phishing Retail Mobile Scams 327

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 83

Small Business Cybersecurity Scams Passwords 83

SecureList

SEPTEMBER 27, 2023

Unlike phishing links that are easy to check and block, QR code is a headache for security solutions. Malevolent uses of QR codes in email Fraudsters use QR codes to encode links to phishing and scam pages. The campaign was not very large scale and dwindled by around mid-2022.

Phishing 136

Phishing Passwords Accountability Scams 136

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 112

Healthcare Data breaches Identity Theft Passwords 112

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 142

Phishing Marketing Banking Technology 142

Malwarebytes

FEBRUARY 4, 2025

When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. The generative AI non-revolution The November 2022 launch of ChatGPT ushered forth a new relationship with our computers. Uhh, again, that is.

Artificial Intelligence 142

Artificial Intelligence Small Business Malware Technology 142

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing 337

Phishing Telecommunications Malware Scams 337

SecureList

NOVEMBER 23, 2022

In this research, we analyze various types of threats, such as financial malware and phishing pages mimicking the world’s biggest retail platforms, banking and payment systems, and discuss recent trends. Over the first ten months of 2022, Kaspersky prevented 38,596,555 financial phishing attacks. Methodology. Key findings.

Phishing 124

Phishing Banking Scams Retail 124

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone. .

Passwords 359

Passwords Accountability Phishing Cryptocurrency 359

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. This threat hunt identifies accounts at risk of this attack vector. Rated CVSS 9.8,

VPN 133

VPN Authentication Ransomware Risk 133

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

Phishing 315

Phishing Architecture Passwords Accountability 315

SecureWorld News

JUNE 9, 2025

Global data reveals that cyberattacks rose by 131% between 2022 and 2023 across the aviation industry, with a 74 percent increase since 2020, underscoring the profundity of this threat. An orchestrated DDoS campaign by the pro-Russia group Killnet in 2022 rendered the public websites of more than a dozen U.S.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 134

Accountability Phishing Passwords Hacking 134

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. The phishing kit market. Non-mobile statistics. Mobile statistics. Targeted attacks.

Phishing 132

Phishing Spyware Firmware Malware 132

CyberSecurity Insiders

JANUARY 25, 2023

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software.

Scams 134

Scams Software Phishing Social Engineering 134

Malwarebytes

DECEMBER 6, 2024

What made this market attractive for cybercriminals was that they could buy data sorted by region and account balance with advanced filtering options. The law enforcement investigation started in 2022 when investigators were able to track very specific information used by scammers to the specialized marketplace.

Marketing 110

Marketing Banking Encryption Phishing 110

SecureList

SEPTEMBER 6, 2022

According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave.

Mobile 132

Mobile Passwords Software Accountability 132

CyberSecurity Insiders

SEPTEMBER 20, 2022

Preliminary analysis conducted by the IT team says that the sophisticated attack could have been caused through a phishing attack launched on the HackerOne account of one of the senior IT employees of the company. The post Uber data breach 2022 Update on Lapsus$ Ransomware appeared first on Cybersecurity Insiders.

Data breaches 127

Data breaches Ransomware Cyber Attacks Accountability 127