Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords 351

Passwords Accountability Hacking Password Management 351

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Mail keys are unique credentials that AT&T email users can use to log into their accounts using email apps such as Thunderbird or Outlook , but without having to use their passwords.”

Cryptocurrency 98

Cryptocurrency Accountability Passwords Hacking 98

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency 359

Cryptocurrency Passwords Encryption Accountability 359

Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability 137

Accountability Hacking Cryptocurrency Cybersecurity 137

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft. . ” states Microsoft.

Cryptocurrency 134

Cryptocurrency Phishing Accountability VPN 134

Malwarebytes

JUNE 3, 2024

WhatsApp message from an unknow sender “Jay, your financial account has been added. Account Csy926. Password [ **] USDT Balance 1,660,086.50 The easiest way would have been if I could transfer the dollars to a bank account, so I tried that first. You set the key when you open the account, and it cannot be retrieved.

Cryptocurrency 92

Cryptocurrency Scams Accountability Banking 92

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 280

Accountability Cryptocurrency Passwords DNS 280

Malwarebytes

NOVEMBER 19, 2024

The criminals seem to have used a lot of accounts to promote their “product” as you can see from this search on X. Some accounts were expressly created for this purpose, while others look like they may have been compromised accounts. Monitor your accounts. It can help you create and store strong passwords.

Artificial Intelligence 79

Artificial Intelligence Cryptocurrency Accountability Passwords 79

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability 93

Accountability Scams Hacking Cryptocurrency 93

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 357

Passwords Accountability Engineering Phishing 357

Security Affairs

AUGUST 3, 2020

million worth of cryptocurrency from cryptocurrency investment accounts. . Hackers stole roughly €1.183 million worth of cryptocurrency from investment accounts of 2gether, 26.79% of overall funds stored by the accounts. – The hack affects crypto investment accounts.

Cryptocurrency 144

Cryptocurrency Accountability Hacking Advertising 144

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 300

Hacking Cybercrime Phishing Passwords 300

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency 115

Cryptocurrency Phishing Accountability Passwords 115

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot.

Passwords 130

Passwords Software Firmware Malware 130

CyberSecurity Insiders

DECEMBER 30, 2021

If you follow a custom of saving passwords in your browser, you better change it, before it’s too late. Because security researchers from a South Korean cybersecurity firm, AhnLab discovered that a new malware named Redline was seen lurking in the browsers and stealing saved passwords only to be transmitted to remote servers.

Passwords 118

Passwords Malware Cryptocurrency Software 118

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency 248

Cryptocurrency Social Engineering Accountability Mobile 248

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Malwarebytes

DECEMBER 20, 2022

If you’re a user of the Gemini cryptocurrency exchange, it’s time to be on your guard against phishing attacks. No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure. Locking down your Gemini account.

Cryptocurrency 76

Cryptocurrency Phishing Scams Accountability 76

Security Boulevard

MAY 27, 2021

Are you doing enough to prevent scammers from hijacking your social media accounts? The post Cryptocurrency scam attack on Twitter reminds users to check their app connections appeared first on The State of Security.

Cryptocurrency 85

Cryptocurrency Scams Media Accountability 85

Krebs on Security

JUNE 27, 2023

But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control.

Cryptocurrency 240

Cryptocurrency Accountability Mobile Hacking 240

Approachable Cyber Threats

MARCH 1, 2022

Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table. Hackers solve this problem by cracking the passwords instead. Keep reading!

Passwords 145

Passwords Software Internet Internet 145

Bleeping Computer

JANUARY 10, 2024

Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [.]

Accountability 99

Accountability Hacking Passwords Cybersecurity 99

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. The data included usernames, email addresses and plain text passwords.” Pierluigi Paganini.

Accountability 145

Accountability Malware Data breaches Passwords 145

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. The malware admin declared that their operations do not involve any ransom activities.

Password Management 98

Password Management Passwords Malware Marketing 98

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court.

Cryptocurrency 352

Cryptocurrency Mobile Accountability Scams 352

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. “Most of the observed malware was capable of stealing both user passwords and cookies. .

Accountability 145

Accountability Malware Phishing Social Engineering 145

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 126

Banking Accountability Mobile Cryptocurrency 126

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 294

Malware Cryptocurrency Software Phishing 294

Schneier on Security

AUGUST 12, 2022

The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states: safe Only the user has access, loss No one has access, leak Both the user and the adversary have access, or. theft Only the adversary has access.

Cryptocurrency 256

Cryptocurrency Accountability Passwords Hacking 256

Security Affairs

AUGUST 23, 2024

The malicious code is written in GoLang, upon mounting the dmg it prompts users to enter their system and MetaMask passwords using the macOS osascript tool. Once the user inputs their credentials, the malware stores them in a directory and uses Chainbreak to dump Keychain passwords. ” reads the report published by Cado Security.

Malware 130

Malware Passwords Cryptocurrency Software 130

Naked Security

APRIL 28, 2023

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

Cryptocurrency 126

Cryptocurrency Passwords Accountability Scams 126

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” A phishing message targeting FTX users that went out en masse today.

Mobile 204

Mobile Cyber Risk Cryptocurrency Data breaches 204

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies.

Cryptocurrency 298

Cryptocurrency Government Cybercrime Accountability 298

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection.

Cryptocurrency 134

Cryptocurrency Malware Accountability Banking 134

SecureList

JUNE 5, 2023

The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim’s account by performing web injections into targeted cryptocurrency websites. For example, it has the ability to retrieve the victims’ addresses, obtain account information, bypass 2FA, and much more.

Cryptocurrency 90

Cryptocurrency DNS Malware Encryption 90