Krebs on Security

FEBRUARY 19, 2021

The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015. According to prosecution documents, Marcu and The Shark spotted my reporting shortly after it was published in 2015, and discussed what to do next on a messaging app: The Shark: Krebsonsecurity.com See this.

Banking 302

Banking Accountability Cybercrime Mobile 302

Krebs on Security

OCTOBER 15, 2020

The NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. Dominitz said he never imagined back in 2015 when he founded Q6Cyber that we would still be seeing so many merchants dealing with magstripe-based data breaches.

Data breaches 362

Data breaches Cybercrime Retail Banking 362

Schneier on Security

AUGUST 14, 2024

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” (..)

Insurance 298

Insurance Manufacturing Technology Data collection 298

Tech Republic Security

JULY 14, 2020

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

Identity Theft 216

Identity Theft Data breaches 216

Tech Republic Security

AUGUST 27, 2020

The BeagleBoyz have made off with nearly $2 billion since 2015, and they're back to attacking financial institutions after a short lull in activity.

Banking 217

Banking Government 217

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. 12, 2023 scoop from The Wrap. There are several other studios pursuing documentaries on the Ashley Madison breach, and it’s not hard to see why.

Media 251

Media 251

Schneier on Security

MAY 17, 2024

Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.” .” “Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co

Hacking 285

Hacking Accountability Ransomware Internet 285

Krebs on Security

NOVEMBER 11, 2023

More greatest hits from Experian: 2022: Class Action Targets Experian Over Account Security 2017: Experian Site Can Give Anyone Your Credit Freeze PIN 2015: Experian Breach Affects 15 Million Customers 2015: Experian Breach Tied to NY-NJ ID Theft Ring 2015: At Experian, Security Attrition Amid Acquisitions 2015: Experian Hit With Class Action (..)

Accountability 333

Accountability Authentication Passwords Identity Theft 333

Schneier on Security

OCTOBER 15, 2021

It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s We seem to have to do this every decade or so.)

Risk 327

Risk Encryption 327

Schneier on Security

OCTOBER 23, 2020

We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed. Lots of details in the report. And in this news article : At least 49 of the 50 largest U.S.

Mobile 300

Mobile Engineering Encryption 300

Schneier on Security

APRIL 17, 2020

The 2015 Cybersecurity Culture and Compliance Initiative outlined 11 education-related goals for 2016; the GAO found that the Pentagon completed only four of them. Similarly, the 2015 Cyber Discipline plan outlined 17 goals related to detecting and eliminating preventable vulnerabilities from DoD's networks by the end of 2018.

Education 216

Education Accountability Cybersecurity Software 216

Joseph Steinberg

JANUARY 4, 2021

In 2015 Google began “pausing” Flash animations , and, by late 2016, Google, Microsoft , and Apple had all announced that future versions of their web browsers would block Flash by default.

Technology 246

Technology Mobile Internet Internet 246

Krebs on Security

JULY 29, 2020

McCoy and fellow NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. In 2015, the major credit card associations instituted new rules that made it riskier and potentially more expensive for U.S.

Accountability 351

Accountability Banking Retail Hacking 351

Krebs on Security

OCTOBER 7, 2020

citizen who absconded from justice before being convicted on multiple counts of fraud in 2015. The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. that was part of John Davies’ 2015 fraud conviction. After eluding justice in the U.K., John Clifton Davies, a.k.a.

Banking 281

Banking Scams Government Advertising 281

Troy Hunt

NOVEMBER 19, 2021

I'm giving away stickers and 3D printed logos every day to a rando who has signed up for my free book preview) Sponsored by: Redgate’s SQL Monitor: always understand the health of your SQL Server estate and avoid potential issues before they impact your business.

Wireless 296

Wireless Mobile 296

Schneier on Security

FEBRUARY 12, 2021

Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it’s a disgruntled insider: either a current or former employee. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing 295

Manufacturing Firewall Media Passwords 295

Krebs on Security

MAY 26, 2020

“ Rechinu ” or “The Shark,” and his ATM company Intacash , were the subject of a three part investigation by KrebsOnSecurity published in September 2015. Tudor, a.k.a.

Government 360

Government Media 360

Krebs on Security

JULY 2, 2021

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw.

