Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. In January 2020, a New York grand jury criminally indicted Truglia (PDF) for his part in the crypto theft from Terpin.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. According to the FAQ posted on its site , “ Norton Crypto ” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle.

Cryptocurrency 348

Cryptocurrency Computers and Electronics Antivirus Identity Theft 348

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor.

Cryptocurrency 271

Cryptocurrency Accountability Mobile Hacking 271

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency 360

Cryptocurrency Passwords Encryption Accountability 360

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Security Affairs

DECEMBER 25, 2020

Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its servers. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers to stop using its services. Pierluigi Paganini.

Cryptocurrency 140

Cryptocurrency Hacking Accountability 140

Security Affairs

APRIL 3, 2021

Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks was reported at least since the end of 2020, when some software developers reported the malicious activity on their repositories. Pierluigi Paganini.

Cryptocurrency 144

Cryptocurrency Accountability Software Engineering 144

SecureList

FEBRUARY 16, 2021

In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service. Overall, Q4 remained within the parameters of 2020 trends.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies.

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

SecureList

MARCH 31, 2021

2020 was challenging for everyone: companies, regulators, individuals. As a result, 2020 was extremely eventful in terms of digital threats, in particular those faced by financial institutions. In 2020, the group tried its hand at the big extortion game with the VHD ransomware family.

Banking 145

Banking Phishing Malware Mobile 145

Security Affairs

OCTOBER 30, 2023

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. The man was sentenced for his role in a hacking scheme that led to the theft of approximately $1M worth of cryptocurrency from dozens of victims. ” reads the press release published by DoJ.

Cryptocurrency 136

Cryptocurrency Accountability Hacking Cybercrime 136

Security Affairs

FEBRUARY 16, 2020

IOTA Foundation behind the IOTA cryptocurrency was forced to shut down its entire network following a cyber attack that resulted in the theft of funds. In response to the incident, the IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency , has decided to take down its entire network. Pierluigi Paganini.

Cryptocurrency 142

Cryptocurrency Advertising Accountability Cyber Attacks 142

Security Affairs

FEBRUARY 28, 2021

The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. According to the local news site Stuff , a creditor, U.S.

Cryptocurrency 120

Cryptocurrency Hacking Cyber Attacks Accountability 120

Security Affairs

MARCH 18, 2021

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report , which includes data from 791,790 complaints of suspected cybercrimes. Data that emerged from the report are worrisome, in 2020 the reported losses exceeded $4.2 ” reads 2020 Internet Crime Report. billion in losses.

Internet 121

Internet Internet Scams Identity Theft 121

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 335

Hacking Cybercrime Phishing Passwords 335

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. 5/29 ???????????????

Accountability 128

Accountability Phishing DNS Cryptocurrency 128

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. It just so happened that the year 2020 gave hackers a large number of powerful news topics, with the COVID-19 pandemic as the biggest of these.

Mobile 145

Mobile Malware Adware Banking 145

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 274

Phishing Cryptocurrency DDOS Internet 274

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. Analysts predict that mobile gaming will account for $90.7 Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021.

Mobile 139

Mobile Adware Malware Phishing 139

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 145

Accountability Malware Data breaches Passwords 145

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The group of teenagers who hacked Twitter hailed from a community that traded in hacked social media accounts.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 337

Mobile Phishing Authentication Accountability 337

Krebs on Security

JANUARY 18, 2021

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. But 2020 turned out to be a tough year for Joker’s Stash. and European authorities seized a number of its servers. Image: Gemini Advisory. Then on Dec.

Marketing 301

Marketing Cybercrime Accountability Cryptocurrency 301

Security Affairs

OCTOBER 28, 2021

Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. Threat actors have stolen $130 million worth of cryptocurrency assets from the decentralized finance (DeFi) platform. increase from 2020. DeFi-related fraud continues to rise, as well.

Cryptocurrency 102

Cryptocurrency Marketing Hacking Financial Services 102

Krebs on Security

JANUARY 28, 2022

That same ToX ID was claimed by a user called “ smiseo ” on the Russian forum BHF, in which smiseo advertises “clipper” malware written in Rust that swaps in the attacker’s bitcoin address when the victim copies a cryptocurrency address to their computer’s temporary clipboard. I AM DUCKERMAN.

Ransomware 329

Ransomware Accountability Cybercrime Malware 329

SecureWorld News

JUNE 27, 2023

The first, referred to as the SDNY Case, revolves around a fraudulent scheme in which O'Connor and his co-conspirators employed SIM swap attacks to steal approximately $794,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company.

Hacking 97

Hacking Cybercrime Cryptocurrency Accountability 97

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. which owns LinkedIn, said in September 2022 that it had detected a wide range of social engineering campaigns using a proliferation of phony LinkedIn accounts.

Malware 326

Malware Software Technology Accountability 326

Security Affairs

APRIL 4, 2023

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. The Gopuram backdoor was first discovered by Kaspersky in 2020, but the researchers observed a surge in the number of infections in March 2023, likely coinciding with the attack on 3CX.

Cryptocurrency 98

Cryptocurrency Malware Software Manufacturing 98

Krebs on Security

JUNE 15, 2021

For starters, it appears at one point in 2020 Witte actually hosted Trickbot malware on a vanity website registered in her name — allawitte[.]nl. ” According to the DOJ, Witte had access to Trickbot for roughly two years between 2018 and 2020. On June 7, the DOJ announced it had clawed back $2.3

Cybercrime 355

Cybercrime Ransomware Passwords Banking 355

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 335

Hacking Accountability Scams Media 335

Krebs on Security

JULY 29, 2021

The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. 22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. customers this month.

Passwords 363

Passwords Password Management Phishing Scams 363

Krebs on Security

MARCH 9, 2023

Constella Intelligence , a service that indexes information exposed by public database leaks, shows this email address was used to register an account at the clothing retailer romwe.com, using the password “ 123456xx.” Companies House records show Godbex was dissolved in 2020. DNS records for worldwiredlabs[.]com

DNS 307

DNS Cybercrime Passwords Accountability 307

The Last Watchdog

APRIL 14, 2022

The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers. billion in annual losses during 2020, resulting from 19,369 incidents.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Security Affairs

DECEMBER 20, 2024

In October 2020, the US Justice Department charged Sokolovsky with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims credit card data, email credentials, cryptocurrency wallets, and other sensitive data.

Cryptocurrency 63

Cryptocurrency Cybercrime Identity Theft Malware 63

Krebs on Security

DECEMBER 8, 2021

” The Ontario Provincial Police (OPP) on Tuesday said the investigation began in January 2020 when the U.S. There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. ” A DARK CLOUD.

Cybercrime 331

Cybercrime Ransomware Accountability Advertising 331