Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

VPN 363

VPN Passwords Software Telecommunications 363

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability 355

Accountability Mobile Banking Passwords 355

Krebs on Security

JULY 8, 2019

In the 15-month span of the GandCrab affiliate enterprise beginning in January 2018 , its curators shipped five major revisions to the code, each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malware. The GandCrab identity on Exploit[.]in

Ransomware 273

Ransomware Accountability Cybercrime Passwords 273

Krebs on Security

FEBRUARY 4, 2020

The government says Quantum Stresser had more than 80,000 customer subscriptions, and that during 2018 the service was used to conduct approximately 50,000 actual or attempted attacks targeting people and networks worldwide. and international authorities in December 2018 as part of a coordinated takedown targeting attack-for-hire services.

Internet 312

Internet Internet Government Accountability 312

Krebs on Security

DECEMBER 16, 2021

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Cryptocurrency 361

Cryptocurrency Mobile Accountability Scams 361

Troy Hunt

SEPTEMBER 11, 2018

What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn't just need a username and birth date to reset the account password. link] — Troy Hunt (@troyhunt) April 18, 2018. AjaxStudy) April 18, 2018.

Media 259

Media Accountability Passwords Mobile 259

Krebs on Security

JANUARY 22, 2025

Caturegli said while he does have an account on Bugcrowd, he has never submitted anything through the Bugcrowd program, and that he reported this issue directly to MasterCard. The Russian search giant Yandex reports this user account belongs to an “Ivan I.” MasterCard’s request to Caturegli, a.k.a.

DNS 359

DNS Internet Internet Risk 359

Krebs on Security

JANUARY 2, 2019

29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain. 2, 2018 shows the company is still struggling to restore services more than a week after the attack began.

Ransomware 250

Ransomware Malware Backups Accountability 250

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. The text messages contained a link to unlock their accounts and led customers to a Web site that mimicked the legitimate Fifth Third site. Image: Mastercard.us.

Phishing 259

Phishing Banking Scams Accountability 259

Krebs on Security

JULY 13, 2020

Since its inception in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access to the largest collection of private hacker channels, pastes, forums and breached databases on the market.” But on Aug.

Hacking 361

Hacking Marketing Cybercrime Accountability 361

Security Affairs

JULY 27, 2022

Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to be active since 2018. The end goal is to hijack Facebook Business accounts managed by the victims.

Accountability 132

Accountability Malware Media Marketing 132

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. It employs some 18,000 people and brought in $6.2

Insurance 337

Insurance Financial Services Penetration Testing Scams 337

Schneier on Security

FEBRUARY 6, 2019

The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud. News article.

Accountability 249

Accountability Scams 249

Troy Hunt

SEPTEMBER 17, 2019

troyhunt pic.twitter.com/9FMSdvVRiL — Hagen (@hagendittmer) June 3, 2018. link] @troyhunt — Daniel Parker (@CodyMcCodeFace) June 21, 2018. This is also the advice of the @NCSC [link] — Brian Gentles (@phuzi_) June 21, 2018. However, after 3 attempts of entering an Access Code your account will be blocked.

Banking 237

Banking Passwords Accountability Authentication 237

Krebs on Security

MAY 24, 2019

The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. billion in 2018. In August 2018, financial industry giant Fiserv Inc.

Insurance 279

Insurance Banking Identity Theft Scams 279

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 316

Hacking Accountability Scams Media 316

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. universities). .”

Cryptocurrency 357

Cryptocurrency Malware Mobile Accountability 357

Krebs on Security

JUNE 21, 2021

While documenting each device that needs protection is a necessary first step, a number of recent cyberattacks on water treatment systems have been blamed on a failure to properly secure water treatment employee accounts that can be used for remote access. Image: WaterISAC. A copy of the Water ISAC report is available here (PDF).

Hacking 354

Hacking Accountability Cybersecurity Technology 354

Krebs on Security

SEPTEMBER 5, 2023

Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts.

Cryptocurrency 360

Cryptocurrency Passwords Encryption Accountability 360

Krebs on Security

DECEMBER 1, 2020

“In early 2018, Vaughn demanded 1.5 Among the Apophis Squad’s targets was encrypted mail service Protonmail, which reached out to this author in 2018 for clues about the identities of the Apophis Squad members after noticing we were both being targeted by them and receiving demands for money in exchange for calling off the attacks.

