Krebs on Security

JUNE 18, 2020

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.

Identity Theft 361

Identity Theft Healthcare Hacking Technology 361

Troy Hunt

OCTOBER 2, 2020

For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality.

Accountability 364

Accountability Hacking Passwords InfoSec 364

Krebs on Security

FEBRUARY 12, 2019

Attacks that seek to completely destroy data and servers without any warning or extortion demand are not as common as, say, ransomware infestations , but when they do occur they can be devastating (the 2014 Sony Pictures hack and the still-unsolved 2016 assault on U.S.-based based ISP Staminus come to mind).

Hacking 274

Hacking DDOS Backups Accountability 274

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] 14, 2014: “Greetings Noel, “We’d like to offer Jordan Bloom the position of PHP developer reporting to Mike Morris for 75k CAD/Year. Abusewith[.]us

Hacking 230

Hacking Accountability Data breaches Marketing 230

Krebs on Security

FEBRUARY 9, 2023

” Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. Secret Service determined that he ran a massive “money mule” scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States.

Hacking 235

Hacking Cybercrime Ransomware Government 235

Krebs on Security

DECEMBER 4, 2024

image: x.com/vxunderground The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest. An image tweeted by Matveev showing the Justice Department’s wanted poster for him on a t-shirt. “Mother Russia will help you.

Cybercrime 230

Cybercrime Ransomware Cryptocurrency Government 230

The Last Watchdog

JUNE 21, 2020

The CryptoLocker wave went into a decline in June 2014 as a result of the so-called Operation Tovar , an initiative orchestrated by law enforcement agencies from multiple countries. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

APRIL 16, 2025

In June 2014 security experts at G Data discovered that a popular Chinese Android Smartphone, Star N9500 was commercialized with a pre-installed spyware, meanwhile in April, the Chinese TV station, CCTV, reported some cases of smartphones compromised by pre-installed malware before selling them on to unwitting customers.

Malware 127

Malware Manufacturing Mobile Spyware 127

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). “Absolutely all servers and working computers of the company are hacked and encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking 145

Hacking Ransomware Advertising Encryption 145

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking 279

Hacking Government Encryption Risk 279

eSecurity Planet

MARCH 24, 2025

A sophisticated supply chain hack targeting Oracle Cloud has exfiltrated a staggering 6 million records. The initial access was gained by hacking the login endpoint (login.(region-name).oraclecloud.com), 27, 2014, allowed an unauthenticated attacker network access via HTTP. region-name).oraclecloud.com),

Risk 119

Risk Passwords Hacking Encryption 119

Schneier on Security

DECEMBER 24, 2020

” China had also stepped up its hacking efforts targeting biometric and passenger data from transit hubs… To be sure, China had stolen plenty of data before discovering how deeply infiltrated it was by U.S. intelligence personnel, these new capabilities made China’s successful hack of the U.S. intelligence agencies.

Hacking 363

Hacking Government 363

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,PlugX malware) European, and Asian entities.

Malware 120

Malware Government Hacking Cybersecurity 120

Krebs on Security

JULY 27, 2022

It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. “Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. In 2014, ALM reported revenues of $115 million.

Cybercrime 62

Cybercrime Hacking Media Advertising 62

Security Affairs

MARCH 31, 2025

The APT group has been launching cyber-espionage campaigns against Ukraine since at least 2014. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine) The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader.

Phishing 112

Phishing Antivirus Encryption Hacking 112

Security Affairs

DECEMBER 8, 2024

Now He Wants to Help You Escape, Too Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Artificial Intelligence 102

Artificial Intelligence Spyware Hacking Ransomware 102

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords 362

Passwords Accountability Hacking Password Management 362

Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.

DDOS 296

DDOS Cybercrime Hacking Passwords 296

Security Affairs

DECEMBER 18, 2024

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,APT)

Cyber Attacks 114

Cyber Attacks Hacking Government Malware 114

Krebs on Security

APRIL 7, 2022

Security experts say both VPNFilter and Cyclops Blink are the work of a hacking group known as Sandworm or Voodoo Bear , the same Russian team blamed for disrupting Ukraine’s electricity in 2015. SANDWORM AND TRITON. energy facilities. and international companies and entities, including U.S. ” HYDRA. . ” HYDRA.

