Krebs on Security

DECEMBER 19, 2022

men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. conspired to hack into Yahoo email accounts belonging to victims in the United States.

Hacking 328

Hacking Media Passwords Accountability 328

Schneier on Security

JANUARY 25, 2023

Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. The head of both US Cyber Command and the NSA, Gen. “We understood how foreign adversaries utilize infrastructure throughout the world.

Cybersecurity 277

Cybersecurity Hacking 277

Krebs on Security

DECEMBER 13, 2022

10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Krebs on Security

FEBRUARY 16, 2022

The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes. .” In their online statement about the hack (updated on Feb. Image: Ke-la.com. ” On Jan.

Hacking 281

Hacking Ransomware Media Accountability 281

Schneier on Security

MAY 17, 2024

“The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums,” reads a dedicated subdomain on the FBI’s IC3 portal. co and run by pompompurin) operated a similar hacking forum from March 2022 until March 2023. .

Hacking 285

Hacking Accountability Ransomware Internet 285

Tech Republic Security

JULY 12, 2024

Businesses and individuals with AT&T accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.

Hacking 198

Hacking Accountability Big data Telecommunications 198

Security Affairs

MAY 15, 2024

An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum. The authorities also seized the Telegram page for the hacking forum The website currently displays a message that informs visitors it was seized by law enforcement. In March 2023, U.S.

Hacking 140

Hacking Cybercrime Information Security 140

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Joseph Steinberg

JANUARY 22, 2024

Hacking et Cybersécurité Mégapoche pour les Nuls , a single-volume book containing French versions of the latest editions of both the best selling CyberSecurity for Dummies by Joseph Steinberg, and Hacking For Dummies by Kevin Beaver, is now available to the public.

Hacking 161

Hacking Cybersecurity Penetration Testing Artificial Intelligence 161

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 140

Hacking Government Spyware Marketing 140

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 9, 2024, U.S.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems.

Hacking 144

Hacking Ransomware Phishing Malware 144

Krebs on Security

FEBRUARY 9, 2023

” Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. Secret Service determined that he ran a massive “money mule” scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States.

Hacking 208

Hacking Cybercrime Ransomware Government 208

Security Affairs

JUNE 5, 2024

Semafor first reported that CNN’s TikTok account had been hacked, forcing the broadcaster to take down its account for several days. In August 2022, Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click.

Accountability 140

Accountability Hacking Malware Information Security 140

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. The cases have been sent to the Russian Prosecutor General’s Office for consolidation, and all defendants have been held since early 2022.

Ransomware 144

Ransomware Hacking Malware Cybercrime 144

Schneier on Security

NOVEMBER 19, 2024

According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive. Italian spyware is cheaper and easier to use, which makes it more widely used.

Spyware 256

Spyware Marketing Hacking 256

Penetration Testing

JULY 26, 2024

On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.

Phishing 130

Phishing Hacking Data breaches Cybersecurity 130

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Government 144

Government Education Phishing Malware 144

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. The bad news is that Black Bast has fixed the issue.

Hacking 144

Hacking Encryption Ransomware Insurance 144

Joseph Steinberg

MARCH 8, 2022

Thank you for not listening to your own cybersecurity experts when they told you to “ Stop hacking Russian websites – you are helping the Russians, not the Ukrainians.” You have probably done more than anyone other than myself to help Russia prepare for cyberwar. Thank you for putting your own governments in such a bind.

Artificial Intelligence 360

Artificial Intelligence Hacking Penetration Testing Government 360

Security Affairs

JULY 18, 2024

On May 19th, 2022, a user named “goodsoft” advertised an AV killer tool for $4,000 on the exploit[.]in Later, on June 14th, 2022, a user named “lefroggy” posted a similar ad on the xss[.]is On August 10, 2022, a user named “goodsoft” advertised “PentestSoftware” for $6,500 per month on the exploit[.]in

Advertising 143

Advertising Cybercrime Hacking Ransomware 143

Security Affairs

OCTOBER 3, 2024

According to Sansec, CosmicSting (CVE-2024-34102) is the most severe bug impacting Magento and Adobe Commerce stores in two years, with hacks occurring at a rate of 3 to 5 per hour. The Ondatry group compromised over 4,000 e-stores in 2022 using the TrojanOrder vulnerability, but they have now switched to CosmicSting.

