Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. According to the FAQ posted on its site , “ Norton Crypto ” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle.

Cryptocurrency 352

Cryptocurrency Computers and Electronics Antivirus Identity Theft 352

Security Affairs

NOVEMBER 19, 2021

million worth of cryptocurrency. million worth of cryptocurrency from an American individual. The news of the arrest was disclosed by the Hamilton Police in Ontario, Canada, as a result of a joint investigation conducted by the FBI and the United States Secret Service Electronic Crimes Task Force that started in March 2020.

Cryptocurrency 145

Cryptocurrency Accountability Hacking Information Security 145

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. In January 2020, a New York grand jury criminally indicted Truglia (PDF) for his part in the crypto theft from Terpin.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor.

Cryptocurrency 273

Cryptocurrency Accountability Mobile Hacking 273

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Security Affairs

DECEMBER 25, 2020

Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its servers. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers to stop using its services. Pierluigi Paganini.

Cryptocurrency 141

Cryptocurrency Hacking Accountability 141

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking 327

Hacking Social Engineering Phishing Scams 327

Security Affairs

APRIL 3, 2021

Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks was reported at least since the end of 2020, when some software developers reported the malicious activity on their repositories. Pierluigi Paganini.

Cryptocurrency 144

Cryptocurrency Accountability Software Engineering 144

SecureList

FEBRUARY 16, 2021

In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service. Overall, Q4 remained within the parameters of 2020 trends.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies.

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

SecureList

MARCH 31, 2021

2020 was challenging for everyone: companies, regulators, individuals. As a result, 2020 was extremely eventful in terms of digital threats, in particular those faced by financial institutions. In 2020, the group tried its hand at the big extortion game with the VHD ransomware family.

Banking 145

Banking Phishing Malware Mobile 145

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw

Scams 303

Scams DDOS Cryptocurrency Accountability 303

Security Affairs

OCTOBER 30, 2023

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. The man was sentenced for his role in a hacking scheme that led to the theft of approximately $1M worth of cryptocurrency from dozens of victims. ” reads the press release published by DoJ.

Cryptocurrency 136

Cryptocurrency Accountability Hacking Cybercrime 136

Security Affairs

FEBRUARY 16, 2020

IOTA Foundation behind the IOTA cryptocurrency was forced to shut down its entire network following a cyber attack that resulted in the theft of funds. In response to the incident, the IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency , has decided to take down its entire network. Pierluigi Paganini.

Cryptocurrency 142

Cryptocurrency Advertising Accountability Cyber Attacks 142

Security Affairs

FEBRUARY 28, 2021

The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. According to the local news site Stuff , a creditor, U.S.

Cryptocurrency 120

Cryptocurrency Hacking Cyber Attacks Accountability 120

Security Affairs

MARCH 18, 2021

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report , which includes data from 791,790 complaints of suspected cybercrimes. Data that emerged from the report are worrisome, in 2020 the reported losses exceeded $4.2 ” reads 2020 Internet Crime Report. billion in losses.

Internet 122

Internet Internet Scams Identity Theft 122

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 336

Hacking Phishing Cybercrime Passwords 336

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. 5/29 ???????????????

Accountability 129

Accountability Phishing DNS Cryptocurrency 129

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. It just so happened that the year 2020 gave hackers a large number of powerful news topics, with the COVID-19 pandemic as the biggest of these.

Mobile 145

Mobile Malware Adware Banking 145

Krebs on Security

JULY 26, 2021

02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor. All of those come into play in the case of the Snapchat account of actor Bella Thorne , who was allegedly targeted by PlugwalkJoe and associates in June 2019. In this case, the SIM swap was done to wrest control over Thorne’s Snapchat account.

Media 351

Media Hacking Accountability Scams 351

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 275

Phishing Cryptocurrency DDOS Internet 275

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. Analysts predict that mobile gaming will account for $90.7 Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021.

Mobile 140

Mobile Adware Malware Phishing 140

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 145

Accountability Malware Data breaches Passwords 145

Krebs on Security

SEPTEMBER 17, 2022

” In December 2020, Discoli took credit for hacking and leaking the user database for OGUsers, a forum overrun with people looking to buy, sell and trade access to compromised social media accounts. “That call led to the arrests. McGovern-Allen and the three U.K. Joseph James O’Connor , a.k.a.

Cryptocurrency 270

Cryptocurrency Accountability Scams Hacking 270

Krebs on Security

DECEMBER 19, 2022

conspired to hack into Yahoo email accounts belonging to victims in the United States. From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. . “ChumLul,” 22, of Racine, Wisc.,

Hacking 329

Hacking Passwords Media Accountability 329

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The group of teenagers who hacked Twitter hailed from a community that traded in hacked social media accounts.

Social Engineering 291

Social Engineering Phishing Engineering Accountability 291

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 341

Mobile Phishing Authentication Accountability 341

Krebs on Security

JANUARY 18, 2021

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. But 2020 turned out to be a tough year for Joker’s Stash. and European authorities seized a number of its servers. Image: Gemini Advisory. Then on Dec.

Marketing 301

Marketing Cybercrime Accountability Cryptocurrency 301

Security Affairs

OCTOBER 28, 2021

Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. Threat actors have stolen $130 million worth of cryptocurrency assets from the decentralized finance (DeFi) platform. increase from 2020. DeFi-related fraud continues to rise, as well.

Cryptocurrency 102

Cryptocurrency Marketing Hacking Financial Services 102

Krebs on Security

JANUARY 28, 2022

That same ToX ID was claimed by a user called “ smiseo ” on the Russian forum BHF, in which smiseo advertises “clipper” malware written in Rust that swaps in the attacker’s bitcoin address when the victim copies a cryptocurrency address to their computer’s temporary clipboard. I AM DUCKERMAN.

Ransomware 331

Ransomware Accountability Cybercrime Malware 331

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. which owns LinkedIn, said in September 2022 that it had detected a wide range of social engineering campaigns using a proliferation of phony LinkedIn accounts.

Malware 330

Malware Software Technology Accountability 330

SecureWorld News

JUNE 27, 2023

The first, referred to as the SDNY Case, revolves around a fraudulent scheme in which O'Connor and his co-conspirators employed SIM swap attacks to steal approximately $794,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company.

Hacking 96

Hacking Cybercrime Cryptocurrency Accountability 96

Krebs on Security

SEPTEMBER 13, 2024

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account. ” Beige members were implicated in two stories published here in 2020.

Cybercrime 322

Cybercrime Accountability Mobile Hacking 322

Security Affairs

APRIL 4, 2023

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. The Gopuram backdoor was first discovered by Kaspersky in 2020, but the researchers observed a surge in the number of infections in March 2023, likely coinciding with the attack on 3CX.

Cryptocurrency 98

Cryptocurrency Malware Software Manufacturing 98

Krebs on Security

JUNE 15, 2021

For starters, it appears at one point in 2020 Witte actually hosted Trickbot malware on a vanity website registered in her name — allawitte[.]nl. ” According to the DOJ, Witte had access to Trickbot for roughly two years between 2018 and 2020. On June 7, the DOJ announced it had clawed back $2.3

Cybercrime 355

Cybercrime Ransomware Passwords Banking 355