Marketing 298

Marketing Energy and Utilities Malware Ransomware 298

Security Affairs

FEBRUARY 19, 2025

Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,DoS)

Authentication 121

Authentication System Administration DNS Hacking 121

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability 286

Accountability Advertising Marketing Malware 286

Krebs on Security

JUNE 27, 2019

As noted in that April story, PCM was one of the companies targeted by the same hacking group that compromised Wipro. Earlier this week, cyber intelligence firm RiskIQ published a lengthy analysis of the hacking group that targeted Wipro, among many other companies. Insight has not yet responded to requests for comment.

Hacking 273

Hacking Retail Technology Government 273

Malwarebytes

JULY 28, 2021

And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. It was also the first major Olympics event where organizers braced for hacking related impact.

Scams 143

Scams Hacking Malware Mobile 143

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware 357

Ransomware Cybercrime Malware Encryption 357

SecureWorld News

SEPTEMBER 27, 2023

The hacking group claims to have compromised all of Sony's systems. However, the group has posted some sample data from the hack online, including screenshots of an internal login page, an internal PowerPoint presentation, and several Java files. At the time of this publication, Ransomed.vc has yet to provide any definitive proof.

Hacking 109

Hacking Data privacy Cybercrime Advertising 109

Krebs on Security

AUGUST 1, 2024

But in 2014 Seleznev was captured by U.S. That loss amount equaled the total losses inflicted by Seleznev’s various carding stores, and other thefts attributed to members of the hacking forum carder[.]su prosecutors called a “$93 million hack-to-trade conspiracy.” law enforcement.

Penetration Testing 277

Penetration Testing Cybercrime Hacking Government 277

CyberSecurity Insiders

AUGUST 3, 2022

A T-Mobile employee, who has been now ousted from the post, was found guilty of indulging in a $25 million scam where he hacked into the internal systems of mobile carrier to unlock and unblock cell phones on network. The post Employee of T-Mobile hacks internal systems to unlock and unblock phones appeared first on Cybersecurity Insiders.

Mobile 115

Mobile Hacking Retail Scams 115

Krebs on Security

SEPTEMBER 26, 2024

Department of Justice (DOJ) today unsealed an indictment against a 38-year-old man from Novosibirsk, Russia for allegedly operating Joker’s Stash, an extremely successful carding shop that came online in late 2014. ru , which periodically published hacking tools and exploits for software vulnerabilities.

Cryptocurrency 289

Cryptocurrency Cybercrime Retail Government 289

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. In a retrospective post published to Livejournal in 2014 titled, “Mazafaka, from conception to the present day,” Stalker said Djamix had become a core member of the community. Technical capabilities cannot overcome intelligence and cunning.”

Cybercrime 310

Cybercrime Accountability Identity Theft Hacking 310

Krebs on Security

AUGUST 1, 2024

But in 2014 Seleznev was captured by U.S. That loss amount equaled the total losses inflicted by Seleznev’s various carding stores, and other thefts attributed to members of the hacking forum carder[.]su prosecutors called a “$93 million hack-to-trade conspiracy.” law enforcement.

Penetration Testing 262

Penetration Testing Cybercrime Hacking Government 262

SecureWorld News

APRIL 22, 2025

Lazarus Group: a history of cybercrime The Lazarus Group is believed to be a state-sponsored hacking collective operated by the North Korean government. This group has been responsible for some of the most high-profile cyberattacks in recent history, including the Sony Pictures hack in 2014 and the 2017 WannaCry ransomware outbreak.

Cryptocurrency 90

Cryptocurrency Social Engineering Cybercrime Engineering 90

Security Affairs

MARCH 5, 2025

It was established on 26 September 2014, and its headquarters are located in Gdask, Poland. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Poland) The agency is focused on developing satellite networks and space technologies in Poland.

Internet 102

Internet Internet Ransomware Technology 102

Krebs on Security

MARCH 22, 2021

By 2014 it was throwing lavish parties at top Internet security conferences. ” Frigg promises to include “elements that stems [sic] from major data hacks of known systems like Ashley Madison, LinkedIn, Dropbox, Fling.com, AdultFriendFinder and hundreds more. Last month, the U.S.

Surveillance 322

Surveillance Computers and Electronics Internet Internet 322

Schneier on Security

OCTOBER 10, 2019

The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates. The COMpfun malware was initially documented by G-DATA in 2014.

Malware 245

Malware Engineering Encryption Hacking 245

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. In this two-hour Arabic language YouTube tutorial from 2014 , Fatal.001

DNS 298

DNS Penetration Testing Malware Hacking 298

Schneier on Security

APRIL 27, 2022

Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014.

Ransomware 246

Ransomware Risk Malware Hacking 246