Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Accountability 323

Accountability Hacking Media Mobile 323

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. “Sorry, change password please.”

Cryptocurrency 133

Cryptocurrency Scams Accountability Hacking 133

Krebs on Security

APRIL 8, 2019

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups.

Cybercrime 223

Cybercrime Passwords Identity Theft Accountability 223

Krebs on Security

MARCH 13, 2019

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. The starting bid was $800. A screenshot shared by the dark web seller.

Accountability 225

Accountability Passwords Advertising Penetration Testing 225

Krebs on Security

MAY 16, 2019

The locations of alleged GozNym cybercrime group members. They’re also related to the 2016 arrest of Krasimir Nikolov , a 47-year-old Bulgarian man who was extradited to the United States to face charges for allegedly cashing out bank accounts that were compromised by the GozNym malware. Source: DOJ. Vladimir Gorin , a.k.a

Cybercrime 195

Cybercrime Banking Small Business Computers and Electronics 195

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 131

Internet Internet Accountability Passwords 131

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. The hack of the Maza cybercrime forum was also reported by researchers at Flashpoint.

Cybercrime 145

Cybercrime Hacking DDOS Passwords 145

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. Booking.com did not respond to questions about that, and its current account security advice urges customers to enable 2FA.

Phishing 225

Phishing Accountability Artificial Intelligence Cybercrime 225

Krebs on Security

NOVEMBER 19, 2024

8, a cybercriminal using the nickname “ abyss0 ” posted on the English-language cybercrime community BreachForums that they’d stolen files belonging to some of Finastra’s largest banking clients. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted.

Data breaches 237

Data breaches Banking Cybercrime Advertising 237

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS).

Advertising 98

Advertising Passwords Malware Password Management 98

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime 138

Cybercrime Security Intelligence Authentication Banking 138

Krebs on Security

NOVEMBER 14, 2024

That investigation detailed how the 38-year-old Shefel adopted the nickname Rescator while working as vice president of payments at ChronoPay , a Russian financial company that paid spammers to advertise fake antivirus scams, male enhancement drugs and knockoff pharmaceuticals. “I’m also godfather of his second son.”

Retail 208

Retail Advertising Cryptocurrency Marketing 208

Krebs on Security

APRIL 18, 2023

For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Notices posted for Faceless users, advertising an email flooding service and soliciting zero-day vulnerabilities in Internet of Things devices. Image: Darkbeast/Ke-la.com.

Malware 257

Malware Passwords Accountability Advertising 257

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. and “Check bookmarks when you get account back.”

Accountability 136

Accountability Hacking Cryptocurrency Cybersecurity 136

Krebs on Security

MAY 28, 2024

911’s VPN performed largely as advertised for the user — allowing them to surf the web anonymously — but it also quietly turned the user’s computer into a traffic relay for paying 911 S5 customers. dollars using over-the-counter vendors who wired and deposited funds into bank accounts held by Liu. ”

VPN 243

VPN Banking Cybercrime Internet 243

Security Affairs

SEPTEMBER 8, 2024

WWH Club had over 353,000 users by 2023 and offered courses on fraud and cybercrime, generating profits through membership and tuition fees. Khodyrev and Kublitskii were also the administrators of many similar websites, including darkweb marketplaces, forums, and training centers to enable cybercrime.

Cybercrime 138

Cybercrime Accountability Banking Advertising 138

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. Cloud Router was previously called 911 S5.

VPN 312

VPN Government Cybercrime Internet 312

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. According to the U.S. Image: USDOJ.

Malware 316

Malware Identity Theft Cybercrime Accountability 316

Security Affairs

NOVEMBER 3, 2018

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts. Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account. ” states the BBC.

Accountability 111

Accountability Advertising Cybercrime Hacking 111

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 98

Accountability Phishing Authentication Architecture 98

Security Affairs

JULY 6, 2020

employee who hacked into the accounts of thousands of users was sentenced to five years of probation. accounts back in 2018. The man accessed the users’ victim accounts, using cracked passwords, but in some cases, he also used internal Yahoo! systems for access to the accounts. A former Yahoo! Pierluigi Paganini.

