Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 275

Phishing Cryptocurrency DDOS Internet 275

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams 303

Scams DDOS Cryptocurrency Accountability 303

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet 141

Internet Internet Hacking Advertising 141

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking 327

Hacking Social Engineering Phishing Scams 327

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. It just so happened that the year 2020 gave hackers a large number of powerful news topics, with the COVID-19 pandemic as the biggest of these.

Mobile 145

Mobile Malware Adware Banking 145

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies. million cyberheist.

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024.

Cybercrime 114

Cybercrime Ransomware Healthcare Education 114

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021. Pandemic-related statistics cover the period of January 2020 through June 2021.

Mobile 140

Mobile Adware Malware Phishing 140

Malwarebytes

APRIL 26, 2022

Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. Here’s a mockup: pic.twitter.com/aM9UAbSKtv — Google SearchLiaison (@searchliaison) January 13, 2020.

Cryptocurrency 128

Cryptocurrency Phishing Engineering Mobile 128

Krebs on Security

MARCH 28, 2021

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.

Hacking 363

Hacking Cybercrime DNS Internet 363

Krebs on Security

JULY 29, 2021

One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. TARGETED PHISHING.

Passwords 363

Passwords Password Management Phishing Scams 363

Security Affairs

MAY 1, 2021

. “To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” The malware was designed to abuse NAS resources and mine cryptocurrency.

Ransomware 144

Ransomware Cryptocurrency Malware Internet 144

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. ” continues the report.

DNS 145

DNS Internet Internet Malware 145

Malwarebytes

MARCH 1, 2023

Despite a very slim browser market share, Internet Explorer (IE) is still being exploited by exploit kits like the RIG exploit kit (EK). According to Malwarebytes’ Senior Director of Threat Intelligence Jérôme Segura: “RIG EK is probably one of the last exploit kits targeting Internet Explorer still around.

Internet 98

Internet Internet Social Engineering Malware 98

Krebs on Security

JUNE 15, 2021

For starters, it appears at one point in 2020 Witte actually hosted Trickbot malware on a vanity website registered in her name — allawitte[.]nl. “On top of the password re-use, the data shows a great insight into her professional and personal Internet usage,” Holden wrote in a blog post on Witte’s arrest.

Cybercrime 355

Cybercrime Ransomware Passwords Banking 355

Security Affairs

DECEMBER 20, 2024

In October 2020, the US Justice Department charged Sokolovsky with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims credit card data, email credentials, cryptocurrency wallets, and other sensitive data.

Cryptocurrency 62

Cryptocurrency Cybercrime Identity Theft Malware 62

Krebs on Security

JULY 26, 2021

02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor. Investigators later found the same Internet address used to access Thorne’s Snapchat account also was used minutes later to access “@Joe” on Instagram, which O’Connor has claimed publicly.

Media 351

Media Hacking Accountability Scams 351

SecureList

AUGUST 10, 2022

In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns ( PowerPepper was later documented in 2020). Meanwhile, in August 2020, we also released a private report on VileRAT to our threat intelligence customers for the first time.

Cryptocurrency 118

Cryptocurrency Encryption Social Engineering Passwords 118

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The Twitter hackers largely pulled it off by brute force, writes Wired on the July 15, 2020 hack.

Social Engineering 291

Social Engineering Phishing Engineering Accountability 291

SecureWorld News

MARCH 28, 2022

The FBI's Internet Crime Complaint Center (IC3) has released its annual report, providing the public with specific details on how cybercrime has evolved in the last five years, what threats were the most persistent, and what groups were the most targeted, along with a flurry of other information and statistics.

Internet 97

Internet Internet Cybercrime Ransomware 97

SecureList

NOVEMBER 23, 2021

First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In addition, bitcoin ended 2020 at around $28,000 and quickly rose to a peak of $40,000 in January 2021.

