Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2018-13379: The Eternal Exploit What is CVE-2018-13379?

VPN 133

VPN Authentication Ransomware Risk 133

Krebs on Security

FEBRUARY 4, 2025

Department of Justice said it seized eight domain names that were used to operate Cracked, a cybercrime forum that sprang up in 2018 and attracted more than four million users. The email address used for those accounts was f.grimpe@gmail.com. ” Image: Ke-la.com. 30, the U.S. lol and nulled[.]it.

eCommerce 208

eCommerce Cybercrime Accountability Passwords 208

The Hacker News

DECEMBER 17, 2024

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.

Data breaches 123

Data breaches Accountability 123

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. million from 158 Poloniex users, and $1.17

Cryptocurrency 363

Cryptocurrency Phishing Accountability Cybercrime 363

Schneier on Security

APRIL 2, 2020

name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government.

Hacking 267

Hacking Accountability Data breaches Government 267

Krebs on Security

APRIL 10, 2020

Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics 362

Computers and Electronics Banking Accountability Scams 362

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

VPN 363

VPN Passwords Software Telecommunications 363

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability 359

Accountability Mobile Banking Passwords 359

Krebs on Security

FEBRUARY 4, 2020

The government says Quantum Stresser had more than 80,000 customer subscriptions, and that during 2018 the service was used to conduct approximately 50,000 actual or attempted attacks targeting people and networks worldwide. and international authorities in December 2018 as part of a coordinated takedown targeting attack-for-hire services.

Internet 328

Internet Internet Government Accountability 328

Krebs on Security

JULY 8, 2019

In the 15-month span of the GandCrab affiliate enterprise beginning in January 2018 , its curators shipped five major revisions to the code, each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malware. The GandCrab identity on Exploit[.]in

Ransomware 278

Ransomware Accountability Cybercrime Passwords 278

Krebs on Security

JANUARY 2, 2019

29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain. 2, 2018 shows the company is still struggling to restore services more than a week after the attack began.

Ransomware 262

Ransomware Malware Backups Accountability 262

Krebs on Security

DECEMBER 16, 2021

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. The text messages contained a link to unlock their accounts and led customers to a Web site that mimicked the legitimate Fifth Third site. Image: Mastercard.us.

Phishing 269

Phishing Banking Scams Accountability 269

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. It employs some 18,000 people and brought in $6.2

Insurance 351

Insurance Financial Services Penetration Testing Scams 351

Troy Hunt

SEPTEMBER 17, 2019

troyhunt pic.twitter.com/9FMSdvVRiL — Hagen (@hagendittmer) June 3, 2018. link] @troyhunt — Daniel Parker (@CodyMcCodeFace) June 21, 2018. This is also the advice of the @NCSC [link] — Brian Gentles (@phuzi_) June 21, 2018. However, after 3 attempts of entering an Access Code your account will be blocked.

Banking 253

Banking Passwords Accountability Authentication 253

Krebs on Security

JULY 13, 2020

Since its inception in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access to the largest collection of private hacker channels, pastes, forums and breached databases on the market.” But on Aug.

Hacking 363

Hacking Marketing Cybercrime Accountability 363

SecureWorld News

NOVEMBER 17, 2024

This challenge is especially prevalent for UK small and medium-sized enterprises (SMEs) which account for 99.9% A multifaceted regulatory environment The Data Protection Act 2018, implementing the EU's GDPR, imposes significant obligations on organizations to handle personal data responsibly. of the UK's business population, 5.5

Cybersecurity 120

Cybersecurity Risk Healthcare Accountability 120

Security Affairs

JULY 27, 2022

Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to be active since 2018. The end goal is to hijack Facebook Business accounts managed by the victims.

Accountability 132

Accountability Malware Media Marketing 132

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 332

Hacking Accountability Scams Media 332

Schneier on Security

FEBRUARY 6, 2019

The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud. News article.

Accountability 244

Accountability Scams 244

Krebs on Security

JANUARY 19, 2021

The release was granted in part due to Ferizi’s 2018 diagnosis if asthma, as well as a COVID outbreak at the facility where he was housed in 2020. ” [Side note: It may be little more than a coincidence, but my PayPal account was hacked in Dec. military members and government employees.

