Krebs on Security

JUNE 3, 2020

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 See the video and everything.

Banking 363

Banking Advertising Mobile Marketing 363

Schneier on Security

MAY 17, 2024

Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.” .” “Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co

Hacking 321

Hacking Accountability Ransomware Internet 321

Tech Republic Security

JULY 14, 2020

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

Identity Theft 218

Identity Theft Data breaches 218

Krebs on Security

OCTOBER 15, 2020

The NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. Dominitz said he never imagined back in 2015 when he founded Q6Cyber that we would still be seeing so many merchants dealing with magstripe-based data breaches.

Data breaches 360

Data breaches Cybercrime Retail Banking 360

Tech Republic Security

AUGUST 27, 2020

The BeagleBoyz have made off with nearly $2 billion since 2015, and they're back to attacking financial institutions after a short lull in activity.

Banking 218

Banking Government 218

Schneier on Security

OCTOBER 15, 2021

It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s We seem to have to do this every decade or so.)

Risk 355

Risk Encryption 355

Schneier on Security

OCTOBER 23, 2020

We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed. Lots of details in the report. And in this news article : At least 49 of the 50 largest U.S.

Mobile 334

Mobile Engineering Encryption 334

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. 12, 2023 scoop from The Wrap. There are several other studios pursuing documentaries on the Ashley Madison breach, and it’s not hard to see why.

Media 258

Media 258

Krebs on Security

NOVEMBER 11, 2023

More greatest hits from Experian: 2022: Class Action Targets Experian Over Account Security 2017: Experian Site Can Give Anyone Your Credit Freeze PIN 2015: Experian Breach Affects 15 Million Customers 2015: Experian Breach Tied to NY-NJ ID Theft Ring 2015: At Experian, Security Attrition Amid Acquisitions 2015: Experian Hit With Class Action (..)

Accountability 332

Accountability Authentication Passwords Identity Theft 332

Schneier on Security

FEBRUARY 12, 2021

Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it’s a disgruntled insider: either a current or former employee. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing 328

Manufacturing Firewall Media Passwords 328

Krebs on Security

JULY 29, 2020

McCoy and fellow NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. In 2015, the major credit card associations instituted new rules that made it riskier and potentially more expensive for U.S.

Accountability 359

Accountability Banking Retail Hacking 359

Krebs on Security

OCTOBER 7, 2020

citizen who absconded from justice before being convicted on multiple counts of fraud in 2015. The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. that was part of John Davies’ 2015 fraud conviction. After eluding justice in the U.K., John Clifton Davies, a.k.a.

Banking 291

Banking Scams Government Advertising 291

Joseph Steinberg

JANUARY 4, 2021

In 2015 Google began “pausing” Flash animations , and, by late 2016, Google, Microsoft , and Apple had all announced that future versions of their web browsers would block Flash by default.

Technology 246

Technology Mobile Internet Internet 246

Schneier on Security

JANUARY 14, 2023

Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.”

Hacking 259

Hacking Technology 259

Schneier on Security

MAY 9, 2019

In 2015, the Intercept started publishing " The Drone Papers ," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified.

Software 248

Software 248

Troy Hunt

NOVEMBER 19, 2021

I'm giving away stickers and 3D printed logos every day to a rando who has signed up for my free book preview) Sponsored by: Redgate’s SQL Monitor: always understand the health of your SQL Server estate and avoid potential issues before they impact your business.

Wireless 303

Wireless Mobile 303

Krebs on Security

JULY 2, 2021

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw.

Firmware 362

Firmware Passwords Internet Internet 362

Troy Hunt

FEBRUARY 6, 2020

Chrome 80 has hit and that means breaking changes for a bunch of sites (if you haven't already tested your apps, you really want to do that ASAP) The Adult FriendFinder breach is now in HIBP (this is the 2016 one - the 2015 one is already in there) Sponsored by: Duo. Modern security is evolving beyond the perimeter.

263

263

Krebs on Security

SEPTEMBER 25, 2020

man who absconded from justice before being convicted on multiple counts of fraud in 2015. John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. In 2015, Mr. Davies was convicted of stealing more than GBP 750,000 from struggling companies looking to restructure their debt.

