Security Boulevard

AUGUST 2, 2022

Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. It is easy to detect and block things like malicious cryptocurrency apps or crypto-phishing websites.

Cryptocurrency 98

Cryptocurrency Ransomware Government Risk 98

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. SecurityAffairs – hacking, MailChimp).

Phishing 116

Phishing Data breaches Cryptocurrency Social Engineering 116

Security Affairs

SEPTEMBER 17, 2023

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. The group is also suspected to have recently stolen $31 million from the professional global cryptocurrency exchange CoinEx. The Stake.com and CoinEx exploits account for 78% of September’s total.”

Social Engineering 116

Social Engineering Cryptocurrency Hacking Engineering 116

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 94

Scams Phishing Cryptocurrency Social Engineering 94

Security Boulevard

FEBRUARY 12, 2021

A SIM, or Subscriber Identity Module, is the little chip that goes inside a phone and ties that phone to a particular account at a particular mobile provider. If the phone provider believes you have a new phone, they can tell their system, this is the new SIM number that should be linked to your account. Sorry, couldn't resist!)

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. SCHOOL OF HACKS.

Phishing 357

Phishing VPN Social Engineering Media 357

SecureWorld News

MAY 11, 2023

Nearly three years ago, chaos descended upon Twitter when a small group of hackers successfully breached the accounts of some of the platform's most high-profile users. RELATED: Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack? ] Now, the U.S. ] Now, the U.S.

Accountability 79

Accountability Social Engineering Media Hacking 79

eSecurity Planet

NOVEMBER 18, 2022

This involved using an “unsecured group email account as the root user to access confidential private keys and critically sensitive data for the FTX Group companies around the world…” About $740 million in cryptocurrency has been placed into new cold wallets. Also read : The Link Between Ransomware and Cryptocurrency.

Risk 140

Risk Cybersecurity Cryptocurrency Social Engineering 140

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. Microsoft Corp.

Malware 281

Malware Software Technology Accountability 281

Malwarebytes

MARCH 13, 2023

Within those complaints, cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 There are a number of different methods that cryptocurrency investment fraudsters deploy: Liquidity mining. Hacked social media accounts. billion in 2022, an increase of 183%. Celebrity impersonation. Pig butchering.

Cryptocurrency 62

Cryptocurrency Scams Media Social Engineering 62

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 63

Insurance Cryptocurrency Cyber threats Marketing 63

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware 85

Spyware Hacking Malware Social Engineering 85

SecureWorld News

JULY 22, 2020

Over the last week or so, SecureWorld has kept you in the loop about Twitter's recent account hack. Much of the world's focus has moved toward investigating the hack as a "whodunit." Was it social engineering? Could the Twitter account of a deceased hacker lead us to the perpetrators ? Insider threat?

Cryptocurrency 52

Cryptocurrency Scams Social Engineering Accountability 52

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

Security Affairs

NOVEMBER 15, 2021

The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. ATS (Automatic Transfer System) attaks allow Treat actors to auto-fill fields in legitimate mobile banking to transfer money from the compromised devices to accounts under the control of the attackers.

Banking 127

Banking Mobile Social Engineering Malware 127

Security Affairs

MAY 21, 2023

The threat actors publish malicious packages to the PyPI repository and attempt to trick developers into using them using social engineering tricks, such as intentional typos in their names and high version numbers. The repository is a privileged target for threat actors that aim to carry out supply chain attacks aimed at developers.

Social Engineering 87

Social Engineering Malware Cryptocurrency Engineering 87

Security Affairs

OCTOBER 20, 2020

Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks. Group-IB Secure Portal also managed to identify over 100,000 accounts with three or more logins from the same device. SecurityAffairs – hacking, Iran). Pierluigi Paganini.

Cryptocurrency 59

Cryptocurrency Social Engineering eCommerce Engineering 59

Security Affairs

JANUARY 23, 2022

” Malicious websites could also deliver malware on the victims’ devices or hijack their payments to accounts under their control. Never download an app from a QR code, avoid making any payment requested through unsolicited email that uses social engineering techniques to trick recipients into scanning the embedded QR code.

Cryptocurrency 97

Cryptocurrency Social Engineering Malware Scams 97

Appknox

JUNE 23, 2022

Thus, these Australian attacks significantly contribute to the rising trend in socially engineered attacks. Cryptocurrency and NFT attacks are rising as decentralized finance, and digital art assets become sophisticated socially engineered threats. Common Trends Among the Australian Mobile Threats.

Social Engineering 92

Social Engineering Mobile Scams Engineering 92

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. . Pierluigi Paganini.

