article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. Image: Interisle Cybercrime Supply Chain 2014. ”

article thumbnail

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. The vulnerability allow an attacker to hijack any account. On a surface of it, things looked bad: complete account takeover with a very trivial attack.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

article thumbnail

Marriott Was Hacked -- Again

Schneier on Security

name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government.

Hacking 274
article thumbnail

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

The account didn’t resume posting on the forum until April 2014. A search on jesus.fn.christ@gmail.com at Constella Intelligence , a company that tracks compromised databases, shows this email address is tied to an account at the fundraising platform omaze.com, for a Brian Shotliff from Chesterland, Ohio. com on Mar.

article thumbnail

An Interview With the Target & Home Depot Hacker

Krebs on Security

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Golubov was arrested in Ukraine in 2005 as part of a joint investigation with multiple U.S. Vrublevsky Sr.

Retail 255
article thumbnail

On the Zero-Day Market

Schneier on Security

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 331