Authentication, Cryptocurrency, Hacking and Passwords

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking

Hacking Social Engineering Phishing Scams

SEC X account hacked to hawk crypto-scams

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). A spot Bitcoin ETF will buy the cryptocurrency directly, “on the spot”, at its current price, throughout the day.

Accountability

Accountability Scams Hacking Cryptocurrency

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor. I don’t care,” O’Connor told The Times.

Cryptocurrency

Cryptocurrency Accountability Mobile Hacking

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. I had to go through and decline like 100-plus notifications.”

Passwords

Passwords Accountability Engineering Phishing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes. Reference the provided resources for establishing DMARC authentication.

Phishing

Phishing Ransomware Security Awareness Authentication

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner.

Hacking

Hacking Cryptocurrency Authentication Passwords

Convicted SIM Swapper Gets 3 Years in Jail

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency

Cryptocurrency Mobile Authentication Accountability

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Krebs on Security

FEBRUARY 1, 2024

government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.

Cryptocurrency

Cryptocurrency Ransomware Retail Government

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Threat actors exploit a flaw in Coinbase 2FA to steal user funds

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency

Cryptocurrency Data breaches Authentication Accountability

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email!

Passwords

Passwords Cryptocurrency Data breaches Advertising

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

” Hacking campaigns exploiting poor domain name security can be more subtle. A recent domain hijack of Japanese cryptocurrency exchange Coincheck.com was used to spoof the company in a spear-phishing campaign. That spells trouble if you’re the one that gets hacked. What Can Be Done?

Hacking

Hacking Retail Cyber Insurance Authentication

Two men arrested for stealing $550,000 in cryptocurrency with Sim Swapping

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Identity Theft Accountability Media

Malware news trending on Google

CyberSecurity Insiders

FEBRUARY 2, 2022

Second is the news related to an Iranian Hacking Group named MuddyWater that is currently targeting organizations operating in Turkey with a data stealing malware named Bootstrap. Third is the news related to 2FA Authenticator that is seen distributing malware. In practical, the said application is working as promoted.

Malware

Malware Cryptocurrency Authentication Healthcare

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead. A copy of his complaint is here (PDF).

Mobile

Mobile Cryptocurrency Accountability Authentication

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M worth of cryptocurrency. Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M worth of cryptocurrency. Attackers also stole funds in other cryptocurrencies.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Use a variation of unique passwords to access online accounts.

Mobile

Mobile Cryptocurrency Authentication Accountability

Anonymous offers $52,000 worth of Bitcoin to Russian troops for surrendered tank. Is it fake news?

Security Affairs

MARCH 6, 2022

Soldiers that want to exchange such vehicles for cryptocurrency need to wave a white flag and use the password “million” to accept the offer. The news is very strange, and at this moment is difficult to track its source and determine its authenticity. SecurityAffairs – hacking, Ukraine). Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Media Authentication Passwords

Microsoft warns of the rise of cryware targeting hot wallets

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency

Cryptocurrency Social Engineering Malware Cybercrime

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile

Mobile Cryptocurrency Scams Computers and Electronics

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. Collecting user credentials, such as passwords, from a range of popular chat and email programs, as well as web browsers.

Malware

Malware Password Management Authentication Passwords

Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum

Security Boulevard

MARCH 30, 2022

Introduction: Hacking forums often double up as underground marketplaces where cybercriminals buy, rent, and sell all kinds of malicious illegal products, including software, trojans, stealers, exploits, and leaked credentials. It has the capability to steal history, passwords, autofill information, and downloads. PWS.Blackguard.

Malware

Malware Hacking Antivirus Passwords

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware

Spyware Hacking Malware Social Engineering

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Or dumb kid who happened to work at a phone store and couldn't resist the temptation of $500 per day. You decide.

Cryptocurrency

Cryptocurrency Accountability Scams Social Engineering

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Affairs

JANUARY 9, 2023

The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency. Pierluigi Paganini.

Malware

Malware Authentication Cryptocurrency Internet

MailChimp breached, intruders conducted phishing attacks against crypto customers

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”

Phishing

Phishing Data breaches Cryptocurrency Social Engineering

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Use a variation of unique passwords to access online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Email crypto phishing scams: stealing from hot and cold crypto wallets

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams

Scams Phishing Cryptocurrency Social Engineering

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

The malicious code also targets cryptocurrency wallets and can capture credentials, passwords, and even data from messaging apps like Telegram. The infection chain starts when victims are tricked into clicking on an ads that appears like an authentic Google advertisement.

