Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. A DIRECT QUOT The domain quot[.]pw

Scams 243

Scams DDOS Cryptocurrency Accountability 243

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 88

Accountability Phishing Authentication Architecture 88

Security Affairs

JUNE 8, 2022

“The SSNDOB administrators created advertisements on darkweb criminal forums for the Marketplace’s services, provided customer support functions, and regularly monitored the activities of the sites, including monitoring when purchasers deposited money into their accounts.” ” reads the press release published by DoJ.

Cybercrime 91

Cybercrime Cryptocurrency Marketing Advertising 91

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. Twitter confirmed that the recent data breach that exposed data of 5.4 At the end of July, a threat actor leaked data of 5.4

Accountability 104

Accountability Data breaches Authentication Media 104

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc.

Accountability 83

Accountability Data breaches Passwords Advertising 83

Security Affairs

AUGUST 12, 2019

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground. How to check if your account has been compromised? Pierluigi Paganini.

Accountability 80

Accountability Data breaches Passwords Cybercrime 80

Security Affairs

JUNE 9, 2023

The BTC-e virtual currency is popular in the cybercrime underground because it was used by crooks to launder funds for illegal activities. “Under the guise of the Advertising Contract, in order to conceal and liquidate the bitcoins stolen from Mt. . ” reads the DoJ. ” reads the DoJ.

Hacking 85

Hacking Cryptocurrency Advertising Banking 85

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 105

Banking Accountability Mobile Cryptocurrency 105

Security Affairs

APRIL 24, 2020

Nintendo has disconnected the NNID legacy login system from main Nintendo profiles after it has discovered a massive account hijacking campaign. The gaming giant Nintendo announced that hackers gained accessed at least 160,000 user accounts as part of an account hijacking campaign since early April. ” reported ZDNet.

Accountability 98

Accountability Passwords Data breaches Advertising 98

Security Affairs

OCTOBER 5, 2020

According to the SonntagsZeitung , the Basel public prosecutor’s office confirmed that hackers compromised the systems at the universities, then the threat actors hijacked the employee salary transfers by changing the beneficiaries’ accounts. It added that part of the misappropriated funds was now in foreign accounts.”

Advertising 144

Advertising Phishing Cybercrime Hacking 144

Security Affairs

APRIL 14, 2024

The RAT allowed customers to access and control their victims’ computers remotely, its author advertised its stealing capabilities. He is accused of advertising and selling the Hive remote access trojan (RAT) on the “Hack Forums” website. . ” reported the DoJ. ” continues DoJ. . ” continues DoJ.

Computers and Electronics 107

Computers and Electronics Advertising Cryptocurrency Malware 107

Security Affairs

OCTOBER 18, 2020

. “Comprised of several layers of members mainly from Latvia, Georgia, Bulgaria, Romania, and Belgium, the QQAAZZ network opened and maintained hundreds of corporate and personal bank accounts at financial institutions throughout the world to receive money from cybercriminals who stole it from accounts of victims.”

Malware 106

Malware Banking Cryptocurrency Cybercrime 106

Security Affairs

MAY 2, 2023

Exchange services were advertised on closed hacker forums.” ” Many of these services are advertised on cybercrime forums, the services were offering support in both Russian and English. .” states the press release published by the Ukraine’s Cyber Police.

Cybercrime 88

Cybercrime Cryptocurrency Advertising Education 88

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. companies for customers’ personal information.” which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. Social Security Numbers, dates of birth, and victim addresses.

Cybercrime 113

Cybercrime Advertising Hacking Accountability 113

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The experts observed a phishing campaign using a malicious attachment disguised as an account confirmation request in the form of a PDF file.

Cybercrime 87

Cybercrime Malware Education Phishing 87

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. Many of these services are advertised on online forums dedicated to discussing criminal activity.

VPN 116

VPN Cybercrime Advertising Accountability 116

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime 88

Cybercrime Malware Hacking Accountability 88

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. The authorities arrested tens of individuals in Spain and Romania. .

Banking 113

Banking Cybercrime Mobile Accountability 113

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. The figure that most of all capture our attention is that victims of cybercrime activities lost $3.5 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Internet 110

Internet Internet Scams Cybercrime 110

Security Affairs

MARCH 15, 2020

A cybercrime gang focused on Business Email Compromise (BEC) has started using coronavirus-themed scam emails in its attacks. The researchers received a coronavirus-themed scam email that attempted to trick victims into using a different bank account for the payment due to the COVID-19 outbreak. A change of the bank account).

