Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 115

Phishing Data breaches Cryptocurrency Social Engineering 115

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” A phishing message targeting FTX users that went out en masse today.

Mobile 201

Mobile Cyber Risk Cryptocurrency Data breaches 201

Adam Levin

OCTOBER 10, 2018

High-profile Instagram accounts are being targeted by ransomware attacks and phishing schemes, with evidence suggesting that many account holders are paying the attackers. W]e will have to delete your account within 3 hours,” the hackers’ message adds, threatening to wipe out the account if the ransom isn’t paid.

Accountability 195

Accountability Ransomware Phishing Media 195

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency 102

Cryptocurrency Phishing Accountability Passwords 102

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 269

Hacking Social Engineering Phishing Scams 269

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability 125

Accountability Malware Phishing Social Engineering 125

Hot for Security

MARCH 9, 2021

Cybercriminals are targeting Coinbase platform users with phishing campaings in an attempt to steal their account credentials and drain their cryptocurrency wallets, Bitdefender Antispam Lab has learned. According to our latest telemetry, the phishing campaign was noticed since mid-February, targeting over 25,000 users.

Phishing 119

Phishing Cryptocurrency Accountability Passwords 119

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 112

Authentication Social Engineering Phishing Banking 112

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself.

Phishing 94

Phishing Scams Accountability Energy and Utilities 94

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering 319

Social Engineering Mobile Cybercrime Passwords 319

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 85

Phishing Energy and Utilities Insurance Manufacturing 85

The Last Watchdog

APRIL 14, 2022

This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. Scenario 2. Scenario 3.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Malwarebytes

NOVEMBER 1, 2022

LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and (at times) malware, and has been trying to combat those issues. What's new? The "About this profile" feature.

Accountability 89

Accountability Cryptocurrency Education Technology 89

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 358

Phishing VPN Social Engineering Media 358

Bleeping Computer

NOVEMBER 21, 2022

A crypto-stealing phishing campaign is underway to bypass multi-factor authentication and gain access to accounts on Coinbase, MetaMask, Crypto.com, and KuCoin and steal cryptocurrency. [.].

Cryptocurrency 72

Cryptocurrency Phishing Authentication Accountability 72

Digital Shadows

JUNE 7, 2021

It’s been a pretty big year so far for cryptocurrency. Cryptocurrencies’ current total market cap sits just above $1.7 The cryptocurrency exchange Coinbase recently launched an IPO, India has reversed a ban on cryptocurrencies, and ransomware groups continue to demand payment in anonymity-based cryptocurrency.

Cryptocurrency 52

Cryptocurrency Phishing Advertising Antivirus 52

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S.

Cryptocurrency 80

Cryptocurrency Identity Theft Accountability Media 80

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 86

Cryptocurrency Phishing Social Engineering Accountability 86

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. Scavuzzo said the administrator’s account was hijacked even though she had multi-factor authentication turned on.

Hacking 287

Hacking Scams Accountability Cryptocurrency 287

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 115

Cryptocurrency Data breaches Authentication Accountability 115

Malwarebytes

APRIL 3, 2023

Controversially, Blue accounts gained the same visual checkmark as verified accounts despite not using the same identity verification process. This resulted in an early wave of imitation accounts causing confusion. Twitter recently announced that all legacy accounts would lose their checkmark on April 1.

Accountability 78

Accountability Cryptocurrency Government Scams 78

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead.

Mobile 230

Mobile Cryptocurrency Accountability Authentication 230

Malwarebytes

FEBRUARY 7, 2024

I reached out to the person that owns the account to find out if he knew how his account got compromised. These apps would then spread further from the compromised user account. If you find your account has posted a message like this, you should assume that someone else has full control over your Facebook account.

Scams 133

Scams Passwords Identity Theft Accountability 133

CyberSecurity Insiders

AUGUST 1, 2022

Security research carried out by CloudSEK has found that over 3000+ mobile applications were exposing Twitter’s API keys, thus providing access to twitter accounts fraudulently.

Mobile 120

Mobile Media Accountability Cryptocurrency 120

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile 206

Mobile Cryptocurrency Scams Computers and Electronics 206

SecureList

MARCH 29, 2023

However, traditional financial threats – such as banking malware and financial phishing, continue to take up a significant share of such financially-motivated cyberattacks. Security solutions integrated into operating systems, two-factor authentication and other verification measures have helped reduce the number of vulnerable users.

Banking 74

Banking Phishing Cryptocurrency Mobile 74

Malwarebytes

MAY 6, 2022

Well, there’s a “potential vulnerability” which allowed spambots to post phishing links to other users. There’s no further information on how this occurred, but situations like this can happen if a channel’s administrator gets phished. Sadly, spamming phish links is not supposed to be one of them.

Phishing 88

Phishing Password Management Cryptocurrency Scams 88

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Earlier this year, Robinhood sent out a message to its users, warning of some phishing emails claiming to be a "Security Alert" with links to fake Robinhood websites. How to spot phishing emails.

Phishing 90

Phishing Social Engineering Scams Identity Theft 90

SecureList

FEBRUARY 23, 2022

We look at phishing threats commonly encountered by users and companies as well as the prevalence of various Windows and Android-based financial malware. Phishing: In 2021, 8.2% of users were hit by phishing. E-commerce-related phishing continued to exceed banking-related phishing, as it did in 2020, making up 17.6%

Banking 96

Banking Phishing Cryptocurrency Malware 96

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 86

Spyware Hacking Malware Social Engineering 86

Centraleyes

DECEMBER 28, 2023

The trojan executed actions on behalf of victims, orchestrating Account Takeover (ATO) and Device Takeover (DTO) attacks, primarily targeting banking and cryptocurrency applications. Notably, Chameleon’s distribution strategy involved phishing pages posing as legitimate applications.

Banking 52

Banking Cryptocurrency Mobile Phishing 52

Security Affairs

FEBRUARY 10, 2023

. “This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.” Obfuscate Identity.

Ransomware 79

Ransomware Healthcare Cryptocurrency Government 79

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 48

Cryptocurrency Passwords Authentication Accountability 48

Malwarebytes

JANUARY 31, 2022

The hijackers compromise the account, switch the picture to Elon, and then start spamming cryptocurrency links. Alternatively, they may keep the account as it is and spam images claiming Elon has approved a giveaway or something similar. Another tweet (now deleted) suggested people should send a direct message to the account.

Scams 90

Scams Cryptocurrency Accountability Phishing 90

Troy Hunt

JUNE 11, 2018

They suspected that a significant volume of the credentials obtained in these incidents have been used to access mailboxes, cryptocurrency exchanges, cloud service accounts and other similar online assets. In total, there were 655k records affected that are now searchable.

Cryptocurrency 128

Cryptocurrency Cybercrime Data breaches Passwords 128

Malwarebytes

JANUARY 5, 2023

The sites, promoted by imitation Twitter accounts, look very much like the real thing. Two of the accounts have deleted all of their Tweets and one account itself is now deleted. However, Bleeping Computer notes that the accounts had previously been responding to queries regarding availability. Phishing for authenticity.

Phishing 66

Phishing Accountability Scams Media 66

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76