2018 and Web Fraud - Cyber Security Informer

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

In December 2018, a then 21-year-0ld Troy Woody Jr. sued Iza, Zelocchi and Zort, alleging (PDF) Iza and Zelocchi were involved in a 2018 home invasion at his residence, wherein Woody claimed his assailants stole laptops and phones containing more than $200 million in cryptocurrencies. and refers to T.W. In December 2022, Troy Woody Jr.

Cryptocurrency

Cryptocurrency Government Internet Internet

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. In February 2018, LastPass changed the default to 100,100 iterations. LastPass sent this notification to users earlier this week.

Passwords

Passwords Encryption Password Management Cryptocurrency

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. universities).

Cryptocurrency

Cryptocurrency Malware Mobile Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

LastPass says that since 2018 it has required a twelve-character minimum for master passwords, which the company said “greatly minimizes the ability for successful brute force password guessing.” In February 2018, LastPass changed the default to 100,100 iterations. And very recently, it upped that again to 600,000.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

RaidForums Gets Raided, Alleged Admin Arrested

Krebs on Security

APRIL 12, 2022

authorities in June 2018, when he tried to enter the United States at the Hartsfield-Jackson International Airport in Atlanta. “In an attempt to retrieve his items, Coelho called the lead FBI case agent on or around August 2, 2018, and used the email address unrivalled@pm.me Coelho landed on the radar of U.S.

Government

Government Identity Theft Mobile Data breaches

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

CRYPTEX In early 2018, Taleon and the proprietors of UAPS launched a cryptocurrency exchange called Cryptex[.]net A screenshot of Chainalysis’s summary of illicit activity on Cryptex since the exchange’s inception in 2018. net that has emerged as a major mover of ill-gotten crypto coins.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. 13, 2018 bomb threat hoax. domaincontrol.com, and ns18.domaincontrol.com.

DNS

DNS Internet Internet Computers and Electronics

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

MARCH 22, 2024

Launched in 2018 under the name Firefox Monitor , Mozilla Monitor also checks data from the website Have I Been Pwned? Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus.

Media

Media Government Data breaches Marketing

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

Alas, in 2018, the.llc TLD was born and began selling domains. From then on, anyone who registered company.llc would be able to passively intercept that organization’s Microsoft Windows credentials, or actively modify those connections in some way — such as redirecting them somewhere malicious.

DNS

DNS Internet Internet Authentication

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

As far back as 2018, Interisle found.US Or so concludes The Interisle Consulting Group , which gathers phishing data from multiple industry sources and publishes an annual report on the latest trends. domains were the worst in the world for spam, botnet (attack infrastructure for DDOS etc.) and illicit or harmful content.

Phishing

Phishing Telecommunications Malware Scams

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

NOVEMBER 13, 2021

” Troia’s work as a security researcher was the subject of a 2018 article here titled, “ When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference? Troia says the individual has been associated in the past with incidents aimed at damaging the security researcher’s reputation.”

Internet

Internet Internet Hacking Accountability

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

In July 2018, Google disclosed that it had not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical security keys in place of one-time codes. Thus, the second factor cannot be phished, either over the phone or Internet.

Hacking

Hacking Social Engineering Phishing Scams

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

In May 2018, the FBI executed a similar strategy to dismantle VPNFilter, which had spread to more than a half-million consumer devices. On April 1, ASUS released updates to fix the security vulnerability in a range of its Wi-Fi routers.

Marketing

Marketing Energy and Utilities Malware Ransomware

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

In 2018, KrebsOnSecurity detailed how Stevenson earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their websites, all the while secretly peddling those same vulnerabilities to cybercriminals.

Hacking

Hacking Government Media Accountability

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Security Boulevard

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he's confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings.

Malware

Malware Web Fraud

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

In late September 2018, the REACT Task Force spearheaded an investigation that led to the arrest of two Missouri men — both in their early 20s — who are accused of conducting SIM swaps to steal $14 million from a cryptocurrency company based in San Jose, Calif. . million customers.

Mobile

Mobile Cryptocurrency Accountability Passwords

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

NOVEMBER 13, 2018

Likewise, kavanaghsirishpub-dot-com corresponded to a pub and restaurant in Tennessee until mid-2018; now it’s pretending to sell cheap Nike shoes. “We have observed more than 800 sites hosting these brand impersonation/skimming stores since June 2018,” the report notes. It’s now advertising running shoes.

Accountability

Accountability eCommerce Cybercrime Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

In September 2018, a user by the name “ ципа ” (phonetically “ Zipper ” in Russian) registered on the Russian hacking forum Lolzteam using the edgard0111012@gmail.com address.

Scams

Scams DDOS Cryptocurrency Accountability

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

guru show that in 2018 the domains were forwarding incoming email to the address obelisk57@gmail.com. The registration records for the website Cryptor[.]biz biz are hidden behind privacy protection services, but the site’s homepage says potential customers should register by visiting the domain crypt[.]guru ” Crypt[.]guru’s

Malware

Malware Antivirus Cybercrime Hacking

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Intel 471 says a rumor has been circulating on Exploit and other forums upO frequented that he was the mastermind behind GandCrab , another ransomware-as-a-service affiliate program that first surfaced in January 2018 and later bragged about extorting billions of dollars from hacked businesses when it closed up shop in June 2019.

Malware

Malware Cybercrime Ransomware Marketing

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

That’s down from 53 percent that did so in 2018, Okta found. According to a report this year from Okta, 47 percent of workforce customers deploy SMS and voice factors for multi-factor authentication.