Malware

Malware Encryption Advertising Cryptocurrency

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks

Security Affairs

FEBRUARY 10, 2021

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks. ” Crooks conducted SIM swapping attacks to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Pierluigi Paganini.

Cybercrime

Cybercrime Cryptocurrency Accountability Authentication

CookieMiner Mac Malware steals browser cookies and sensitive Data

Security Affairs

JANUARY 31, 2019

Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites. The malware targets cookies associated with cryptocurrency exchanges such as Binance , Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

Malware

Malware Cryptocurrency Authentication Advertising

Blockchain City Hacked, Ethereum Stolen from Members

SecureWorld News

JANUARY 18, 2022

Cryptocurrencies, NFTs, and the metaverse have been hotly debated for a few months now. As Lyons points out, Discord seems to be the weakest link here as the breach used a ridiculous exploit that bypassed two factor authentication and his password. Will all of this new technology completely change our lives in the near future?

Hacking

Hacking Scams Accountability Cryptocurrency

BlueCharlie changes attack infrastructure in response to reports on its activity

Security Affairs

AUGUST 6, 2023

” Since at least December 17, 2022, the group has used a new naming pattern for its domains containing keywords related to information technology and cryptocurrency. Some examples are cloudrootstorage[.]com, com, directexpressgateway[.]com, com, storagecryptogate[.]com, com, and pdfsecxcloudroute[.]com. ” concludes the report.

Phishing

Phishing Social Engineering Authentication Cryptocurrency

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums. Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

Understanding Features and Vulnerabilities of The Decentralized Finance Attack Surface is Key to Protecting Against Cyber Attacks

Security Boulevard

MARCH 17, 2022

The estimated value of greater Decentralized Finance and cryptocurrencies surpassed half a trillion dollars in market capitalization in 2018, and then one trillion for the first time in 2021 ( 1 ). Since then, cryptocurrency values reached new records during the pandemic. Cryptocurrencies Are Established Via Blockchain Security.

Cyber Attacks

Cyber Attacks Cryptocurrency Marketing Software

CERT-UA warns of malspam attacks distributing the Jester info stealer

Security Affairs

MAY 9, 2022

The Jester stealer is able to steal credentials and authentication tokens from Internet browsers, MAIL/FTP / VPN clients, cryptocurrency wallets, password managers, messengers, game programs, and more. SecurityAffairs – hacking, Jester stealer). To nominate, please visit:? Pierluigi Paganini.

Password Management

Password Management VPN Cryptocurrency Government

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data.

Cybercrime

Cybercrime Advertising Hacking Accountability

Ukraine Nabs Suspect in 773M Password ?Megabreach?

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

Trending Sources

SEC X account hacked to hawk crypto-scams

Webinars

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

New Version of Meduza Stealer Released in Dark Web

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Convicted SIM Swapper Gets 3 Years in Jail

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Threat actors exploit a flaw in Coinbase 2FA to steal user funds

Poloniex forces password reset following a data leak

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Two men arrested for stealing $550,000 in cryptocurrency with Sim Swapping

Malware news trending on Google

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Hanging Up on Mobile in the Name of Security

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Anonymous offers $52,000 worth of Bitcoin to Russian troops for surrendered tank. Is it fake news?

Microsoft warns of the rise of cryware targeting hot wallets

Florida Man Arrested in SIM Swap Conspiracy

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Erbium info-stealing malware, a new option in the threat landscape

Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

MailChimp breached, intruders conducted phishing attacks against crypto customers

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Email crypto phishing scams: stealing from hot and cold crypto wallets

Statc Stealer, a new sophisticated info-stealing malware

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks

CookieMiner Mac Malware steals browser cookies and sensitive Data

Blockchain City Hacked, Ethereum Stolen from Members

BlueCharlie changes attack infrastructure in response to reports on its activity

YouTube creators’ accounts hijacked with cookie-stealing malware

Understanding Features and Vulnerabilities of The Decentralized Finance Attack Surface is Key to Protecting Against Cyber Attacks

CERT-UA warns of malspam attacks distributing the Jester info stealer

FBI shuts down the Russian-based hacker platform DEER.IO

Stay Connected