Schneier on Security

JULY 2, 2021

The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. News article.

Hacking 363

Hacking Passwords Malware Accountability 363

Malwarebytes

NOVEMBER 19, 2024

Instead of the video editor, users got information stealing malware. The criminals seem to have used a lot of accounts to promote their “product” as you can see from this search on X. Some accounts were expressly created for this purpose, while others look like they may have been compromised accounts.

Artificial Intelligence 133

Artificial Intelligence Cryptocurrency Accountability Passwords 133

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 347

Accountability Passwords Authentication Password Management 347

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. This is not a good sign.

Authentication 356

Authentication Passwords Accountability Media 356

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. So once again I sought to re-register as myself at Experian.

Accountability 333

Accountability Authentication Passwords Identity Theft 333

The Hacker News

NOVEMBER 20, 2024

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.

Accountability 139

Accountability Malware 139

Schneier on Security

MAY 20, 2021

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. The backdoor has numerous commands built in to allow manipulation of a targeted individual, including keystroke loggers that allow for harvesting of personal login information.

Banking 360

Banking Malware Accountability 360

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. This should bother you.”

Mobile 323

Mobile Wireless Advertising Telecommunications 323

Krebs on Security

AUGUST 19, 2024

According to the breach tracking service Constella Intelligence , the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.

Passwords 359

Passwords Data breaches Accountability Data privacy 359

The Hacker News

OCTOBER 30, 2024

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News.

Accountability 140

Accountability Malware Advertising Cybersecurity 140

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking 258

Hacking Accountability Government Social Engineering 258

Krebs on Security

OCTOBER 13, 2021

It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail.

Passwords 353

Passwords Phishing Accountability Mobile 353

Krebs on Security

APRIL 12, 2021

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. Gemini shared a new sales thread on a Russian-language crime forum that included my ParkMobile account information in the accompanying screenshot of the stolen data.

Mobile 363

Mobile Passwords Accountability Cybercrime 363

Krebs on Security

MARCH 26, 2024

Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code.

Passwords 362

Passwords Accountability Engineering Phishing 362

SecureList

OCTOBER 4, 2024

To prevent anyone trying to disclose information about these channels and the fraudulent activity of their creators, the administrators disabled message forwarding, screenshots, and previews of these channels in the Telegram web-version. The attackers uploaded numerous videos in English from multiple accounts which were presumably stolen.

Scams 141

Scams Cryptocurrency Malware Software 141

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). Unfortunately, clicking that link brought up prompts to re-upload all of the information I’d already supplied, and then some. Some 27 states already use ID.me

Mobile 364

Mobile Accountability Insurance Government 364

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Hacking 321

Hacking Cybercrime Authentication Passwords 321

Krebs on Security

NOVEMBER 13, 2021

According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. Until sometime this morning, the LEEP portal allowed anyone to apply for an account.

Internet 363

Internet Internet Hacking Accountability 363

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Department of Defense. USDoD’s InfraGard sales thread on Breached.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Krebs on Security

AUGUST 15, 2024

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. billion rows of records — they claimed was taken from nationalpublicdata.com. .”

Hacking 352

Hacking Data breaches Identity Theft Accountability 352

Schneier on Security

AUGUST 10, 2021

The other feature scans all iMessage images sent or received by child accounts — that is, accounts designated as owned by a minor — for sexually explicit material, and if the child is young enough, notifies the parent when these images are sent or received. Beware the Four Horsemen of the Information Apocalypse.

Surveillance 363

Surveillance Encryption Accountability 363

Schneier on Security

DECEMBER 7, 2023

. “In this case, the federal government prohibited us from sharing any information,” the company said in a statement. ” Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”

Surveillance 333

Surveillance Government Accountability Spyware 333

Schneier on Security

NOVEMBER 22, 2023

Signal has had the ability to manually authenticate another account for years. Instead of relying on Apple to verify the other person’s identity using information stored securely on Apple’s servers, you and the other party read a short verification code to each other, either in person or on a phone call.

Authentication 315

Authentication Encryption Accountability 315

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers.

Artificial Intelligence 313

Artificial Intelligence Healthcare Accountability Banking 313

Schneier on Security

NOVEMBER 22, 2022

Apple has long claimed otherwise: On Apple’s device analytics and privacy legal page , the company says no information collected from a device for analytics purposes is traceable back to a specific user. None of the collected information identifies you personally,” the company claims.

Accountability 281

Accountability 281

Malwarebytes

NOVEMBER 22, 2024

Meta provided insight this week into the company’s efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Here’s what you can do to keep yourself safe: Don’t give scammers the information they need.

Accountability 138

Accountability Scams Cryptocurrency Identity Theft 138

Krebs on Security

MARCH 14, 2023

Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. “Victims are extorted into paying CC-1 to have their information removed from Forum-1,” prosecutors allege.

Hacking 289

Hacking Government Media Accountability 289

Krebs on Security

JULY 12, 2024

The company said the stolen data includes records of calls and texts for mobile providers that resell AT&T’s service, but that it does not include the content of calls or texts, Social Security numbers, dates of birth, or any other personally identifiable information. million current AT&T account holders and roughly 65.4

Data breaches 336

Data breaches Passwords Authentication Accountability 336

Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Incredibly, Turner acknowledges that PNC told him his account was flagged for attention from law enforcement officials.

Banking 264

Banking Cybercrime Accountability Retail 264

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability 312

Accountability Scams Artificial Intelligence Cryptocurrency 312

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Last month, Sens. Mark Warner (D-Va.)

Healthcare 283

Healthcare Insurance Computers and Electronics Data breaches 283

Krebs on Security

JANUARY 9, 2023

But when I tried to get my report from Experian via annualcreditreport.com, Experian’s website said it didn’t have enough information to validate my identity. In response to information shared by KrebsOnSecurity, Senator Ron Wyden (D-Ore.) It wouldn’t even show me the four multiple-guess questions. ” Sen.

Identity Theft 358

Identity Theft Accountability Authentication Web Fraud 358

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Cryptocurrency 238

Cryptocurrency Accountability Authentication Phishing 238

Schneier on Security

MAY 17, 2024

[…] The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc ” “Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co

Hacking 285

Hacking Accountability Ransomware Internet 285

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 “There is also information on corporate taxpayers.”

Identity Theft 271

Identity Theft Banking Cybercrime Hacking 271

Troy Hunt

JULY 21, 2021

Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? But there's also a lot of consistency, for example, here's a piece on whether it's legal to access an employee's email account in Australia : The short answer is yes.

Accountability 363

Accountability Data breaches Government InfoSec 363

The Hacker News

OCTOBER 30, 2024

The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.

Accountability 130

Accountability 130