Scams 106

Scams Banking Cybercrime Advertising 106

Security Affairs

SEPTEMBER 22, 2020

The Wall Street Market marketplace was considered one of the most important points of aggregation in the cybercrime underground for trading in cocaine, heroin, cannabis and amphetamines as well as digital goods (i.e. ” the Head of Europol’s European Cybercrime Centre (EC3) , Edvardas Šileris said.

Cybercrime 131

Cybercrime Advertising Marketing Internet 131

Security Affairs

FEBRUARY 16, 2021

Experts pointed out that attacks abusing the ngrok platform are hard to detect because connections to subdomains of ngrok.com are not filtered by security measures. Experts provided a list of ngrok -based attacks conducted by cybercrime organizations and nation-stated actors such as Fox Kitten and Pioneer Kitten APT groups.

Phishing 125

Phishing Cybercrime Mobile Internet 125

Security Affairs

APRIL 14, 2023

The threat actors also attempted to sell the stolen data on the BreachForums cybercrime forum that was recently shut down by law enforcement. “In the last 24 hours we became aware of a dump of the Kodi user forum (MyBB) software being advertised for sale on internet forums. This post confirms that a breach has taken place.”

Data breaches 91

Data breaches Backups Passwords Accountability 91

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. In some cases, the man manually chacked the stolen information. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability 101

Accountability Banking Advertising Data collection 101

Security Affairs

AUGUST 18, 2020

Ukrainian authorities arrested the members of a cybercrime gang who ran 20 cryptocurrency exchanges involved in money laundering. Police in Ukraine announced the arrest of the members of a cybercrime gang composed of three individuals who ran 20 cryptocurrency exchanges used in money laundering activities. Pierluigi Paganini.

Cryptocurrency 104

Cryptocurrency Computers and Electronics Cybercrime Digital transformation 104

Security Affairs

SEPTEMBER 3, 2019

The OLB bank confirmed that the incident is not the result of a data breach, it also speculates the involvement of an “organized cybercrime involving counterfeit cards and terminals.” “Nor has any account or card data been hacked either at Mastercard, OLB or at a third party. SecurityAffairs – OLB bank, cybercrime).

Banking 85

Banking Cybercrime Advertising Scams 85

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware 136

Ransomware Malware Advertising Cybercrime 136

Security Affairs

OCTOBER 11, 2022

.” The toolkit provides templates for a broad range of targets, including Chinese and Russian organizations, which is quite uncommon in the cybercrime ecosystem. Caffeine is advertised on multiple cybercrime underground forums, its subscription models are more expensive compared with other PhaaS platforms.

Phishing 89

Phishing Cybercrime Accountability Advertising 89

Security Affairs

FEBRUARY 22, 2022

The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services. Once obtained the data, crooks used it to empty their victims’ bank accounts.

Phishing 81

Phishing Banking Mobile Telecommunications 81

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. Nikulin also hacked into an employee account of a Formspring engineer and used it to access the company network between June 13, 2012, and June 29, 2012.

Hacking 77

Hacking Cybercrime Data breaches Advertising 77

Security Affairs

APRIL 6, 2022

The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. The platform specialized in the sale of drugs – although listings on the site also included forged documents, data (such as credit card information) and digital services.”

Marketing 89

Marketing Cybercrime Advertising Hacking 89

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 90

Mobile Cryptocurrency Authentication Accountability 90

Security Affairs

APRIL 6, 2022

The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. The platform specialized in the sale of drugs – although listings on the site also included forged documents, data (such as credit card information) and digital services.”

Marketing 102

Marketing Cybercrime Advertising Hacking 102

Security Affairs

MARCH 16, 2020

In response to the incident, Open Exchange Rates has forced a password reset for all accounts created before March 2, 2020. Open Exchange Rates recommends users to generate new API IDs using the account dashboard to access the service. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 105

Data breaches Passwords Advertising Accountability 105

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. The threat actors infected at least 8.9

Mobile 86

Mobile Advertising Malware Cybercrime 86

Security Affairs

OCTOBER 3, 2019

Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. With this resource, it was possible to buy activated accounts in large numbers to various mail resources, social networks, payment systems and more. “Cyber ??

Cybercrime 88

Cybercrime VPN Advertising Accountability 88

Security Affairs

OCTOBER 13, 2022

Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. Mod apps are advertised as unofficial versions of legitimate apps that have features that the official one does not supports. ” reported Kaspersky.

Mobile 105

Mobile Accountability Advertising Antivirus 105