Accountability 130

Accountability Advertising Hacking Engineering 130

Security Affairs

AUGUST 28, 2024

“Kadariya is charged with cybercrime offenses associated with an alleged scheme to transmit the Angler Exploit Kit (AEK), other malware, and online scams to the computers of millions of unsuspecting victim Internet users through online advertisements – so-called “malvertising” – and other means from October 2013 through March 2022. .”

Malware 130

Malware Computers and Electronics Cybercrime Internet 130

Krebs on Security

MAY 4, 2023

government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. was used to register an account with the username “Nordex” at bankir[.]com

Marketing 258

Marketing Cybercrime Accountability Cryptocurrency 258

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. ru , which at one point advertised the sale of wooden staircases. Dmitry Yuryevich Khoroshev. Image: treasury.gov.

Ransomware 260

Ransomware Cybercrime Accountability Malware 260

Security Affairs

JUNE 8, 2022

“The SSNDOB administrators created advertisements on darkweb criminal forums for the Marketplace’s services, provided customer support functions, and regularly monitored the activities of the sites, including monitoring when purchasers deposited money into their accounts.” ” reads the press release published by DoJ.

Cybercrime 98

Cybercrime Cryptocurrency Marketing Advertising 98

Security Affairs

AUGUST 12, 2019

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Now a dump containing 6,840,339 unique StockX user accounts surfaced in the cybercrime underground. How to check if your account has been compromised? Pierluigi Paganini.

Accountability 109

Accountability Data breaches Passwords Cybercrime 109

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. “In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. Now Scott told BleepingComputer that a set of one million cracked Poshmark accounts is circulating online.

Accountability 108

Accountability Data breaches Passwords Advertising 108

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime 231

Cybercrime Banking Computers and Electronics DDOS 231

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. A DIRECT QUOT The domain quot[.]pw

Scams 267

Scams DDOS Cryptocurrency Accountability 267

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. Megatraffer has continued to offer their code-signing services across more than a half-dozen other Russian-language cybercrime forums, mostly in the form of sporadically available EV and non-EV code-signing certificates from major vendors like Thawte and Comodo.

Malware 266

Malware Cybercrime Software Accountability 266

Krebs on Security

JANUARY 28, 2022

“ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. On the cybercrime forum RAMP , the user Binrs says they are a Rust developer who’s been coding for 6 years. I AM DUCKERMAN. Sergey DuckerMan’s GitHub profile.

Ransomware 295

Ransomware Accountability Cybercrime Malware 295

SecureList

JUNE 26, 2023

Below is a brief description of the most popular types of threats that SMB employees encountered in January–May 2023: Exploits The biggest threat to SMBs in the first five months of 2023 were exploits , which accounted for 483,980 detections. If an employee enters their credentials, the scammers get access to their account.

Cybercrime 100

Cybercrime Phishing Banking Malware 100

Krebs on Security

FEBRUARY 1, 2021

.” The proprietors of the phishing service were variously known on cybercrime forums under handles such as SMSBandits, “ Gmuni ,” “ Bamit9 ,” and “ Uncle Munis.” One of SMS Bandits’ key offerings: An “auto-shop” web panel for selling stolen account credentials.

Phishing 342

Phishing Telecommunications Advertising Mobile 342

CSO Magazine

MAY 19, 2023

Cybercrime gang Lemon Group has managed to get malware known as Guerrilla preinstalled on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes globally, according to Trend Micro. To read this article in full, please click here

Malware 119

Malware Cybercrime Advertising Mobile 119

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. said investigators determined the breach began on Aug. ” On Oct.

Identity Theft 254

Identity Theft Banking Cybercrime Hacking 254

Krebs on Security

DECEMBER 8, 2021

There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. The Myspace account was registered under the nickname “ Darkcloudowner ,” and to the email address dark_cl0ud6@hotmail.com.

Cybercrime 299

Cybercrime Ransomware Accountability Advertising 299

SecureWorld News

JUNE 29, 2020

Charged: Russian hacker running two cybercrime websites. When it came to cybercrime websites, Russian national Aleksei Burkov ran the gambit. credit card accounts. See you in 2029, Aleksei Burkov. The stolen credit card data sold on Burkov’s site has resulted in over $20 million in fraudulent purchases made using U.S.

Cybercrime 53

Cybercrime Insurance Advertising Accountability 53