2019, Authentication and Web Fraud - Cyber Security Informer

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock.

DNS

DNS Internet Internet Phishing

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

“According to the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out thanks to the development of the Ternopil hacker,” the attorney general’s office said, noting that investigators had identified hundreds of U-Admin customers. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020. authenticate the phone call before sensitive information can be discussed.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

SEPTEMBER 2, 2024

agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites.

Accountability

Accountability Banking Passwords Scams

Does Your Domain Have a Registry Lock?

Krebs on Security

JANUARY 24, 2020

On December 23, 2019, unknown attackers began contacting customer support people at OpenProvider , a popular domain name registrar based in The Netherlands. 23, 2019, the e-hawk.net domain was transferred to a reseller account within OpenProvider. ” Dijkxhoorn shared records obtained from OpenProvider showing that on Dec.

DNS

DNS Social Engineering Engineering Accountability

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Here’s one from would-be victim Shanon, on March 28, 2019, to the scammers. Airbnb could help by adding some type of robust multi-factor authentication, such as Security Keys — which would defeat these Airbnb phishing pages.

Scams

Scams Advertising Accountability Phishing

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

Salesforce told KrebsOnSecurity that this was not a compromise of Pardot, but of a Pardot customer account that was not using multi-factor authentication. However, in such setups the content that gets promoted through the client’s domain is actually hosted on the cloud CRM provider’s systems. Image: APWG. Update, 2:55 p.m.

Phishing

Phishing Marketing Accountability DNS

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

For example, in 2019 McAfee found that for targets in Japan, the 16Shop kit would also collect Web ID and Card Password, while US victims will be asked for their Social Security Number. Various 16Shop lures for Apple users in different languages. Image: Akamai.

Phishing

Phishing Passwords Hacking Internet

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

“The data table “User Feedbacks” (sic) exposes what appear to be customer authentication tokens, user identifiers, and even a customer support request that exposes root-level SMTP credentials–all visible by an unauthenticated user on a Manipulaters-controlled domain. . Given the risk for abuse, this domain will not be published.”

Phishing

Phishing Cybercrime Malware Advertising

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

In many ways, the story arc of the young men allegedly involved in the $243 million heist tracks closely to that of Joel Ortiz , a valedictorian who was sentenced in 2019 to 10 years in prison for stealing more than $5 million in cryptocurrencies.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Mozilla spokesperson Ellen Canale said Mozilla took ownership of virtualfirefox.com in September 2017 after a trademark dispute, but that the DNS nameserver for the record was not reset until January of 2019. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS

DNS Internet Internet Computers and Electronics

Cyber Security Informer

Don’t Let Your Domain Name Become a “Sitting Duck”

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Trending Sources

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Owners of 1-Time Passcode Theft Service Plead Guilty

Does Your Domain Have a Registry Lock?

‘Land Lordz’ Service Powers Airbnb Scams

Phishers are Angling for Your Cloud Providers

Karma Catches Up to Global Phishing Service 16Shop

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Lamborghini Carjackers Lured by $243M Cyberheist

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Stay Connected