Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Richard Sanders is a blockchain analyst and investigator who advises the law enforcement and intelligence community.

Cryptocurrency 287

Cryptocurrency Banking Cybercrime Advertising 287

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Amazon was compromised in May, 2023 via a MoveIT 0day exploit.

Data breaches 123

Data breaches Hacking Ransomware Technology 123

Krebs on Security

DECEMBER 4, 2024

Matveev’s hacker identities were remarkably open and talkative on numerous cybercrime forums. image: x.com/vxunderground The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest. “Mother Russia will help you.

Cybercrime 250

Cybercrime Ransomware Cryptocurrency Government 250

Krebs on Security

APRIL 30, 2025

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. The Justice Department’s complaint against Buchanan makes no mention of the 2023 ransomware attack.

Identity Theft 194

Identity Theft Phishing Cryptocurrency Cybercrime 194

Security Affairs

DECEMBER 8, 2024

On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. In 2023, upon discovering the cyber attack, the Anna Jaques Hospital took the impacted systems down and launched an investigation into the security breach. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients.

Data breaches 114

Data breaches Insurance Healthcare Ransomware 114

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023.

Cybercrime 138

Cybercrime Internet Internet Scams 138

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Retail 273

Retail Advertising Cryptocurrency Cybercrime 273

SecureWorld News

MAY 14, 2025

The FBI's Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report, marking a record-breaking year in cybercrime. billion in reported losses, a 33% increase from 2023, underscoring the escalating threat landscape faced by individuals and organizations alike. The report highlights a staggering $16.6

Cybercrime 73

Cybercrime Scams Internet Internet 73

Security Affairs

MAY 13, 2025

He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting Dutch companies. “He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands.” million euros.”

Ransomware 105

Ransomware Cybercrime Malware Banking 105

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina.

Identity Theft 267

Identity Theft Phishing Cryptocurrency Accountability 267

Penetration Testing

NOVEMBER 4, 2024

Netcraft’s latest research details HookBot, a sophisticated Android-based banking Trojan that’s steadily advancing its footprint in the cybercrime world.

Cybercrime 119

Cybercrime Banking Cybersecurity Penetration Testing 119

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. “In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” ” reported News4Jax.

Cybercrime 64

Cybercrime Identity Theft Social Engineering Hacking 64

Security Affairs

OCTOBER 14, 2024

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. These are two of the largest and longest-running dark web platforms for the trade of illegal goods, drugs, and cybercrime services.

Marketing 124

Marketing Cybercrime DDOS Cryptocurrency 124

Krebs on Security

MAY 15, 2025

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick , a.k.a. Image: Ke-la.com.

Healthcare 216

Healthcare Insurance Data breaches Government 216

Krebs on Security

SEPTEMBER 13, 2023

The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. But on Sept. defense contractors.

Cybercrime 343

Cybercrime Passwords Authentication Malware 343

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Krebs on Security

NOVEMBER 9, 2024

For example, in its most recent transparency report (PDF) Verizon said it received more than 127,000 law enforcement demands for customer data in the second half of 2023 — including more than 36,000 EDRs — and that the company provided records in response to approximately 90 percent of requests.

Hacking 293

Hacking Accountability Government Social Engineering 293

Krebs on Security

MAY 29, 2025

The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025. -based cloud providers before redirecting to malicious or phishous websites. cloud providers. The homepage of Stark Industries Solutions.

134

134

Security Affairs

OCTOBER 16, 2024

. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on the Tor network since 2023, in cooperation with the Swedish police, and confiscated their contents. The darknet market has been active since February 2023, it was used by criminals to sell narcotics anonymously.

Marketing 118

Marketing Cybercrime Scams Hacking 118

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 343

Hacking Phishing Cybercrime Passwords 343

Krebs on Security

MARCH 17, 2023

Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. Pompompurin has been something of a nemesis to the FBI for several years. In April 2022, U.S.

Data breaches 356

Data breaches Cybercrime Insurance Internet 356

Security Affairs

AUGUST 23, 2024

court for his role in the Karakurt cybercrime gang. court for his role in the Russian Karakurt cybercrime gang. The man was arrested in Georgia in December 2023 and recently extradited to the U.S. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, cybercrime)

Cybercrime 120

Cybercrime VPN Cryptocurrency Hacking 120

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 118

Cybercrime Phishing Malware Cybersecurity 118

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. in cybercrime forum. On March 28, 2023, “Stupor” advertised an AV killer tool for $10,000 on xss[.]is, Similar ads by users “killerAV” and “lefroggy” appeared on the RAMP and xss[.]is

Advertising 139

Advertising Cybercrime Hacking Ransomware 139

Security Affairs

JANUARY 11, 2025

An international law enforcement operation conducted by the Netherlands Financial Intelligence and Investigative Service, Finlands National Bureau of Investigation, and the FBI led to the seizure of Sinbad.ios infrastructure in November 2023. were allegedly used for laundering funds from ransomware and cybercrimes. Blender.io

Cybercrime 70

Cybercrime Cryptocurrency Hacking Ransomware 70

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

Krebs on Security

MAY 7, 2025

The authorities called it “the biggest money laundering case in the history of Pakistan,” and named a number of businesses based in Texas that allegedly helped move the proceeds of cybercrime. Moiz told KrebsOnSecurity he stopped working for 360 Digital Marketing in the summer of 2023.

Scams 268

Scams Marketing Advertising Technology 268

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 115

Data breaches Cybercrime Cyber Insurance Marketing 115

Tech Republic Security

JUNE 29, 2023

A new report from Kaspersky reveals the top cyber threats for SMBs in 2023. The post Kaspersky’s New Report Reveals the Top Cyber Threats for SMBs in 2023 appeared first on TechRepublic. Read more about it and how to protect organizations from it.

Cyber threats 167

Cyber threats Scams Phishing Cybercrime 167

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking 257

Hacking Government Identity Theft Accountability 257

Security Affairs

MAY 3, 2025

The Rhysida ransomware group has been active since May 2023. In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks. The report includes IOCs and TTPs identified through investigations as recently as September 2023. The victims of the group are targets of opportunity.

Government 122

Government Ransomware Hacking Manufacturing 122

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. Image: KrebsOnSecurity.

Marketing 363

Marketing Passwords Cybercrime Banking 363

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government 137

Government Surveillance Ransomware Cybercrime 137

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 132

Phishing Banking Mobile Scams 132

SecureWorld News

NOVEMBER 14, 2024

Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. As of the first three quarters of 2024, there were already 264 ransomware incidents affecting healthcare providers—nearly matching all of 2023's figures.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Security Affairs

AUGUST 20, 2024

Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported.

Data breaches 116

Data breaches Cybercrime Financial Services Hacking 116

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. He faces a maximum of 20 years in prison, and is currently scheduled to be sentenced on April 27, 2023.

Cybercrime 295

Cybercrime Advertising IoT Malware 295