Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. used the password 225948. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc.

Ransomware 244

Ransomware Cybercrime Accountability Malware 244

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. Why do I suggest this?

Mobile 207

Mobile Cyber Risk Cryptocurrency Data breaches 207

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability 113

Accountability Hacking Cryptocurrency Cybersecurity 113

Krebs on Security

DECEMBER 14, 2023

That reporting was based on clues from an early Russian cybercrime forum in which a hacker named Rescator — using the same profile image that Rescator was known to use on other forums — claimed to have originally been known as “Helkern,” the nickname chosen by the administrator of a cybercrime forum called Darklife.

Cybercrime 232

Cybercrime Accountability Advertising Computers and Electronics 232

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S. Pierluigi Paganini.

Cryptocurrency 79

Cryptocurrency Identity Theft Accountability Media 79

Krebs on Security

JUNE 6, 2023

However, far more interesting is their program for rewarding people who choose to sell Kopeechka usernames and passwords for working email addresses. Trend Notes that the phony reputation site routinely gave high trust ratings to a variety of cryptocurrency scam and casino websites. com site,” the Trend researchers wrote.

Accountability 220

Accountability Scams Cryptocurrency Advertising 220

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. Be aware of any changes in SMS-based connectivity.

Mobile 86

Mobile Cryptocurrency Authentication Accountability 86

Security Affairs

FEBRUARY 10, 2021

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks. They also hijacked social media accounts to post content and send messages masquerading as the victim.” SecurityAffairs – hacking, cybercrime). Pierluigi Paganini.

Cybercrime 76

Cybercrime Cryptocurrency Accountability Authentication 76

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 47

Cryptocurrency Passwords Authentication Accountability 47

Malwarebytes

SEPTEMBER 18, 2023

In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. According to the statement made by Free Download Manager: “It’s estimated that much less than 0.1%

Malware 112

Malware Cryptocurrency Cybercrime Software 112

Krebs on Security

DECEMBER 5, 2022

The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S.

Cybercrime 243

Cybercrime Malware Internet Internet 243

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 72

Malware Cybercrime Cryptocurrency Social Engineering 72

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. platform, an automated set-up wizard allowed the owner to upload the products and services offered through the shop and configure the payment process via cryptocurrency wallets. SecurityAffairs – cybercrime, DEER.IO). Firsov was arrested at the John F.

Cybercrime 109

Cybercrime Advertising Hacking Accountability 109

SecureList

JANUARY 17, 2024

In 2023, for instance, there was a significant rise in posts offering login credentials and passwords for various personal and work accounts. Notable among these was BunnyLoader , inexpensive and feature-rich malware capable of stealing sensitive data and cryptocurrency.

Marketing 110

Marketing Cryptocurrency Malware Ransomware 110

Malwarebytes

MARCH 17, 2022

Cryptocurrency wallet attacks. Digital wallet phish attempts are rampant on social media, and we expect this to rise. People new to cryptocurrency often gravitate to services which take the hassle out of setting everything up. Below, we dig into a few of those. Ransomware supply chain triple-threat.

Cryptocurrency 116

Cryptocurrency Backups Phishing Password Management 116

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Samy Tarazi is a sergeant with the Santa Clara County Sheriff’s office and a REACT supervisor.

Mobile 243

Mobile Cryptocurrency Accountability Passwords 243

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. Be aware of any changes in SMS-based connectivity.

Banking 99

Banking Accountability Mobile Cryptocurrency 99

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 82

Spyware Hacking Malware Social Engineering 82

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 83

Data breaches Ransomware Hacking Financial Services 83

Security Affairs

JANUARY 3, 2024

Victims are tricked into installing this fake app under the guise of confirming their OTP (One-Time Password), which is then intercepted and transmitted to a command-and-control (C2C) server managed by the attacker. The use of Artificial Intelligence in cybercrime is not a completely novel concept.

Artificial Intelligence 111

Artificial Intelligence Banking Scams Cybercrime 111

Security Affairs

APRIL 29, 2023

ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) and cryptocurrency stealer that was first analyzed by Fortinet in February 2020. The script launches the main routine of the malware that installs malicious browser extensions to exfiltrate passwords and crypto wallet data. ” concludes the report.

Encryption 82

Encryption Malware Cryptocurrency Software 82

Herjavec Group

OCTOBER 27, 2020

According to Cybersecurity Ventures – cybercrime will cost the world $6 trillion annually by 2021 ! Cybercrime will cost the world $6 trillion annually by 2021 , up from $3 trillion in 2015. Ransomware, the fastest growing type of cybercrime, cost the world $11.5 The world needs to cyber protect 300 billion passwords this year.