Mobile 93

Mobile Telecommunications Data breaches Identity Theft 93

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. The malware also supports anti-sandbox and analysis functionalities to avoid detection and prevent being analyzed.

Encryption 78

Encryption Social Engineering Malware Cryptocurrency 78

Security Affairs

NOVEMBER 26, 2018

He gained access to his phone number and used it impersonate the executive and steal $500,000 from two accounts he had at Coinbase and Gemini. The hack and consequent cyber heist occurred on October 26 and Truglia was arrested on November 14. Security Affairs – SIM swap, hacking). ” reads a CNBC report.

Cryptocurrency 81

Cryptocurrency Identity Theft Social Engineering Advertising 81

Security Affairs

JANUARY 3, 2024

For the tool to function, the operator must input a list of compromised email accounts to be scanned. It’s noteworthy that most of the victim accounts identified were predominantly from the U.K. Utilizing AI-driven bots for advanced social engineering techniques.

Artificial Intelligence 118

Artificial Intelligence Banking Scams Cybercrime 118

Malwarebytes

JUNE 23, 2022

This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine arrests, 24 house searches, and the seizure of firearms, ammunition, jewelry, electronic devices, cash, and cryptocurrency. Money mules then used these credentials to cash out millions in Euros from victim accounts.

Phishing 105

Phishing Banking Cryptocurrency Scams 105

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In fact, from January through the end of October, Kaspersky detected more than 2,300 fraudulent global resources aimed at 85,000 potential crypto investors or users who are interested in cryptocurrency mining. Extortion on the rise.

Cryptocurrency 104

Cryptocurrency Banking Cybercrime Ransomware 104

Identity IQ

FEBRUARY 8, 2024

But the dark web is also associated with illegal activities including the trafficking of drugs, weapons, and illegal pornography, hacking and cybercrime, terrorism, and the sale of stolen data or personal information. Transactions on the dark web are typically conducted using cryptocurrencies such as Bitcoin to maintain anonymity.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

Security Affairs

AUGUST 16, 2023

The content of the message attempt to trick the recipient into scanning the code to verify their account. “Email lures came in the form of updating account security surrounding 2FA, MFA, and general account security. The emails urge the recipient to complete the procedure in 2-3 days. ” continues the report.

Phishing 85

Phishing Energy and Utilities Insurance Manufacturing 85

SecureList

NOVEMBER 22, 2022

Unlike common stealers, this malware gathered data that can be used to identify the victims, such as browsing histories, social networking account IDs and Wi-Fi networks. Cryptocurrency targeted attacks. More cryptocurrency-related threats: fake hardware wallets, smart contract attacks, DeFi hacks, and more.

Cryptocurrency 87

Cryptocurrency Mobile Ransomware Banking 87

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. A screenshot of a Discord discussion between the key Twitter hacker “Kirk” and several people seeking to hijack high-value Twitter accounts.

Hacking 292

Hacking Accountability Scams Media 292

ForAllSecure

SEPTEMBER 29, 2022

And, as you'll hear, in some cases, they'll even fly you around the world to learn how to hack. It's about challenging our expectations about the people who hack for a living. It's basically hacking for money, you find a vulnerability, and if the company validates it, they give you a bounty. I hope you'll stick around.

Hacking 40

Hacking Cryptocurrency Software InfoSec 40

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. SecurityAffairs – hacking, Wannacry).

Malware 97

Malware Computers and Electronics Encryption Ransomware 97

Security Affairs

SEPTEMBER 2, 2018

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

Social Engineering 53

Social Engineering Cryptocurrency Advertising Malware 53

SecureList

JULY 11, 2022

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But mass mailings are still more convenient to send out by e-mail, since accounts in social networks, messengers, etc., are quickly blocked due to spam. Statistics. Lottery fraud.

Scams 98

Scams Accountability Banking Phishing 98

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering 243

Social Engineering Phishing Engineering Accountability 243

Security Affairs

JANUARY 27, 2022

Other affected businesses include Chip, a UK-based savings app boasting 400,000 users; Hoolah, a shopping app with over 100,000 installs ; Mode, a cryptocurrency app with over 50,000 installs ; and Greenwheels, a car-sharing service with over 50,000 installs. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft 85

Identity Theft Accountability Data breaches Social Engineering 85

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. For example, one website offered users to obtain a COVID vaccination certificate by entering their British National Health Service (NHS) account credentials.

Phishing 90

Phishing Scams Accountability Energy and Utilities 90

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. Let’s look at a few primary examples.

Scams 108

Scams Phishing Firewall Social Engineering 108