Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 338

Passwords Accountability Engineering Phishing 338

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability 89

Accountability Scams Hacking Cryptocurrency 89

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency 104

Cryptocurrency Phishing Accountability Passwords 104

Bleeping Computer

JANUARY 10, 2024

Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [.]

Accountability 98

Accountability Hacking Passwords Cybersecurity 98

CyberSecurity Insiders

DECEMBER 30, 2021

If you follow a custom of saving passwords in your browser, you better change it, before it’s too late. Because security researchers from a South Korean cybersecurity firm, AhnLab discovered that a new malware named Redline was seen lurking in the browsers and stealing saved passwords only to be transmitted to remote servers.

Passwords 118

Passwords Malware Cryptocurrency Software 118

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot.

Passwords 114

Passwords Software Firmware Malware 114

Malwarebytes

DECEMBER 20, 2022

If you’re a user of the Gemini cryptocurrency exchange, it’s time to be on your guard against phishing attacks. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure. Locking down your Gemini account.

Cryptocurrency 72

Cryptocurrency Phishing Scams Accountability 72

Krebs on Security

JUNE 27, 2023

But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control.

Cryptocurrency 212

Cryptocurrency Accountability Mobile Hacking 212

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 253

Malware Cryptocurrency Software Scams 253

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. The malware admin declared that their operations do not involve any ransom activities.

Password Management 88

Password Management Passwords Malware Antivirus 88

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 205

Phishing Cryptocurrency DDOS Internet 205

Security Boulevard

MAY 27, 2021

Are you doing enough to prevent scammers from hijacking your social media accounts? The post Cryptocurrency scam attack on Twitter reminds users to check their app connections appeared first on The State of Security.

Cryptocurrency 83

Cryptocurrency Scams Media Accountability 83

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. The data included usernames, email addresses and plain text passwords.” Pierluigi Paganini.

Accountability 138

Accountability Malware Data breaches Passwords 138

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies.

Cryptocurrency 262

Cryptocurrency Government Cybercrime Accountability 262

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” A phishing message targeting FTX users that went out en masse today.

Mobile 191

Mobile Cyber Risk Cryptocurrency Data breaches 191

Naked Security

APRIL 28, 2023

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Cryptocurrency 126

Cryptocurrency Passwords Accountability Scams 126

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. “Most of the observed malware was capable of stealing both user passwords and cookies. .

Accountability 130

Accountability Malware Phishing Social Engineering 130

Schneier on Security

AUGUST 12, 2022

The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states: safe Only the user has access, loss No one has access, leak Both the user and the adversary have access, or. theft Only the adversary has access.

Cryptocurrency 240

Cryptocurrency Accountability Passwords Hacking 240

Malwarebytes

MARCH 19, 2024

Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. He was paid in Bitcoin, which was traced back to Katz’s cryptocurrency account. Check your online accounts immediately if you receive a notification about unusual activity.

Social Engineering 136

Social Engineering Computers and Electronics Mobile Identity Theft 136

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 109

Banking Accountability Mobile Cryptocurrency 109

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection.

Cryptocurrency 127

Cryptocurrency Malware Accountability Banking 127

SecureList

JUNE 5, 2023

The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim’s account by performing web injections into targeted cryptocurrency websites. For example, it has the ability to retrieve the victims’ addresses, obtain account information, bypass 2FA, and much more.

Cryptocurrency 78

Cryptocurrency DNS Malware Encryption 78

The State of Security

MAY 27, 2021

Are you doing enough to prevent scammers from hijacking your social media accounts? Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 131

Cryptocurrency Scams Media Authentication 131

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 9, 2024, U.S. Twilio disclosed in Aug.

Social Engineering 305

Social Engineering Mobile Cybercrime Passwords 305

Malwarebytes

FEBRUARY 7, 2024

I reached out to the person that owns the account to find out if he knew how his account got compromised. These apps would then spread further from the compromised user account. If you find your account has posted a message like this, you should assume that someone else has full control over your Facebook account.

Scams 136

Scams Passwords Identity Theft Accountability 136

Security Affairs

JANUARY 31, 2024

Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. The leak poses a variety of risks, expanding from identity theft to takeover and cashing-out accounts of traders. Account data.

Technology 119

Technology Identity Theft Backups Passwords 119

Krebs on Security

DECEMBER 19, 2022

conspired to hack into Yahoo email accounts belonging to victims in the United States. From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. . “ChumLul,” 22, of Racine, Wisc.,

Hacking 276

Hacking Passwords Media Identity Theft 276

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency 235

Cryptocurrency Mobile Authentication Accountability 235

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 129

Password Management Cryptocurrency Passwords Authentication 129

Bleeping Computer

NOVEMBER 28, 2022

Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets. [.].

Malware 103

Malware Cryptocurrency Passwords Accountability 103

Anton on Security

FEBRUARY 7, 2024

My favorite quotes from the report follow below: “ Credential abuse resulting in cryptomining remains a persistent issue , with threat actors continuing to exploit weak or nonexistent passwords to gain unauthorized access to cloud instances, while some threat actors are shifting to broader threat objectives.” [ A.C. — the

Cybersecurity 246

Cybersecurity Ransomware Passwords Cryptocurrency 246

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email!

Passwords 62

Passwords Cryptocurrency Data breaches Advertising 62

SecureWorld News

JANUARY 16, 2021

Now imagine the sting Stefan Thomas felt when he came to this realization: he has lost the password to a hard drive containing roughly $240 million in Bitcoin. Stefan Thomas, who is a programmer, was asked to make a video explaining how cryptocurrency works. Thomas has used eight of the ten password attempts, with no luck.

Passwords 105

Passwords Cryptocurrency Banking Encryption 105

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S.

Cryptocurrency 83

Cryptocurrency Identity Theft Accountability Media 83

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency 93

Cryptocurrency Advertising Phishing Passwords 93

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. stolen with the help of Raccoon.

Malware 276

Malware Identity Theft Cybercrime Accountability 276