Firmware 359

Firmware Passwords Internet Internet 359

Troy Hunt

FEBRUARY 6, 2020

Chrome 80 has hit and that means breaking changes for a bunch of sites (if you haven't already tested your apps, you really want to do that ASAP) The Adult FriendFinder breach is now in HIBP (this is the 2016 one - the 2015 one is already in there) Sponsored by: Duo. Modern security is evolving beyond the perimeter.

261

261

Krebs on Security

SEPTEMBER 25, 2020

man who absconded from justice before being convicted on multiple counts of fraud in 2015. John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. In 2015, Mr. Davies was convicted of stealing more than GBP 750,000 from struggling companies looking to restructure their debt.

Scams 237

Scams Insurance Advertising Technology 237

Schneier on Security

MARCH 4, 2021

2014-2015: China’s hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe. This allows someone with a foothold on a machine to commandeer the whole box. Early 2017: The Equation Group’s tools were teased and then leaked online by a team calling itself the Shadow Brokers.

System Administration 250

System Administration Government Hacking 250

Krebs on Security

JULY 10, 2022

2015: Experian Breach Affects 15 Million Customers. 2015: Experian Breach Tied to NY-NJ ID Theft Ring. 2015: At Experian, Security Attrition Amid Acquisitions. 2015: Experian Hit With Class Action Over ID Theft Service. More greatest hits from Experian: 2017: Experian Site Can Give Anyone Your Credit Freeze PIN.

Accountability 347

Accountability Passwords Authentication Password Management 347

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. ” The IT network of The Manipulaters, circa 2013. Image: Facebook.

Software 276

Software Phishing Cybercrime Accountability 276

Krebs on Security

OCTOBER 30, 2024

which suffered a data breach in 2015 affecting 78.8 Anthem reported revenues of around $80 billion in 2015. According to the HIPAA Journal, the biggest penalty imposed to date for a HIPPA violation was the paltry $16 million fine against the insurer Anthem Inc. million individuals. Image: Darkbeast, ke-la.com.

Healthcare 283

Healthcare Insurance Computers and Electronics Data breaches 283

Schneier on Security

APRIL 5, 2022

We allude to this kind of risk in our 2015 “ Keys Under Doormats ” paper: Third, exceptional access would create concentrated targets that could attract bad actors. Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam.

Scams 320

Scams Engineering Encryption Technology 320

Schneier on Security

JANUARY 14, 2023

Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.”

Hacking 233

Hacking Technology 233

Schneier on Security

MAY 9, 2019

In 2015, the Intercept started publishing " The Drone Papers ," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified.

Software 223

Software 223

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 225

Advertising Antivirus Software Malware 225

Krebs on Security

JUNE 25, 2019

com via Domaintools.com shows the domain was assigned in 2015 to a company called “ Shanghai Blazefire Network Technology Co. com 2015-03-09 GODADDY.COM, LLC. That record, from April 2015, lists Chu Da’s email address as yehuo@blazefire.com. More searching points to a Yehuo user on gamerbbs[.]cn 2333youxi[.]com

Mobile 257

Mobile Technology Manufacturing Malware 257

Schneier on Security

FEBRUARY 26, 2020

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study.

259

259

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift. RaaS rollout 2015 – 2018. Another fundamental tweak was the onset of Ransomware-as-a-Service (RaaS) in May 2015.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

The Hacker News

MAY 2, 2024

The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary

144

144

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. Fitis’s Himba affiliate program, circa February 2014. Image: Archive.org.

Malware 283

Malware Cybercrime Software Accountability 283

Troy Hunt

NOVEMBER 17, 2023

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices.

Identity Theft 243

Identity Theft Government Accountability 243

Troy Hunt

JULY 21, 2021

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

Accountability 363

Accountability Data breaches Government InfoSec 363

Krebs on Security

JANUARY 29, 2022

The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. man who absconded from justice before being convicted on multiple counts of fraud in 2015. But Bernard would adopt a slightly different approach to stealing from Freidig Shipping Ltd. ,

Scams 301

Scams Technology Web Fraud 301

The Hacker News

JULY 8, 2024

Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.

Banking 137

Banking Cyber Attacks Malware 137