Security Awareness 73

Security Awareness Cybersecurity Cybercrime Education 73

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. ” NEEDLES IN THE HAYSTACK.

Mobile 192

Mobile Government Media Technology 192

Webroot

MAY 12, 2021

Since cryptocurrencies were, are and will continue to be impactful technologies, surely NFTs are a topic worth exploring. But naturally, at Carbonite + Webroot, we just wonder how they’ll be used and abused by cybercriminals or if they can be irrevocably lost like the password to a crypto wallet. Non- what token?

Cryptocurrency 91

Cryptocurrency Marketing Phishing Authentication 91

Security Affairs

AUGUST 21, 2022

The scripts will also infect the victim’s computer with the Raccoon Stealer info-stealing trojan which allows operators to steal login credentials, cookies, auto-fill data, and credit cards saved on web browsers, along with cryptocurrency wallets. Follow me on Twitter: @securityaffairs and Facebook.

DDOS 87

DDOS Malware Antivirus Firewall 87

Krebs on Security

AUGUST 19, 2020

For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries. Zack Allen is director of threat intelligence for ZeroFOX , a Baltimore-based company that helps customers detect and respond to risks found on social media and other digital channels.

Phishing 360

Phishing VPN Social Engineering Media 360

Security Affairs

JUNE 4, 2021

Cryptocurrencies are represented in hacked accounts to trading sites. Monero is the cryptocurrency of choice, instead, and all communications must be PGP encrypted. Cryptocurrency trading accounts. Other cryptocurrencies have increased in value as well. Social Media. Use good password practices.

Accountability 106

Accountability Marketing Hacking Cryptocurrency 106

Hot for Security

MAY 25, 2021

We still have a long way to go until we re-establish our peace of mind as we emerge from the health crisis. With a period of relaxation on the horizon, it’s important to start analyzing our behaviors, abandoning harmful and lengthy digital activities that may lead to stress and further burnout.

Cybersecurity 124

Cybersecurity Identity Theft Digital transformation Media 124

Krebs on Security

JULY 22, 2020

According to The Times , Kirk first reached out to the group through a hacker who used the screen name “ lol ” on OGusers , a forum dedicated to helping users hijack and resell OG accounts from Twitter and other social media platforms. The account “@shinji,” a.k.a. CONSPIRACY.

Hacking 299

Hacking Accountability Scams Media 299

SecureList

SEPTEMBER 6, 2022

When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money.

Mobile 101

Mobile Passwords Software Accountability 101

Adam Levin

DECEMBER 7, 2020

Ransomware was a relatively obscure form of malware until the early 2010s , but it has increased in scope and the amount of damage it has caused year after year, aided by a proliferation of botnets , cryptocurrencies , and sophisticated criminal enterprises. AI makes it possible to identify patterns and correctly guess passwords.

IoT 130

IoT Artificial Intelligence Technology Scams 130

SecureList

FEBRUARY 10, 2022

A zombie network, named Abcbot by researchers, first hit the radar in July, but at the time it was little more than a simple scanner attacking Linux systems by brute-forcing weak passwords and exploiting known vulnerabilities. As for DDoS attacks themselves, media in the Philippines came under repeated fire during the past quarter.

DDOS 109

DDOS Cryptocurrency Marketing Accountability 109

eSecurity Planet

SEPTEMBER 14, 2022

Cybercrime is a growth industry like no other. Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way. In 2021 alone, IC3 received 847,376 complaints which amounted to $6.9 billion in reported losses.

Social Engineering 117

Social Engineering Energy and Utilities Phishing Scams 117

SC Magazine

JANUARY 27, 2021

During the operation, Dutch National Police acquired a database used by Emotet operators containing stolen email addresses, usernames and passwords, and Dutch authorities have set up a website that lets visitors check if their email address was among those compromised. “It’s On Tuesday, Jan. It also disclosed the Jan.

Ransomware 88

Ransomware Malware Media Threat Detection 88

eSecurity Planet

NOVEMBER 2, 2022

The document contained a list of pornographic sites, along with passwords for access to said sites and would then spread itself and its NSFW content by emailing the first 50 people in the victim’s contact list. Petya was initially developed by a group called Janus Cybercrime Solutions as part of its ransomware-as-a-service (RaaS) platform.

Malware 140

Malware Ransomware Antivirus Internet 140

SecureList

DECEMBER 6, 2022

Since user accounts in those days were protected only by a password, it was enough for attackers to phish out this information to gain access to victims’ money. In addition, scammers often used personal information from victims’ own social media pages to make their attacks more targeted, and thus more successful.

Scams 98

Scams Phishing Social Engineering Banking 98

SecureList

AUGUST 30, 2023

The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers. While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus.

Malware 76

Malware Spyware Cryptocurrency Government 76