Krebs on Security

OCTOBER 30, 2024

” But in June 2024 testimony to the Senate Finance Committee, it emerged that the intruders had stolen or purchased credentials for a Citrix portal used for remote access, and that no multi-factor authentication was required for that account. Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.) Mark Warner (D-Va.)

Healthcare 297

Healthcare Insurance Computers and Electronics Data breaches 297

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. government’s “Wanted” poster for him.

Cybercrime 233

Cybercrime Ransomware Cryptocurrency Government 233

SecureWorld News

NOVEMBER 4, 2024

Enter the Texas Responsible AI Governance Act, or TRAIGA, with Texas's unique style of doing business—balancing innovation with accountability, consumer empowerment, and a good ol' dash of no-nonsense enforcement. Closing thoughts: Texas paving the way for AI governance? 2) modify an existing high-risk AI system, or.(3)

Artificial Intelligence 108

Artificial Intelligence Government Small Business Risk 108

Troy Hunt

DECEMBER 7, 2024

I post lots of pics to my Facebook account , and if none of that is interesting, here's this week's video on more infosec-related topics: References Sponsored by:  Cyberattacks are guaranteed. Is your recovery? Protect your data in the cloud. Join Rubrik’s Cloud Resilience Summit.

InfoSec 241

InfoSec Government Accountability 241

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking 141

Banking Government Accountability Hacking 141

Krebs on Security

FEBRUARY 4, 2025

In addition, the government seized the domain names for two popular anonymity services that were heavily advertised on Cracked and Nulled and allowed customers to rent virtual servers: StarkRDP[.]io The email address used for those accounts was f.grimpe@gmail.com. io , and rdp[.]sh. lol and nulled[.]it.

eCommerce 205

eCommerce Cybercrime Accountability Passwords 205

The Last Watchdog

OCTOBER 10, 2024

Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. About SpyCloud — SpyCloud transforms recaptured darknet data to disrupt cybercrime.

Risk 286

Risk Cybercrime Identity Theft Phishing 286

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. Click to enlarge.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

The Last Watchdog

NOVEMBER 12, 2024

Stuart McClure, CEO, Qwiet AI McClure The SEC’s goal appears to be to hold these companies accountable to investors for any successful cyberattacks and expose the company’s lack of preparation and prevention. Set clear standards on what is required by the private sector, and what the government will do to assist with cybersecurity.

CISO 263

CISO CSO Risk Cyber threats 263

Krebs on Security

MARCH 11, 2025

government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. authorities separately obtained earlier copies of Garantexs servers, including customer and accounting databases. A “most wanted” notice published by the U.S.

Ransomware 264

Ransomware Cryptocurrency Marketing Government 264

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 118

Cybercrime Social Engineering Accountability Government 118

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. continues the announcement.

Government 144

Government Surveillance Mobile Hacking 144

Schneier on Security

DECEMBER 7, 2023

Which means that those companies can spy on them—either for their own reasons or in response to government demands. “In this case, the federal government prohibited us from sharing any information,” the company said in a statement.

Surveillance 356

Surveillance Government Accountability Spyware 356

Krebs on Security

JANUARY 31, 2025

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party.

Phishing 254

Phishing Cybercrime Advertising Malware 254

BH Consulting

MARCH 26, 2025

In a presentation titled Digital governance for boards and senior executives: AI, cybersecurity, and privacy , she called on her extensive experience advising boards on these areas. Boards and senior executives face several questions about how best to approach the challenges of cybersecurity, privacy, and AI governance.

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. co saying he could be hired to perform fake EDRs on targets at will, provided the account was recently active.

Government 315

Government Accountability Education Media 315

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 114

Phishing Authentication Telecommunications Accountability 114

Schneier on Security

MAY 24, 2024

The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 330

Marketing Spyware Surveillance Government 330

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking 98

Banking Government Accountability Hacking 98

Krebs on Security

JANUARY 16, 2025

Merrill said the different purveyors of these SMS phishing tools traditionally have impersonated shipping companies, customs authorities, and even governments with tax refund lures and visa or immigration renewal scams targeting people who may be living abroad or new to a country.

Phishing 301

Phishing Scams Mobile Passwords 301

Krebs on Security

MAY 29, 2024

” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. government.

VPN 346

VPN Government Cybercrime Internet 346

Krebs on Security

MARCH 14, 2023

Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S.

Hacking 302

Hacking Government Media Accountability 302

Krebs on Security

DECEMBER 11, 2024

wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards. work and kopeechka[.]store store ; -anonymity or “proxy” providers like crazyrdp[.]com

Cryptocurrency 285

Cryptocurrency Banking Cybercrime Advertising 285

Troy Hunt

JULY 21, 2021

Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? But there's also a lot of consistency, for example, here's a piece on whether it's legal to access an employee's email account in Australia : The short answer is yes.

Accountability 363

Accountability Data breaches Government InfoSec 363

Schneier on Security

MAY 26, 2022

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.

Malware 309

Malware Government Accountability 309

Schneier on Security

APRIL 9, 2024

It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 328

Hacking Government Accountability Technology 328

Security Affairs

NOVEMBER 3, 2024

The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts. These routers are used to relay brute-force attacks on Microsoft 365 accounts. In the majority of the campaigns, about 80 percent, CovertNetwork-1658 makes only one sign-in attempt per account per day.

Passwords 133

Passwords Wireless VPN Accountability 133

Malwarebytes

DECEMBER 3, 2024

While hard to measure precisely, tech support scams accounted for $924M, according to the FBI’s 2023 Internet Crime Report. We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year.

Scams 131

Scams Advertising Accountability Engineering 131

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Protect your social media accounts by using Malwarebytes Identity Theft Protection. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 141

Encryption Identity Theft Media Telecommunications 141

Troy Hunt

FEBRUARY 25, 2025

Origin Story Last month after loading the aforementioned corpus of data, someone in a government agency reached out and pointed me in the direction of more data by way of two files totalling just over 5GB. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. Up to speed?

Passwords 346

Passwords Accountability VPN Malware 346

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). government agencies and first responders. “The rest is just ransom.”

Cybercrime 277

Cybercrime Mobile Media Hacking 277

Krebs on Security

JANUARY 10, 2024

Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies. Mora said it’s unclear if the bitcoin address that holds his client’s stolen money is being held by the government or by the anonymous hackers.

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

Krebs on Security

SEPTEMBER 16, 2020

Prosecutors say the men then laundered the stolen funds through an array of intermediary cryptocurrency accounts — including compromised and fictitiously created accounts — on the targeted cryptocurrency exchange platforms. million from 158 Poloniex users, and $1.17 million from 42 Gemini customers.

Cryptocurrency 362

Cryptocurrency Phishing Accountability Cybercrime 362

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts. and ChangeItN0w!—were

Passwords 283

Passwords Accountability Authentication Government 283

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). Internal Revenue Service (IRS), those login credentials will cease to work later this year. may require a recorded, live video chat with the person applying for benefits. ” Signing up at ID.me

Mobile 364

Mobile Accountability Insurance Government 364

Schneier on Security

FEBRUARY 3, 2021

New estimates are that 30% of the SolarWinds victims didn’t use SolarWinds: Many of the attacks gained initial footholds by password spraying to compromise individual email accounts at targeted organizations. On attribution: Earlier this month, the US government has stated the attack is “likely Russian in origin.”

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

Schneier on Security

NOVEMBER 23, 2022

Unfortunately, there aren’t enough dogs : Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness.

Government 272

Government Accountability 272