Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data.

Banking 292

Banking Cybercrime Accountability Retail 292

Krebs on Security

APRIL 12, 2021

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. KrebsOnSecurity first heard about the breach from Gemini Advisory , a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums.

Mobile 362

Mobile Passwords Accountability Cybercrime 362

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability 331

Accountability Hacking Media Mobile 331

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S.

Accountability 363

Accountability Identity Theft Hacking Insurance 363

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service. According to a Jan.

Mobile 358

Mobile Accountability Passwords Authentication 358

Krebs on Security

MARCH 13, 2019

[ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. He acknowledged that the purloined account had the ability to add or modify the advertising creatives that get run on customer ad campaigns.

Accountability 253

Accountability Passwords Advertising Penetration Testing 253

Security Affairs

OCTOBER 28, 2024

million mobile and fixed subscribers. Free disclosed a cyber attack over the weekend after a threat actor attempted to sell the stolen data on a popular cybercrime forum. The seller listed two databases for sale one containing 19,192,948 customer accounts and another including 5.11 Free S.A.S. million IBAN details.

Cyber Attacks 126

Cyber Attacks Telecommunications Data breaches Banking 126

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed). million customers. He is currently in custody in a Turkish prison.

Hacking 241

Hacking Government Identity Theft Accountability 241

Security Affairs

MARCH 28, 2025

. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. ” The authorities linked the three suspects to over 300 cybercrimes, the police seized servers, computers, storage devices, and bank cards.

Banking 114

Banking Computers and Electronics Mobile Malware 114

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow.

Cybercrime 143

Cybercrime Small Business Data breaches Mobile 143

Security Affairs

NOVEMBER 25, 2024

Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. ” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group.

Mobile 124

Mobile Scams Technology Telecommunications 124

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.

Phishing 107

Phishing Identity Theft Cryptocurrency Cybercrime 107

Krebs on Security

APRIL 28, 2020

But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams 363

Scams Banking Accountability Financial Services 363

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. The OTP interception service featured earlier this year — Otp[.]agency

Passwords 346

Passwords Mobile Authentication Banking 346

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. One of SMS Bandits’ key offerings: An “auto-shop” web panel for selling stolen account credentials.

Phishing 358

Phishing Telecommunications Advertising Mobile 358

Krebs on Security

SEPTEMBER 13, 2024

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account.

Cybercrime 322

Cybercrime Accountability Mobile Hacking 322

SecureWorld News

MARCH 20, 2025

Phishing plays straight out of the cybercrime playbook "March Madness brings heightened cybersecurity risks this year, especially with the expansion of sports gambling beyond traditional office pools creating new attack vectors for credential harvesting and financial fraud," warns J.

Scams 81

Scams Social Engineering Mobile Phishing 81

Security Affairs

MARCH 21, 2025

Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. Zero-day prices have risen as the level of security of messaging apps and mobile devices becomes harder to hack.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

DECEMBER 29, 2021

T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. ” a T-Mobile Spokesperson told BleepingComputer.

Data breaches 145

Data breaches Mobile Accountability Wireless 145

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Department of Defense. USDoD’s InfraGard sales thread on Breached.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Security Affairs

MARCH 29, 2025

Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers. “The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. ” ThreatFabric concludes.

Banking 68

Banking Mobile Identity Theft Malware 68

eSecurity Planet

FEBRUARY 10, 2025

Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. This surge highlights a broader trend toward automation in cybercrime and signals that no email platform is immune.

Phishing 113

Phishing Artificial Intelligence Password Management Accountability 113

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug. According to an Aug.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information.

Phishing 362

Phishing Cybercrime Accountability Advertising 362

Krebs on Security

AUGUST 25, 2023

19, 2023, someone targeted a T-Mobile phone number belonging to a Kroll employee “in a highly sophisticated ‘SIM swapping’ attack.” ” T-Mobile has not yet responded to requests for comment. . ” T-Mobile has not yet responded to requests for comment.

Mobile 235

Mobile Cyber Risk Data breaches Cryptocurrency 235

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. In the wrong hands, this data can be exploited for financial gain.

Mobile 135

Mobile Identity Theft Passwords Phishing 135

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. The username associated with that account was “ bo3dom.” com back in 2011, and sanjulianhotels[.]com com (2017).

Ransomware 348

Ransomware Passwords Accountability Cybercrime 348

Krebs on Security

MARCH 23, 2022

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Our investigation has found a single account had been compromised, granting limited access.

Social Engineering 333

Social Engineering Accountability Mobile Passwords 333

Security Affairs

NOVEMBER 27, 2021

HAEICHI-II: Interpol arrested 1,003 individuals charged for several cybercrimes, including romance scams, investment frauds, and online money laundering. The authorities blocked 2,350 bank accounts linked to the illicit proceeds of online financial crime and intercepted over 27 million dollars. Pierluigi Paganini.

Cybercrime 131

Cybercrime Scams Banking Malware 131

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

Security Affairs

DECEMBER 28, 2020

Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Ho mobile is an Italian mobile telephone service offered by Vodafone Enabler Italia, an Italian virtual mobile telephone operator. SecurityAffairs – hacking, Ho Mobile).

Mobile 141

Mobile Banking Data breaches Phishing 141

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. Prior to the demise of Google+ , the email address dugidox@gmail.com mapped to an account with the nickname “ Netwire wwl.”

DNS 310

DNS Cybercrime Passwords Accountability 310

Security Affairs

APRIL 2, 2025

It can steal accounts, send messages, steal crypto, monitor browsing, intercept SMS, and more. The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab who considered it the most advanced mobile threat seen to the date of the discovery. 231 banking malware.

Malware 117

Malware Cryptocurrency Mobile Firmware 117

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 303

Scams DDOS Cryptocurrency Accountability 303

Security Affairs

OCTOBER 17, 2022

Interpol has announced the arrests of 75 individuals as part of a coordinated international operation against an organized cybercrime ring called Black Axe. Interpol arrested 75 individuals as part of a coordinated global operation, codenamed Operation Jackal, against the cybercrime ring Black Axe. and the U.S.) Pierluigi Paganini.

Cybercrime 129

Cybercrime Scams Banking Mobile 129