Cryptocurrency 141

Cryptocurrency Banking Ransomware Cybercrime 141

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware 135

Malware Internet Internet DDOS 135

SecureList

FEBRUARY 23, 2022

share in 2020 to the second most common in 2021 with 12.2%. Emotet (9.3%), described by Europol as “the world’s most dangerous malware”, underwent a drop of five percentage points between 2020 and 2021.This The mass change in cybercriminals’ objectives and methods seen in 2020 continued in 2021.

Banking 140

Banking Phishing Cryptocurrency Malware 140

SecureWorld News

MARCH 22, 2021

The FBI just released its annual Internet Crime Report, and it is truly a sign of the times. The FBI notes that the Internet Crime Complaint Center (IC3) has been key to its mission to track cybercrimes. The IC3 received 791,790 complaints from the American public in 2020, the most ever in one year, with reported losses exceeding $4.1

Cybercrime 68

Cybercrime Scams Banking Accountability 68

Krebs on Security

DECEMBER 14, 2022

They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. The Justice Department says its trying to impress upon people that even buying attacks from DDoS-for-hire services can land Internet users in legal jeopardy.

DDOS 350

DDOS Computers and Electronics Internet Internet 350

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). .” ” On July 28 and again on Aug. According to an Aug. In an Aug. ”

Mobile 341

Mobile Phishing Authentication Accountability 341

Krebs on Security

MARCH 9, 2023

In October 2012, the WorldWiredLabs domain moved to another dedicated server at the Internet address 198.91.90.7, A Youtube video invoking this corporate name describes Godbex as a “next generation platform” for exchanging gold and cryptocurrencies. Companies House records show Godbex was dissolved in 2020.

DNS 310

DNS Cybercrime Passwords Accountability 310

Krebs on Security

SEPTEMBER 13, 2024

” Beige members were implicated in two stories published here in 2020. In November 2020, intruders thought to be associated with the Beige Group tricked a GoDaddy employee into installing malicious software, and with that access they were able to redirect the web and email traffic for multiple cryptocurrency trading platforms.

Cybercrime 322

Cybercrime Accountability Mobile Hacking 322

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. 9, 2024, U.S.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. The malware was designed to abuse NAS resources and mine cryptocurrency. “According to analysis, QNAP NAS can become infected when they are connected to the Internet with weak user passwords.”

Cryptocurrency 123

Cryptocurrency Firmware Malware Passwords 123

SecureList

MARCH 3, 2022

If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2. The percentage of ICS computers on which malicious objects were blocked in 2021 increased by 1 percentage point from 2020 – from 38.6% Cryptocurrency miners (Windows executable files) – more than doubled – from 0.9% Ransomware.

Spyware 130

Spyware Ransomware Cryptocurrency Phishing 130

SecureList

SEPTEMBER 8, 2022

Percentage of ICS computers on which malicious objects were blocked, January – June 2020, 2021, and 2022. The main sources of threats to computers in the operational technology infrastructure of organizations are internet (16.5%), removable media (3.5%), and email (7.0%). since 2020. This percentage has been growing since 2020.

Spyware 125

Spyware Cryptocurrency Ransomware Phishing 125

SecureList

MAY 10, 2021

Botnet operators use infected devices to carry out DDoS attacks or mine cryptocurrency. Maltese Internet service provider Melita was also hit by ransomware: a showcase DDoS attack disrupted services. Ransomwarers were likely spurred on by the upward movement of cryptocurrency prices, which continued in Q1 2021.

DDOS 141

DDOS Cryptocurrency Media Marketing 141

Krebs on Security

MAY 9, 2023

They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. Booter services are advertised through a variety of methods, including Dark Web forums, chat platforms and even youtube.com.

DDOS 277

DDOS Cybercrime Internet Internet 277

CyberSecurity Insiders

FEBRUARY 8, 2021

Later security firm ENKI said that Lazarus could have carried out the latest file encrypting malware attack by exploiting a zero day vulnerability in Internet Explorer browser of Windows operating system. And all the expenses are borne by the Kim Jung UN led nation who steals cryptocurrency to fund its nuclear programs.

Ransomware 134

Ransomware Social Engineering Cryptocurrency Cybercrime 134