Scams 242

Scams Insurance Advertising Technology 242

Schneier on Security

MARCH 4, 2021

2014-2015: China’s hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe. This allows someone with a foothold on a machine to commandeer the whole box. Early 2017: The Equation Group’s tools were teased and then leaked online by a team calling itself the Shadow Brokers.

System Administration 254

System Administration Government Hacking 254

Krebs on Security

MAY 26, 2020

“ Rechinu ” or “The Shark,” and his ATM company Intacash , were the subject of a three part investigation by KrebsOnSecurity published in September 2015. Tudor, a.k.a.

Government 358

Government Media 358

Schneier on Security

APRIL 5, 2022

We allude to this kind of risk in our 2015 “ Keys Under Doormats ” paper: Third, exceptional access would create concentrated targets that could attract bad actors. Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam.

Scams 330

Scams Engineering Encryption Technology 330

Krebs on Security

OCTOBER 30, 2024

which suffered a data breach in 2015 affecting 78.8 Anthem reported revenues of around $80 billion in 2015. According to the HIPAA Journal, the biggest penalty imposed to date for a HIPPA violation was the paltry $16 million fine against the insurer Anthem Inc. million individuals. Image: Darkbeast, ke-la.com.

Healthcare 286

Healthcare Insurance Computers and Electronics Data breaches 286

Schneier on Security

FEBRUARY 26, 2020

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study.

276

276

Krebs on Security

JUNE 25, 2019

com via Domaintools.com shows the domain was assigned in 2015 to a company called “ Shanghai Blazefire Network Technology Co. com 2015-03-09 GODADDY.COM, LLC. That record, from April 2015, lists Chu Da’s email address as yehuo@blazefire.com. More searching points to a Yehuo user on gamerbbs[.]cn 2333youxi[.]com

Mobile 270

Mobile Technology Manufacturing Malware 270

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 233

Advertising Antivirus Software Malware 233

Krebs on Security

JULY 10, 2022

2015: Experian Breach Affects 15 Million Customers. 2015: Experian Breach Tied to NY-NJ ID Theft Ring. 2015: At Experian, Security Attrition Amid Acquisitions. 2015: Experian Hit With Class Action Over ID Theft Service. More greatest hits from Experian: 2017: Experian Site Can Give Anyone Your Credit Freeze PIN.

Accountability 334

Accountability Passwords Authentication Password Management 334

Krebs on Security

JANUARY 31, 2025

The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015. The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.

Phishing 239

Phishing Cybercrime Advertising Malware 239

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift. RaaS rollout 2015 – 2018. Another fundamental tweak was the onset of Ransomware-as-a-Service (RaaS) in May 2015.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Troy Hunt

NOVEMBER 17, 2023

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices.

Identity Theft 255

Identity Theft Government Accountability 255

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. Fitis’s Himba affiliate program, circa February 2014. Image: Archive.org.

Malware 290

Malware Cybercrime Software Accountability 290

Schneier on Security

APRIL 27, 2022

That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014.

Ransomware 247

Ransomware Risk Malware Hacking 247

The Hacker News

MAY 2, 2024

The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary

140

140

Schneier on Security

FEBRUARY 13, 2025

The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

Government 363

Government Artificial Intelligence Banking Software 363

Schneier on Security

MAY 5, 2020

Kaspersky went on to find tens of other, similar spyware apps dating back to 2015 that Google had already removed from its Play Store, but which were still visible in archived mirrors of the app repository. "What's important is the ability to download new malicious payloads," he says. "It It could extend its features significantly.".

Malware 265

Malware Spyware Phishing Government 265

Krebs on Security

JUNE 23, 2021

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Secret Service for 12 years until 2015. As it happens, KrebsOnSecurity wrote about that particular shimmer back in August 2015.

Banking 346

Banking Encryption Wireless Accountability 346

Krebs on Security

APRIL 7, 2022

Security experts say both VPNFilter and Cyclops Blink are the work of a hacking group known as Sandworm or Voodoo Bear , the same Russian team blamed for disrupting Ukraine’s electricity in 2015. billion euros in 2020 alone.

Marketing 291

Marketing Energy and Utilities Malware Ransomware 291