Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted.

Data breaches 280

Data breaches Banking Cybercrime Advertising 280

Security Affairs

FEBRUARY 16, 2025

The attackers employ a phishing technique called device code phishing, which tricks users into logging into productivity apps while capturing login tokens that can be used to take over compromised accounts. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. .

Phishing 115

Phishing Authentication Telecommunications Accountability 115

Schneier on Security

DECEMBER 18, 2020

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology.

Surveillance 363

Surveillance Mobile Accountability Technology 363

Krebs on Security

FEBRUARY 18, 2025

Rather, the missives are sent through the Apple iMessage service and through RCS , the functionally equivalent technology on Google phones. Merrill has been studying the evolution of several China-based smishing gangs, and found that most of them feature helpful and informative video tutorials in their sales accounts on Telegram.

Phishing 268

Phishing Mobile Scams Retail 268

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches 111

Data breaches Identity Theft Accountability Technology 111

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. You get the idea.

Passwords 329

Passwords Accountability VPN Malware 329

Krebs on Security

JANUARY 16, 2025

SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS , the equivalent “rich text” messaging capability built into Android devices.

Phishing 292

Phishing Scams Mobile Passwords 292

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. In 2022, Araneida told fellow Breached members they could be reached on Discord at the username “ Ornie#9811.”

Hacking 220

Hacking Cybercrime Advertising Data breaches 220

Krebs on Security

NOVEMBER 10, 2020

Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. The Facebook ad blitz was paid for by Hodson Event Entertainment , an account tied to Chris Hodson , a deejay based in Chicago. On the evening of Monday, Nov. Image: Chris Hodson. ”

Ransomware 363

Ransomware Accountability Hacking Advertising 363

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Transparent, traceable, and accountable AI practices are crucial to mitigate biases and align actions with ethical standards. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity 130

Cybersecurity Technology Scams Risk 130

Malwarebytes

MARCH 12, 2025

Google is spying on Android users, starting from even before they have logged in to their Google account. The researchers found that multiple identifiers are used to track the user of an Android handset, even before they have opened a Google app or signed in to their Google account.

Advertising 118

Advertising Accountability Marketing Engineering 118

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 126

Cyber Attacks Telecommunications Data breaches Banking 126

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware 321

Malware Software Technology Accountability 321

Security Affairs

NOVEMBER 25, 2024

“This “SMS blasting” attack relies on using technology that impersonates cellular base stations and is capable of transmitting thousands of messages to devices within a close geographical radius.” The suspects were charged with fraud, money laundering, and operating as money mule account holders.

Mobile 124

Mobile Scams Technology Telecommunications 124

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 327

Marketing Spyware Surveillance Government 327

Krebs on Security

JANUARY 11, 2021

The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted).

Passwords 360

Passwords Authentication Firmware Accountability 360

Malwarebytes

JANUARY 21, 2025

Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement. But the investigative journalists from 404 Media report thatthe tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.

Media 142

Media Artificial Intelligence Identity Theft Surveillance 142

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. To mitigate risks, organizations must enforce Zero-Trust principles, limit AI access to privileged accounts, and sanitize AI prompts.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. co saying he could be hired to perform fake EDRs on targets at will, provided the account was recently active.

Government 303

Government Accountability Education Media 303

Malwarebytes

FEBRUARY 4, 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. Uhh, again, that is.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 276

Scams Artificial Intelligence Cryptocurrency Accountability 276

Security Affairs

OCTOBER 28, 2024

While conventional “internal” employees account for 29% of identities, non-employees or “external identities” in aggregate (contractors, vendors, etc.) account for nearly half of the total users (48%). And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe. Let’s see how.

B2B 126

B2B Cybersecurity Risk Identity Theft 126

eSecurity Planet

FEBRUARY 10, 2025

Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.

Phishing 115

Phishing Artificial Intelligence Password Management Accountability 115

Troy Hunt

NOVEMBER 13, 2024

DemandScience is what we refer to as a "data aggregator" in that they combine identity data from multiple locations, bundle it up, and then sell it.

Data breaches 286

Data breaches Passwords B2B Technology 286

IT Security Guru

FEBRUARY 25, 2025

MFA fatigue is simply a natural evolution in their tacticstargeting the human element instead of trying to bypass the technology itself. Cyber crooks often bank on organisations thinking of MFA as a silver bullet for account security, but it isnt.

Social Engineering 119

Social Engineering Authentication Risk Accountability 119

Krebs on Security

OCTOBER 20, 2023

BeyondTrust Chief Technology Officer Marc Maiffret said that alert came more than two weeks after his company alerted Okta to a potential problem. 17, the company had identified and contained the incident — disabling the compromised customer case management account, and invalidating Okta access tokens associated with that account.

Social Engineering 349

Social Engineering Engineering Accountability Hacking 349

Krebs on Security

JULY 30, 2020

-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip.

Banking 363

Banking Malware Encryption Accountability 363

The Last Watchdog

SEPTEMBER 25, 2023

Taking an active role Your cybersecurity policy should address your employees and technology systems. Taurins It’s also essential your business evaluates its technology and keeps it regularly updated to the latest security standards. Security places a crucial role in your technology. Employee training is crucial.

Small Business 222

Small Business Cybersecurity Technology Accountability 222

Schneier on Security

APRIL 9, 2024

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.

Hacking 327

Hacking Government Accountability Technology 327

Malwarebytes

DECEMBER 5, 2024

Anne Neuberger, the US deputy national security adviser for cyber and emerging technologies stated the “Chinese access was broad in terms of potential access to communications of everyday Americans” but she said the hackers only targeted prominent individuals.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Malwarebytes

AUGUST 6, 2024

Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes. That rate was 12% for women.

Accountability 134

Accountability Education Media Passwords 134

Krebs on Security

MARCH 23, 2021

But an always-reliable source in an adjacent California state agency who’s been tracking the incident internally with other employees says the SCO forgot to mention the intruders also had access to the phished employee’s Microsoft Office 365 files — and potentially any files shared with that account across the state network.

Phishing 327

Phishing Data breaches Accountability Technology 327

Adam Levin

DECEMBER 30, 2020

Offenders often use spoofing technology to anonymize their own phone numbers to make it appear to first responders as if the emergency call is coming from the victim’s phone number.”.

IoT 300

IoT Hacking Internet Internet 300

The Last Watchdog

FEBRUARY 11, 2025

The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks. In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

DDOS 130

DDOS Financial Services Technology Accountability 130

SecureWorld News

NOVEMBER 22, 2024

" "The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts," said Akil Davis, the Assistant Director in Charge of the FBI's Los Angeles Field Office.

Phishing 106

Phishing Identity Theft Cryptocurrency Cybercrime 106

Krebs on Security

NOVEMBER 29, 2023

That access allowed the hackers to steal authentication tokens from some Okta customers, which the attackers could then use to make changes to customer accounts, such as adding or modifying authorized users. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Authentication 280

Authentication Accountability Passwords Antivirus 280