Mobile

Mobile Phishing Authentication Accountability

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

based United Rentals [ NYSE:URI ] is the world’s largest equipment rental company, with some 18,000 employees and earnings of approximately $4 billion in 2018. While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com). Stamford, Ct.-based

Phishing

Phishing Marketing Accountability DNS

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

.” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic , some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes.

Accountability

Accountability Hacking Media Mobile

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

This 2018 story from travel blog goatsontheroad.com tells the tale of a couple that was very nearly scammed by a Land Lordz-like trap, before the wife figures out they’re no longer on airbnb.com.

Scams

Scams Advertising Accountability Phishing

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

Zukhov was arrested in Bulgaria in 2018 and extradited to the United States. The journal explains that Zhukov lived with a ChronoPay employee and had a great deal of interaction with ChronoPay’s high-risk department, so much so that Zhukov at one point gave Vrublevsky a $100,000 jeweled watch as a gift.

Banking

Banking Marketing DDOS Risk

Beware of Hurricane Florence Relief Scams

Krebs on Security

SEPTEMBER 24, 2018

The landing page for hurricaneflorencerelieffund-dot-com also is the landing page for at least 4 other Hurricane Florence donation sites that use the same anonymous PayPal address. Among the earliest of these is hurricaneflorencerelieffund-dot-com , registered anonymously via GoDaddy on Sept.

Scams

Scams Accountability Media Web Fraud

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

OCTOBER 15, 2019

million cards added; 2018 brought in 9.2 The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. But business would pick up in each of the years that followed: In 2016, BriansClub uploaded 2.89 million stolen cards; 2017 saw some 4.9 million more. million cards.

Hacking

Hacking Cybercrime Marketing Banking

Who’s In Your Online Shopping Cart?

Krebs on Security

NOVEMBER 4, 2018

In September, Symantec said it blocked almost a quarter of a million instances of attempted formjacking since mid-August 2018. ” It’s unclear if the compromises detailed in this post are related to the work of that crime gang.

Antivirus

Antivirus Hacking Internet Internet

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

The FBI says BEC scams netted thieves more than $12 billion between 2013 and 2018. However, BEC scams succeed thanks to help from a variety of seemingly unrelated types of online fraud — most especially dating scams.

Scams

Scams Accountability Media Banking

Tech CEO Sentenced to 5 Years in IP Address Scheme

Krebs on Security

OCTOBER 17, 2023

In 2018, ARIN sued Golestan and Micfo, alleging they had obtained hundreds of thousands of IP addresses under false pretenses. Canada, and parts of the Caribbean. Amir Golestan, the former CEO of Micfo. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn’t already sold.

Internet

Internet Internet VPN Marketing

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Krebs on Security

OCTOBER 9, 2023

com , which DomainTools.com says was registered way back in September 2018 to an individual in Nigeria. According to dnslytics.com , that same analytics code has shown up on at least six other nearly identical USPS phishing pages dating back nearly as many years, including onlineuspsexpress[.]com

Phishing

Phishing Scams Passwords Web Fraud

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

In 2018, KrebsOnSecurity examined a huge network of phishing sites masquerading as the top carding stores which all traced back to a web development group in Pakistan that’s apparently been stealing from thieves for years.

Phishing

Phishing Cybercrime Accountability Advertising

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

As far back as 2018, Interisle found.US . “These ccTLDs make a strong case for validating domain registrants in the interest of public safety.” ” Sadly,US has been a cesspool of phishing activity for many years. domains were the worst in the world for spam, botnet (attack infrastructure for DDOS etc.)

Phishing

Phishing Telecommunications Government DNS

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

The user “ Transfer ” advertised and sold access to 911 from 2016 to 2018, amid many sales threads where they advertised expensive electronics and other consumer goods that were bought online with stolen credit cards. Both of these identities were active on the crime forum fl.l33t[.]su su between 2016 and 2019.

VPN

VPN Computers and Electronics Antivirus Software

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings.

Scams

Scams Marketing Internet Internet

Russian Govt. Continues Carding Shop Crackdown

Krebs on Security

FEBRUARY 9, 2022

In 2018, the U.S. .” The arrests of the six men comes less than two weeks after Russian law enforcement officials detained four suspected carders — including Andrey Sergeevich Novak , the reputed owner of the extremely popular and long-running UniCC carding shop.

Cybercrime

Cybercrime Marketing Identity Theft Retail

Cyber Security Informer

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Trending Sources

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

RaidForums Gets Raided, Alleged Admin Arrested

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Local Networks Go Global When Domain Names Collide

US Harbors Prolific Malicious Link Shortening Service

Hoax Email Blast Abused Poor Coding in FBI Website

When Low-Tech Hacks Cause High-Impact Breaches

Actions Target Russian Govt. Botnet, Hydra Dark Market

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Busting SIM Swappers and SIM Swap Myths

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Interview With a Crypto Scam Investment Spammer

Why Malware Crypting Services Deserve More Scrutiny

This Service Helps Malware Authors Fix Flaws in their Code

How 1-Time Passcodes Became a Corporate Liability

Phishers are Angling for Your Cloud Providers

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

‘Land Lordz’ Service Powers Airbnb Scams

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Beware of Hurricane Florence Relief Scams

“BriansClub” Hack Rescues 26M Stolen Cards

Who’s In Your Online Shopping Cart?

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Tech CEO Sentenced to 5 Years in IP Address Scheme

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Phishing Sites Targeting Scammers and Thieves

Why is.US Being Used to Phish So Many of Us?

A Deep Dive Into the Residential Proxy Service ‘911’

Who’s Behind the ‘Web Listings’ Mail Scam?

Russian Govt. Continues Carding Shop Crackdown

Stay Connected