Accountability and Information - Cyber Security Informer

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Cybercriminals could use your account to spread spam and phishing emails to your contacts.

Accountability

Accountability Authentication Malware Banking

“Can you try a game I made?” Fake game sites lead to information stealers

Malwarebytes

JANUARY 3, 2025

The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. What the target will actually download and install is in reality an information stealing Trojan. There are several variations going around.

Scams

Scams Identity Theft Media Accountability

Fake Etsy invoice scam tricks sellers into sharing credit card information

Malwarebytes

FEBRUARY 12, 2025

In this post, well walk you through exactly how this scam works, show you what to watch out for, and give you tips on keeping your Etsy account secure. Inside the PDF, theres often a clickable link urging you to confirm your identity or verify your account. This is a common scare tactics. verlflcation- etsy [.]cfd). com-etsy-verify[.]cfd

Scams

Scams Accountability Marketing Account Security

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

20 Million OpenAI accounts offered for sale

Malwarebytes

FEBRUARY 7, 2025

Post by emirking A translation of the Russian statement by the poster says: When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldnt stay hidden. I have more than 20 million access codes to OpenAI accounts. Monitor your account for any unusual activity or unauthorized usage.

Accountability

Accountability Phishing Passwords Authentication

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Advertising Accountability Phishing Scams

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.

Accountability

Accountability Phishing Government Hacking

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide.

Passwords

Passwords Accountability Authentication Malware

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Last month, Sens. Mark Warner (D-Va.)

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Meta takes down more than 2 million accounts in fight against pig butchering

Malwarebytes

NOVEMBER 22, 2024

Meta provided insight this week into the company’s efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Here’s what you can do to keep yourself safe: Don’t give scammers the information they need.

Accountability

Accountability Scams Cryptocurrency Identity Theft

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

Accountability

Accountability Banking Internet Internet

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted. This is a developing story.

Data breaches

Data breaches Banking Cybercrime Advertising

All Gmail users at risk from clever replay attack

Malwarebytes

APRIL 22, 2025

Cybercriminals are abusing Googles infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. The difference is that anyone with a Google account can create a website on sites.google.com. Instead create an account on the service itself.

Risk

Risk Accountability Scams Phishing

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime

Cybercrime Social Engineering Accountability Government

The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

Heimadal Security

MARCH 20, 2025

In early 2024, background checking service National Public Data was hit by a massive cyberattack that potentially compromised the sensitive, personal information of millions, or possibly even billions, of people around the world, including U.S. residents. A year later, new security threats have gained traction.

Data breaches

Data breaches Artificial Intelligence Accountability Cybersecurity

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed). AT&T reportedly paid a hacker $370,000 to delete stolen phone records.

Hacking

Hacking Government Identity Theft Accountability

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Malwarebytes

APRIL 1, 2025

This update must be completed by 2025-03-16 to avoid any potential penalties or disruptions to your account. Once logged in, follow the prompts to review and confirm your tax information. Perhaps they’ll sell the details on the dark web, or use them for themselves to get access to your Microsoft accounts.

Scams

Scams Phishing Artificial Intelligence Social Engineering

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Security Affairs

APRIL 9, 2025

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. Affected accounts were disabled. The breach was confirmed on Feb. OCC on Feb.

Accountability

Accountability Banking Information Security Hacking

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. This is not a good idea. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

Fidelity Investments suffered a second data breach this year

Security Affairs

OCTOBER 14, 2024

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack.

Data breaches

Data breaches Financial Services Accountability Hacking

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. seized $283,000 in cryptocurrency from an account linked to Sami as part of actions against the illicit activities of PopeyeTools.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. Click to enlarge.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. The seller listed two databases for sale one containing 19,192,948 customer accounts and another including 5.11 ” “Thus, this information should be taken cautiously until confirmed.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. billion yen Typically, attackers hijack victim accounts, sell held stocks, and use the proceeds to buy assets like Chinese stocks, which remain in the account post-attack.

Financial Services

Financial Services Passwords Accountability Antivirus

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking

Hacking Cybercrime Advertising Data breaches

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. The ransomware gang claims to have stolen sensitive data including accounting info and contracts. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware

Ransomware Hacking Accountability Cyber Attacks

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances— was compromised. After that, Medicaid and Medicare records were compromised.

Government

Government Artificial Intelligence Banking Software

Nigerian man Sentenced to 26+ years in real estate phishing scams

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts.

Scams

Scams Phishing Identity Theft Accountability

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Broadly, Malwarebytes found that: 74% of people “consider US election season a risky time for personal information.” Distrust in political ads is broad—62% said they “disagree” or “strongly disagree” that the information they receive in US election-related ads is trustworthy. The reasons could be obvious.

