2022, Data breaches and Web Fraud - Cyber Security Informer

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.

Data breaches

Data breaches Banking Cybercrime Marketing

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary.

Mobile

Mobile Phishing Authentication Advertising

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. On May 12, 2022, KrebsOnSecurity broke the news that hackers had gained access to a DEA portal that taps into 16 different federal law enforcement databases. .” federal government portal without authorization. ” Image: USDOJ.

Hacking

Hacking Government Media Accountability

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

“Also, for your security, we are able to subscribe you to Coinbase Bytes, which will basically give you updates to your email about data breaches and updates to your Coinbase account,” the script reads. “So we should have gone ahead and successfully subscribed you, and you should have gotten an email confirmation.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. — and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. Urban allegedly went by the nicknames “ Sosa ” and “ King Bob, ” and is believed to be part of the same crew that hacked Twilio and a slew of other companies in 2022.

Hacking

Hacking Cybercrime Phishing Passwords

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

JANUARY 25, 2023

23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. 9, 2022 and Dec.

Cybercrime

Cybercrime Web Fraud Data breaches

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations.

Cybercrime

Cybercrime Software VPN Backups

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. Department of Justice in April.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. Still, Palant and others impacted by the 2022 breach at LastPass say their account security settings were never forcibly upgraded.

Passwords

Passwords Encryption Password Management Cryptocurrency

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. 27, 2022, Experian’s PR team acknowledged receipt of my Dec. It’s also worth mentioning that reports of hijacked Experian.com accounts persisted into late 2022. ” Sen.

Identity Theft

Identity Theft Accountability Authentication Web Fraud

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. The messages began at 2022-07-20 22:50 UTC.

Mobile

Mobile Phishing Authentication Accountability

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed. Emory Roan , policy counsel for the Privacy Rights Clearinghouse , said Experian not offering multi-factor authentication for consumer accounts is inexcusable in 2022.

Accountability

Accountability Passwords Authentication Password Management

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

Throughout 2022, LAPSUS$ would hack and social engineer their way into some of the world’s biggest technology companies , including EA Games, Microsoft , NVIDIA , Okta , Samsung , and T-Mobile. .’s West Midlands Police as part of a joint investigation with the FBI into the MGM hack.

Cybercrime

Cybercrime Accountability Mobile Hacking

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

Constella Intelligence , a data breach and threat actor research platform, now allows users to cross-reference popular cybercrime websites and denizens of these forums with inadvertent malware infections by information-stealing trojans.

Phishing

Phishing Passwords Internet Internet

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. Taleon set up his service to facilitate transfers between Moscow, St.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach. 14, 2022 breach notification letter from tribal lender Mountain Summit Financial. SSN or DLN), bank account number and routing number, home address, email address, phone number and other general loan information.

Financial Services

Financial Services Banking Accountability Identity Theft

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Security Boulevard

MARCH 14, 2023

Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Men Charged in 2022 Hacking of DEA Portal appeared first on Security Boulevard. The post Two U.S.

Hacking

Hacking Government Accountability Web Fraud

Identity Thieves Bypassed Experian Security to View Credit Reports

Security Boulevard

JANUARY 9, 2023

But until the end of 2022, Experian's website allowed anyone to bypass these questions and go straight to the consumer's report. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

Web Fraud

Web Fraud Data breaches

Experian Glitch Exposing Credit Files Lasted 47 Days

Security Boulevard

JANUARY 25, 2023

23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer's full credit report -- armed with nothing more than a person's name, address, date of birth, and Social Security number. 9, 2022 and Dec.

Web Fraud

Web Fraud Data breaches

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device.

Malware

Malware eCommerce Mobile Media

Cyber Security Informer

When Efforts to Contain a Data Breach Backfire

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Trending Sources

Two U.S. Men Charged in 2022 Hacking of DEA Portal

A Day in the Life of a Prolific Voice Phishing Crew

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Experian Glitch Exposing Credit Files Lasted 47 Days

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

911 Proxy Service Implodes After Disclosing Breach

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Identity Thieves Bypassed Experian Security to View Credit Reports

How 1-Time Passcodes Became a Corporate Liability

Experian, You Have Some Explaining to Do

The Dark Nexus Between Harm Groups and ‘The Com’

Karma Catches Up to Global Phishing Service 16Shop

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Scary Fraud Ensues When ID Theft & Usury Collide

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Identity Thieves Bypassed Experian Security to View Credit Reports

Experian Glitch Exposing Credit Files Lasted 47 Days

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Stay Connected