Identity Theft 351

Identity Theft Government Social Engineering Accountability 351

Krebs on Security

DECEMBER 19, 2018

The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Internet 260

Internet Internet Software Engineering 260

Krebs on Security

DECEMBER 1, 2020

“In early 2018, Vaughn demanded 1.5 Among the Apophis Squad’s targets was encrypted mail service Protonmail, which reached out to this author in 2018 for clues about the identities of the Apophis Squad members after noticing we were both being targeted by them and receiving demands for money in exchange for calling off the attacks.

DDOS 281

DDOS Hacking Mobile Encryption 281

Krebs on Security

NOVEMBER 9, 2018

In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs. The Twitter account @phobia, a.k.a. Ryan Stevenson. The victim said he was told by investigators in Santa Clara, Calif.

Mobile 230

Mobile Accountability Cryptocurrency Media 230

Security Affairs

DECEMBER 6, 2024

Impacts vary depending on users’ browsers, cookies, and third-party account activity. The company pointed out that no Social Security numbers, financial accounts, or credit/debit card information were affected. added Atrium Health. Affected individuals were notified in September.

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Krebs on Security

MAY 24, 2019

The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. billion in 2018. In August 2018, financial industry giant Fiserv Inc.

Insurance 279

Insurance Banking Identity Theft Scams 279

Krebs on Security

JUNE 21, 2021

While documenting each device that needs protection is a necessary first step, a number of recent cyberattacks on water treatment systems have been blamed on a failure to properly secure water treatment employee accounts that can be used for remote access. Image: WaterISAC. A copy of the Water ISAC report is available here (PDF).

Hacking 361

Hacking Accountability Cybersecurity Technology 361

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. universities). .”

Cryptocurrency 362

Cryptocurrency Malware Mobile Accountability 362

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

DECEMBER 25, 2024

In 2018, the Lazarus APT group targeted several cryptocurrency exchanges , including the campaign tracked as Operation AppleJeus discovered in August 2018. The company assured customers their Bitcoin (BTC) deposits would be fully guaranteed. ” reads the press release published by FBI. FBI concludes.

Cryptocurrency 122

Cryptocurrency Social Engineering Hacking Cybercrime 122

Krebs on Security

SEPTEMBER 5, 2023

Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Troy Hunt

MAY 29, 2018

— Troy Hunt (@troyhunt) February 22, 2018. Until this happened: If you use 1Password account you now have a brand new Watchtower integrated with @haveibeenpwned API. pic.twitter.com/toyyNRPI4h — Roustem Karimov (@roustem) May 3, 2018. pic.twitter.com/hTm9risTx5 — Troy Hunt (@troyhunt) May 23, 2018.

Passwords 264

Passwords Accountability Data breaches Password Management 264

Krebs on Security

AUGUST 7, 2018

On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher , an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. “Handschumacher and the co-conspirators discuss compromising the CEO’s Skype account and T-Mobile account. A WORRIED MOM. GRAND PLANS.

Mobile 251

Mobile Cryptocurrency Computers and Electronics Scams 251

Troy Hunt

JULY 21, 2021

Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? But there's also a lot of consistency, for example, here's a piece on whether it's legal to access an employee's email account in Australia : The short answer is yes.

Accountability 363

Accountability Data breaches Government InfoSec 363

Krebs on Security

SEPTEMBER 22, 2023

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. KrebsOnSecurity last month interviewed a victim who recently saw more than three million dollars worth of cryptocurrency siphoned from his account.

Passwords 327

Passwords Encryption Password Management Cryptocurrency 327

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. A USPS brochure advertising the features and benefits of Informed Visibility.

Accountability 279

Accountability Authentication Identity Theft Advertising 279

SecureWorld News

JANUARY 8, 2025

They had to switch to manual operations for everythingeven basic accounting. Colorado Timberline (Denver): Colorado Timberline, a custom printing and embroidery company based in Denver, abruptly shut down in September 2018. Here's what happened: In August 2024, Stoli got hit with ransomware. Now, four months later, two U.S.

Ransomware 113

Ransomware Manufacturing Government Accountability 113