Scams

Scams Identity Theft Cybercrime Accountability

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Stuart McClure, CEO, Qwiet AI McClure The SEC’s goal appears to be to hold these companies accountable to investors for any successful cyberattacks and expose the company’s lack of preparation and prevention.

CISO

CISO CSO Risk Cyber threats

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company.

Insurance

Insurance Accountability Risk Data breaches

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

The email address used for those accounts was f.grimpe@gmail.com. — is registered at an address in Gan-Ner, Israel, but there is no ownership information about this entity. Constella says that email address is tied to a Twitter/X account for Shoppy Ecommerce in Israel. lol and nulled[.]it.

eCommerce

eCommerce Cybercrime Accountability Passwords

Scammers Target Netflix Users: Expert Issues Urgent Warning

eSecurity Planet

MARCH 31, 2025

Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. One of the most common methods is smishing, which involves sending fraudulent text messages claiming your Netflix account has been locked due to suspicious activity.

Scams

Scams Artificial Intelligence Phishing Passwords

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

These tools, designed to enhance user experience, may have transmitted personal information to third-party vendors like Google and Meta (formerly Facebook). Impacts vary depending on users’ browsers, cookies, and third-party account activity. added Atrium Health. Affected individuals were notified in September.

Data breaches

Data breaches Identity Theft Accountability Technology

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

From the DOJ press release: "We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals," said United States Attorney Martin Estrada. "As

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

Android devices track you before you even sign in

Malwarebytes

MARCH 12, 2025

Google is spying on Android users, starting from even before they have logged in to their Google account. The researchers found that multiple identifiers are used to track the user of an Android handset, even before they have opened a Google app or signed in to their Google account.

Advertising

Advertising Accountability Marketing Engineering

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. That last one seems perfectly reasonable, and fortunately, DemandScience does have a link on their website to Do Not Sell My Information : Dammit! So, he asked them: I seem to have found my email in your data breach. If, like me, you're part of the 99.5%

Data breaches

Data breaches Passwords B2B Technology

National Public Data Published Its Own Passwords

Krebs on Security

AUGUST 19, 2024

According to the breach tracking service Constella Intelligence , the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.

Passwords

Passwords Data breaches Accountability Data privacy

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

“Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims,” the DOJ wrote. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

Phishing

Phishing Cybercrime Advertising Malware

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

The malware allows operators to steal bank users’ sensitive information and money from their bank accounts. FakeCall is a banking trojan that uses voice phishing by impersonating banks in fraudulent calls to obtain sensitive information from victims.

Banking

Banking Malware Accountability Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Consider not storing your card details. Set up identity monitoring.

Data breaches

Data breaches Healthcare Passwords Insurance

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info. With vigilance, safe behavior, and some extra support, you can avoid Android phishing apps and protect your accounts from cybercriminals. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

“Can you try a game I made?” Fake game sites lead to information stealers

Webinars

Trending Sources

Fake Etsy invoice scam tricks sellers into sharing credit card information

Webinars

20 Million OpenAI accounts offered for sale

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Russia-linked APT Star Blizzard targets WhatsApp accounts

A large botnet targets M365 accounts with password spraying attacks

Booking.com Phishers May Leave You With Reservations

Change Healthcare Breach Hits 100M Americans

A Day in the Life of a Prolific Voice Phishing Crew

Meta takes down more than 2 million accounts in fight against pig butchering

Scammer robs homebuyers of life savings in $20 million theft spree

Fintech Giant Finastra Investigating Data Breach

All Gmail users at risk from clever replay attack

EDR-as-a-Service makes the headlines in the cybercrime landscape

The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

“Urgent reminder” tax scam wants to phish your Microsoft credentials

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Fidelity Investments suffered a second data breach this year

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Feds Charge Five Men in ‘Scattered Spider’ Roundup

France’s second-largest telecoms provider Free suffered a cyber attack

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

8Base ransomware group hacked Croatia’s Port of Rijeka

DOGE as a National Cyberattack

Nigerian man Sentenced to 26+ years in real estate phishing scams

Election season raises fears for nearly a third of people who worry their vote could be leaked

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

DNA testing company vanishes along with its customers’ genetic data

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Scammers Target Netflix Users: Expert Issues Urgent Warning

New Atrium Health data breach impacts 585,000 individuals

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

Android devices track you before you even sign in

Inside the DemandScience by Pure Incubation Data Breach

National Public Data Published Its Own Passwords

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

New version of Android malware FakeCall redirects bank calls to scammers

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Phishing evolves beyond email to become latest Android app threat

Stay Connected