DDOS 268

DDOS Hacking Mobile Encryption 268

Troy Hunt

JULY 21, 2021

Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? But there's also a lot of consistency, for example, here's a piece on whether it's legal to access an employee's email account in Australia : The short answer is yes.

Accountability 363

Accountability Data breaches Government InfoSec 363

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies.

Mobile 258

Mobile Cryptocurrency Accountability Authentication 258

Krebs on Security

NOVEMBER 9, 2018

In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs. The Twitter account @phobia, a.k.a. Ryan Stevenson. The victim said he was told by investigators in Santa Clara, Calif.

Mobile 218

Mobile Accountability Cryptocurrency Media 218

Krebs on Security

DECEMBER 19, 2018

The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Internet 245

Internet Internet Software Engineering 245

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. A USPS brochure advertising the features and benefits of Informed Visibility.

Accountability 276

Accountability Authentication Identity Theft Advertising 276

Krebs on Security

MARCH 16, 2021

Lucky225 showed how anyone could do the same after creating an account at a service called Sakari , a company that helps celebrities and businesses do SMS marketing and mass messaging. From there, the attacker can reset the password of any account which uses that phone number for password reset links. .”

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Krebs on Security

SEPTEMBER 14, 2020

“He said we used to use big accounting firms for this but found them to be ineffective,” Nick said. “The company they wanted us to use looked like a real accounting firm, but we couldn’t find any evidence that they were real. Also, we asked to see an investment portfolio.

Scams 347

Scams Cryptocurrency Accountability Technology 347

Krebs on Security

AUGUST 7, 2018

On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher , an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. “Handschumacher and the co-conspirators discuss compromising the CEO’s Skype account and T-Mobile account. A WORRIED MOM. GRAND PLANS.

Mobile 238

Mobile Cryptocurrency Scams Computers and Electronics 238

Krebs on Security

MARCH 17, 2021

Wondering whether he might receive email communications to that address if he registered the domain, Vegh snapped it up for a few dollars, set up a catch-all email account for it, and waited. “My accounts were hacked and if any funding is gone your [sic] sued from me and federal trade commission,” one wrote.

Banking 340

Banking Accountability Software Mobile 340

Krebs on Security

JULY 12, 2024

Earlier this year, malicious hackers figured out that many major companies have uploaded massive amounts of valuable and sensitive customer data to Snowflake servers, all the while protecting those Snowflake accounts with little more than a username and password. million current AT&T account holders and roughly 65.4

Data breaches 341

Data breaches Passwords Authentication Accountability 341

Krebs on Security

SEPTEMBER 22, 2023

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. KrebsOnSecurity last month interviewed a victim who recently saw more than three million dollars worth of cryptocurrency siphoned from his account.

Passwords 306

Passwords Encryption Password Management Cryptocurrency 306

Schneier on Security

OCTOBER 13, 2020

The IPv6 addresses were traced to Verizon Wireless, which told the investigators that the addresses were in use by an account belonging to Williams. On October 25, 2018, police obtained records showing that Molina’s Honda had been impounded earlier that year after Molina’s stepfather was caught driving the car without a license.

Surveillance 363

Surveillance Wireless Accountability Architecture 363

Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you.

Accountability 325

Accountability Passwords Authentication Insurance 325

Krebs on Security

FEBRUARY 5, 2019

Investigators allege that between October 2016 and May 2018, Hared and Ditman grew proficient at SIM swapping, a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. .” Winblo’s account on ogusers[.]com Soon after that, his phone went dead.

Cryptocurrency 214

Cryptocurrency Identity Theft Mobile Accountability 214

Krebs on Security

JULY 26, 2021

But most of the coverage seems to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks — all in a frenzied effort to seize control over social media accounts. FEMALE TARGETS.

Media 345

Media Hacking Accountability Scams 345

Krebs on Security

MAY 3, 2019

The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites. Brookfield, Wisc.-based billion in earnings last year.

Banking 222

Banking Accountability Passwords Technology 222

Krebs on Security

NOVEMBER 20, 2020

Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018. From there, attackers can gain access to any accounts that allow password resets via SMS or automated calls, from email and social media profiles to virtual currency trading platforms.

Cryptocurrency 279

Cryptocurrency Mobile Authentication Accountability 279