Krebs on Security

OCTOBER 30, 2024

” But in June 2024 testimony to the Senate Finance Committee, it emerged that the intruders had stolen or purchased credentials for a Citrix portal used for remote access, and that no multi-factor authentication was required for that account. Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.) Mark Warner (D-Va.)

Healthcare 294

Healthcare Insurance Computers and Electronics Data breaches 294

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. government’s “Wanted” poster for him.

Cybercrime 235

Cybercrime Ransomware Cryptocurrency Government 235

SecureWorld News

NOVEMBER 4, 2024

Enter the Texas Responsible AI Governance Act, or TRAIGA, with Texas's unique style of doing business—balancing innovation with accountability, consumer empowerment, and a good ol' dash of no-nonsense enforcement. Closing thoughts: Texas paving the way for AI governance? 2) modify an existing high-risk AI system, or.(3)

Artificial Intelligence 109

Artificial Intelligence Government Small Business Risk 109

Troy Hunt

DECEMBER 7, 2024

I post lots of pics to my Facebook account , and if none of that is interesting, here's this week's video on more infosec-related topics: References Sponsored by:  Cyberattacks are guaranteed. Is your recovery? Protect your data in the cloud. Join Rubrik’s Cloud Resilience Summit.

InfoSec 257

InfoSec Government Accountability 257

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking 141

Banking Government Accountability Hacking 141

Krebs on Security

FEBRUARY 4, 2025

In addition, the government seized the domain names for two popular anonymity services that were heavily advertised on Cracked and Nulled and allowed customers to rent virtual servers: StarkRDP[.]io The email address used for those accounts was f.grimpe@gmail.com. io , and rdp[.]sh. lol and nulled[.]it.

eCommerce 204

eCommerce Cybercrime Accountability Passwords 204

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. Click to enlarge.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

Krebs on Security

APRIL 23, 2025

A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created…

Government 299

Government Accountability 299

The Last Watchdog

NOVEMBER 12, 2024

Stuart McClure, CEO, Qwiet AI McClure The SEC’s goal appears to be to hold these companies accountable to investors for any successful cyberattacks and expose the company’s lack of preparation and prevention. Set clear standards on what is required by the private sector, and what the government will do to assist with cybersecurity.

CISO 263

CISO CSO Risk Cyber threats 263

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Schneier on Security

DECEMBER 7, 2023

Which means that those companies can spy on them—either for their own reasons or in response to government demands. “In this case, the federal government prohibited us from sharing any information,” the company said in a statement.

Surveillance 356

Surveillance Government Accountability Spyware 356

Krebs on Security

JANUARY 19, 2021

military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. based e-commerce company, stealing personal and financial data on 1,300 government employees, and providing the data to an Islamic State hacking group.

Identity Theft 346

Identity Theft Government Social Engineering Accountability 346

Krebs on Security

JANUARY 31, 2025

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party.

Phishing 254

Phishing Cybercrime Advertising Malware 254

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Schneier on Security

MAY 24, 2024

The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 332

Marketing Spyware Surveillance Government 332

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking 98

Banking Government Accountability Hacking 98

Krebs on Security

MARCH 11, 2025

government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. authorities separately obtained earlier copies of Garantexs servers, including customer and accounting databases. A “most wanted” notice published by the U.S.

Ransomware 262

Ransomware Cryptocurrency Marketing Government 262

Krebs on Security

JANUARY 16, 2025

Merrill said the different purveyors of these SMS phishing tools traditionally have impersonated shipping companies, customs authorities, and even governments with tax refund lures and visa or immigration renewal scams targeting people who may be living abroad or new to a country.

Phishing 297

Phishing Scams Mobile Passwords 297

Krebs on Security

DECEMBER 14, 2020

Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. accounting firms. Communications at the U.S. Fortune 500. all five branches of the U.S. the Pentagon.

Hacking 363

Hacking Antivirus Software Accountability 363

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. continues the announcement.

Government 144

Government Surveillance Mobile Hacking 144

Krebs on Security

MAY 29, 2024

” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. government.

VPN 348

VPN Government Cybercrime Internet 348

Schneier on Security

MAY 26, 2022

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.

Malware 317

Malware Government Accountability 317

Krebs on Security

DECEMBER 11, 2024

wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards. work and kopeechka[.]store store ; -anonymity or “proxy” providers like crazyrdp[.]com

Cryptocurrency 282

Cryptocurrency Banking Cybercrime Advertising 282

Troy Hunt

JULY 21, 2021

Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? But there's also a lot of consistency, for example, here's a piece on whether it's legal to access an employee's email account in Australia : The short answer is yes.

Accountability 364

Accountability Data breaches Government InfoSec 364

Malwarebytes

DECEMBER 3, 2024

While hard to measure precisely, tech support scams accounted for $924M, according to the FBI’s 2023 Internet Crime Report. We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year.

Scams 135

Scams Advertising Accountability Engineering 135

BH Consulting

MARCH 26, 2025

In a presentation titled Digital governance for boards and senior executives: AI, cybersecurity, and privacy , she called on her extensive experience advising boards on these areas. Boards and senior executives face several questions about how best to approach the challenges of cybersecurity, privacy, and AI governance.

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Security Affairs

DECEMBER 6, 2024

.” Declassified documents from Romania’s security services revealed that Calin Georgescu, the pro-Russian presidential candidate, was “aggressively” promoted on TikTok through coordinated accounts and paid ads. The annulment affects both the election date set by Government Decision no.

Government 138

Government Cybercrime Cyber Attacks Hacking 138

Troy Hunt

FEBRUARY 25, 2025

Origin Story Last month after loading the aforementioned corpus of data, someone in a government agency reached out and pointed me in the direction of more data by way of two files totalling just over 5GB. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. Up to speed?

Passwords 359

Passwords Accountability VPN Malware 359

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Protect your social media accounts by using Malwarebytes Identity Theft Protection. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Security Affairs

NOVEMBER 3, 2024

The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts. These routers are used to relay brute-force attacks on Microsoft 365 accounts. In the majority of the campaigns, about 80 percent, CovertNetwork-1658 makes only one sign-in attempt per account per day.

Passwords 132

Passwords Wireless VPN Accountability 132

Malwarebytes

FEBRUARY 11, 2025

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. However, Apple itself doesn’t have access to it at the moment, only the holder of the Apple account can access data stored in this way. Since then, privacy focused groups have uttered their objections.

Encryption 135

Encryption Backups Government Accountability 135

Krebs on Security

JANUARY 10, 2024

Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies. Mora said it’s unclear if the bitcoin address that holds his client’s stolen money is being held by the government or by the anonymous hackers.

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts. and ChangeItN0w!—were

Passwords 289

Passwords Accountability Authentication Government 289

Krebs on Security

MAY 7, 2025

People who purchased fake certifications were subsequently blackmailed by Axact employees posing as government officials , who would demand additional payments under threats of prosecution or imprisonment for having bought fraudulent unauthorized academic degrees. The Google ads promoting quranmasteronline[.]com

Scams 189

Scams Marketing Advertising Technology 189

Malwarebytes

FEBRUARY 3, 2025

. “Members of civil society” usually refers to individuals and organizations that operate independently from government and business sectors, often those advocating for public interests, influencing policy, or holding governments accountable.

Spyware 121

Spyware Accountability Encryption Government 121

Schneier on Security

APRIL 9, 2024

It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 333

Hacking Government Accountability Technology 333

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). Internal Revenue Service (IRS), those login credentials will cease to work later this year. may require a recorded, live video chat with the person applying for benefits. ” Signing up at ID.me

Mobile 363

Mobile Accountability Insurance Government 363