Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” A phishing message targeting FTX users that went out en masse today.

Mobile 198

Mobile Cyber Risk Cryptocurrency Data breaches 198

Malwarebytes

MARCH 19, 2024

For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. Katz pleaded guilty before Chief U.S.

Social Engineering 138

Social Engineering Computers and Electronics Mobile Identity Theft 138

Security Boulevard

MAY 27, 2021

Are you doing enough to prevent scammers from hijacking your social media accounts? The post Cryptocurrency scam attack on Twitter reminds users to check their app connections appeared first on The State of Security.

Cryptocurrency 85

Cryptocurrency Scams Media Accountability 85

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency 102

Cryptocurrency Phishing Accountability Passwords 102

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency 246

Cryptocurrency Mobile Authentication Accountability 246

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 125

Password Management Cryptocurrency Passwords Authentication 125

The State of Security

MAY 27, 2021

Are you doing enough to prevent scammers from hijacking your social media accounts? Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 131

Cryptocurrency Scams Media Authentication 131

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com. 2, and Aug. According to an Aug.

Mobile 291

Mobile Phishing Authentication Accountability 291

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. 9, 2024, U.S. Twilio disclosed in Aug.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 106

Banking Accountability Mobile Cryptocurrency 106

Malwarebytes

FEBRUARY 7, 2024

I reached out to the person that owns the account to find out if he knew how his account got compromised. These apps would then spread further from the compromised user account. If you find your account has posted a message like this, you should assume that someone else has full control over your Facebook account.

Scams 137

Scams Passwords Identity Theft Accountability 137

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 107

Authentication Social Engineering Phishing Banking 107

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. “Most of the observed malware was capable of stealing both user passwords and cookies. .

Accountability 126

Accountability Malware Phishing Social Engineering 126

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 268

Hacking Social Engineering Phishing Scams 268

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 106

Cryptocurrency Malware Authentication Banking 106

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 116

Cryptocurrency Data breaches Authentication Accountability 116

SecureList

JUNE 5, 2023

The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim’s account by performing web injections into targeted cryptocurrency websites. For example, it has the ability to retrieve the victims’ addresses, obtain account information, bypass 2FA, and much more.

Cryptocurrency 78

Cryptocurrency DNS Malware Encryption 78

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead. A copy of his complaint is here (PDF).

Mobile 229

Mobile Cryptocurrency Accountability Authentication 229

SecureList

MAY 6, 2024

With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.

Phishing 80

Phishing Banking Mobile Scams 80

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email!

Passwords 59

Passwords Cryptocurrency Data breaches Advertising 59

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S.

Cryptocurrency 80

Cryptocurrency Identity Theft Accountability Media 80

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 90

Mobile Cryptocurrency Authentication Accountability 90

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile 206

Mobile Cryptocurrency Scams Computers and Electronics 206

Hot for Security

MARCH 9, 2021

Cybercriminals are targeting Coinbase platform users with phishing campaings in an attempt to steal their account credentials and drain their cryptocurrency wallets, Bitdefender Antispam Lab has learned. The crooks are attempting to dupe recipients into accessing a fake login URL to enter their username and password.

Phishing 119

Phishing Cryptocurrency Accountability Passwords 119

Security Boulevard

FEBRUARY 12, 2021

A SIM, or Subscriber Identity Module, is the little chip that goes inside a phone and ties that phone to a particular account at a particular mobile provider. If the phone provider believes you have a new phone, they can tell their system, this is the new SIM number that should be linked to your account. Sorry, couldn't resist!)

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets. ripple.com.

Scams 94

Scams Phishing Cryptocurrency Social Engineering 94

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. Trezor WARNING: Elaborate Phishing attack.

Phishing 116

Phishing Data breaches Cryptocurrency Social Engineering 116

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 84

Cryptocurrency Phishing Social Engineering Accountability 84

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 48

Cryptocurrency Passwords Authentication Accountability 48

Troy Hunt

JUNE 11, 2018

They suspected that a significant volume of the credentials obtained in these incidents have been used to access mailboxes, cryptocurrency exchanges, cloud service accounts and other similar online assets. In total, there were 655k records affected that are now searchable.

Cryptocurrency 129

Cryptocurrency Cybercrime Data breaches Passwords 129

CyberSecurity Insiders

AUGUST 11, 2021

Its aim is to disrupt victim’s digital services, extort money and sell the stolen data on dark web, if the victim denies paying a ransom in cryptocurrency- usually in Bitcoins or Monero. The said file encrypting malware is often spread through Windows Powershell and Server Message Block exploits.

Ransomware 141

Ransomware Backups Cryptocurrency Malware 141

Malwarebytes

JULY 4, 2022

Passwordless authentication. Passwordless authentication could usher in a world where we no longer rely on passwords, and that could be an enormous, unabashed win for security and peace of mind. Passwords are a great idea in theory that fail horribly in practice. And yet almost every Internet account requires one.

Internet 115

Internet Internet Technology DNS 115

Security Affairs

FEBRUARY 10, 2021

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks. “This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts. . ” reads the announcement published by the NCA.

Cybercrime 81

Cybercrime Cryptocurrency Accountability Authentication 81

SecureWorld News

NOVEMBER 29, 2021

This leads us to the first section of the report, which is dedicated to looking at how malicious actors use compromised Google Cloud instances for cryptocurrency mining. Cryptocurrency mining has taken off in popularity in the last few years, for end users and threat actors alike. Compromised Google Cloud used for cryptomining.

Passwords 87

Passwords Cryptocurrency Authentication Software 87

Krebs on Security

MAY 10, 2019

From there, the attackers simply start requesting password reset links via text message for a variety of accounts tied to the hijacked phone number. million stealing cryptocurrencies and extorting people for restoring access to social media accounts that were hijacked after a successful SIM-swap.

Mobile 214

Mobile Identity Theft Cryptocurrency Accountability 214

Malwarebytes

MAY 6, 2022

The site right now is a blank page save for mention of a Twitter account, which has no content or likes posted to it. Even a trusted Discord channel can turn rogue if someone compromises the right account. Use 2FA and a password manager. Protecting your cryptocurrency. Do *NOT* fall prey to it! It seems unlikely.

Phishing 93

Phishing Password Management Cryptocurrency Scams 93

Security Affairs

JANUARY 31, 2019

Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites. The malware targets cookies associated with cryptocurrency exchanges such as Binance , Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

Malware 86

Malware Cryptocurrency Authentication Advertising 86