Hacking 141

Hacking Passwords Cybersecurity Cybercrime 141

Krebs on Security

MARCH 17, 2023

Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. In April 2022, U.S. FBI agents carting items out of Fitzpatrick’s home on March 15.

Data breaches 334

Data breaches Cybercrime Insurance Internet 334

Security Affairs

JANUARY 15, 2024

SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution.

Firewall 145

Firewall Hacking Firmware Internet 145

Joseph Steinberg

JUNE 9, 2022

The ransomware attack on Tenafly’s school system is a reminder of a sad, ironic, reality.

Ransomware 363

Ransomware Artificial Intelligence Education Cybercrime 363

Krebs on Security

MAY 29, 2024

” From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as “proxies” that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. The prices page for 911 S5, circa July 2022. $28

VPN 317

VPN Government Cybercrime Internet 317

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In 2022, some of the members of the above team of experts including the popular cybersecurity expert Sam Curry, discovered another set of vulnerabilities impacting over a dozen car makers.

Hacking 143

Hacking Accountability Mobile Internet 143

Krebs on Security

FEBRUARY 1, 2024

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. 11-12, 2022. 11-12, 2022. 11, 2022 after they SIM-swapped an AT&T customer by impersonating them at a retail store using a fake ID. 11, 2022 local time, and continuing until the 12th of November.

Cryptocurrency 276

Cryptocurrency Ransomware Retail Government 276

Krebs on Security

SEPTEMBER 30, 2024

The government says that in March 2022, three men showed up at E.Z.’s The FBI later obtained a copy of a search warrant executed by LASD deputies in January 2022 for GPS location information on a phone belonging to E.Z., In December 2022, Troy Woody Jr. cryptocurrency holdings online. We know what E.Z. and refers to T.W.

Cryptocurrency 290

Cryptocurrency Government Internet Internet 290

Schneier on Security

MARCH 31, 2022

The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors.

Hacking 278

Hacking Encryption 278

Security Affairs

MAY 2, 2024

In November 2022, Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, CISA) DropBox is notifying all impacted customers.

Hacking 139

Hacking Passwords Authentication Accountability 139

Troy Hunt

APRIL 14, 2022

I'd filed the (alleged) Avvo breach away in the "too hard" basket a long time ago and it was only after seeing this tweet last week that a distant bell rang in my head: @troyhunt Looks like @avvo has had a breach of their user list -- I'm getting those "you've been hacked" scam emails on my Avvo-specific address.

Data breaches 315

Data breaches Scams Passwords Accountability 315

Krebs on Security

MAY 28, 2024

KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. The 911 S5 botnet-powered proxy service, circa July 2022. 911 built its proxy network mainly by offering “free” virtual private networking (VPN) services.

VPN 259

VPN Banking Cybercrime Internet 259

Schneier on Security

MARCH 8, 2023

Functionality of the bootkit and its individual features leads us to believe that we are dealing with a bootkit known as BlackLotus, the UEFI bootkit being sold on hacking forums for $5,000 since at least October 2022. […] It’s capable of running on the latest, fully patched Windows 11 systems with UEFI Secure Boot enabled.

Malware 266

Malware Firmware Software Hacking 266

Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. After being charged with the attack in October 2022, Kivimäki fled the country.

DDOS 279

DDOS Cybercrime Hacking Passwords 279

The Hacker News

DECEMBER 4, 2024

The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022.

Hacking 132

Hacking 132

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The men were among 14 suspected REvil members rounded up by Russia in the weeks before Russia invaded Ukraine in 2022.

Cybercrime 201

Cybercrime Ransomware Cryptocurrency Government 201