Accountability and Technology - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. But this past year, Interisle found the U.S. ”

Cybercrime

Cybercrime Phishing Accountability Internet

Upload a video selfie to get your Facebook or Instagram account back

Malwarebytes

OCTOBER 22, 2024

Meta, the company behind Facebook and Instagram says its testing new ways to use facial recognition—both to combat scams and to help restore access to compromised accounts. The social media giant is testing the use of video selfies and facial recognition to help users get their hijacked accounts back. What do you think?

Accountability

Accountability Scams Media Artificial Intelligence

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

OCTOBER 7, 2022

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. In the case of Zelle scams, the answer is yes. ” UNAUTHORIZED FRAUD.

Banking

Banking Accountability Scams Passwords

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards. work and kopeechka[.]store store ; -anonymity or “proxy” providers like crazyrdp[.]com

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted.

Data breaches

Data breaches Banking Cybercrime Advertising

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Related: Technology and justice systems The U.S. Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication.

CISO

CISO CSO Risk Cyber threats

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches

Data breaches Identity Theft Accountability Technology

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS , the equivalent “rich text” messaging capability built into Android devices.

Phishing

Phishing Scams Mobile Passwords

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. In 2022, Araneida told fellow Breached members they could be reached on Discord at the username “ Ornie#9811.”

Hacking

Hacking Cybercrime Advertising Data breaches

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Jane Frankland

APRIL 15, 2025

While these technological investments have their value, theyre not enough to solve the fundamental problem the majority of risks come from humans. The Allure of Technology in Cybersecurity Cybersecurity professionals, like Gregs car-loving coffee enthusiast, often find comfort in technology.

Risk

Risk Technology Cybersecurity Security Awareness

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

The attackers employ a phishing technique called device code phishing, which tricks users into logging into productivity apps while capturing login tokens that can be used to take over compromised accounts. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. .

Phishing

Phishing Authentication Telecommunications Accountability

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. You get the idea.

Passwords

Passwords Accountability VPN Malware

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Transparent, traceable, and accountable AI practices are crucial to mitigate biases and align actions with ethical standards. The drivers are intensifying.

Cyber threats

Cyber threats CISO IoT Phishing

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity

Cybersecurity Technology Scams Risk

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware

Malware Software Technology Accountability

Android devices track you before you even sign in

Malwarebytes

MARCH 12, 2025

Google is spying on Android users, starting from even before they have logged in to their Google account. The researchers found that multiple identifiers are used to track the user of an Android handset, even before they have opened a Google app or signed in to their Google account.

Advertising

Advertising Accountability Marketing Engineering

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

AI tool GeoSpy analyzes images and identifies locations in seconds

Malwarebytes

JANUARY 21, 2025

Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement. But the investigative journalists from 404 Media report thatthe tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.

Media

Media Artificial Intelligence Identity Theft Surveillance

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

“This “SMS blasting” attack relies on using technology that impersonates cellular base stations and is capable of transmitting thousands of messages to devices within a close geographical radius.” The suspects were charged with fraud, money laundering, and operating as money mule account holders.

Mobile

Mobile Scams Technology Telecommunications

On the Zero-Day Market

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing

Marketing Spyware Surveillance Government

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. To mitigate risks, organizations must enforce Zero-Trust principles, limit AI access to privileged accounts, and sanitize AI prompts.

Risk

Risk Threat Detection Technology Phishing

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

DemandScience is what we refer to as a "data aggregator" in that they combine identity data from multiple locations, bundle it up, and then sell it.

Data breaches

Data breaches Passwords B2B Technology

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

There are two sides to this: 1) assessing a technology vendors cryptoagility efforts in your RFPs as a part of determining third-party tech supplier risk, 2) assessing a technology vendors capability to help you in your PQC migration as technology functionality you can use.

Encryption

Encryption Financial Services Technology Risk

New AI “agents” could hold people for ransom in 2025

Malwarebytes

FEBRUARY 4, 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. Uhh, again, that is.

Artificial Intelligence

Artificial Intelligence Small Business Malware Technology

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

While conventional “internal” employees account for 29% of identities, non-employees or “external identities” in aggregate (contractors, vendors, etc.) account for nearly half of the total users (48%). And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe. Let’s see how.

B2B

B2B Cybersecurity Risk Identity Theft

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

BeyondTrust Chief Technology Officer Marc Maiffret said that alert came more than two weeks after his company alerted Okta to a potential problem. 17, the company had identified and contained the incident — disabling the compromised customer case management account, and invalidating Okta access tokens associated with that account.

Social Engineering

Social Engineering Engineering Accountability Hacking

Okta: Breach Affected All Customer Support Users

Krebs on Security

NOVEMBER 29, 2023

That access allowed the hackers to steal authentication tokens from some Okta customers, which the attackers could then use to make changes to customer accounts, such as adding or modifying authorized users. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Authentication

Authentication Accountability Passwords Antivirus

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.

Phishing

Phishing Artificial Intelligence Password Management Accountability

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Anne Neuberger, the US deputy national security adviser for cyber and emerging technologies stated the “Chinese access was broad in terms of potential access to communications of everyday Americans” but she said the hackers only targeted prominent individuals.

Encryption

Encryption Identity Theft Media Telecommunications

Public AI as an Alternative to Corporate AI

Schneier on Security

MARCH 21, 2024

Given how transformative this technology will be for the world, this is a problem. Like public roads and the federal postal system, a public AI option could guarantee universal access to this transformative technology and set an implicit standard that private services must surpass to compete.

Small Business

Small Business Government Technology Marketing

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

" "The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts," said Akil Davis, the Assistant Director in Charge of the FBI's Los Angeles Field Office.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

The increasing sophistication of these technologies has made it harder than ever to distinguish real content from fake. A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. As the technology evolves, so will its misuse.

Artificial Intelligence

Artificial Intelligence Phishing Media Cyber threats

News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most

The Last Watchdog

FEBRUARY 11, 2025

The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks. In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

DDOS

DDOS Financial Services Technology Accountability

Threats of Machine-Generated Text

Schneier on Security

JANUARY 13, 2023

With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype.

Accountability

Accountability Technology Cybersecurity

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. .

Cybercrime

Cybercrime Phishing Accountability Malware

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

The unsuspecting Discord members click the link provided by the compromised administrator account, and are asked to connect their crypto wallet to the scammer’s site, where it asks for unlimited spend approvals on their tokens, and subsequently drains the balance of any valuable accounts.

Hacking

Hacking Accountability Scams Cryptocurrency

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

eSecurity Planet

MARCH 24, 2025

Expert analysis and the broader cybersecurity context Cybersecurity analysts have long warned that the rapid adoption of cloud technologies can outpace the implementation of necessary security frameworks. Immediate mitigation measures include: Resetting passwords, particularly for privileged LDAP accounts.

Risk

Risk Passwords Hacking Encryption

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

Resolution #2: Take a Quantum Leap in Security As quantum computing improves, organizations must prepare today to address the security risk posed by this emerging technology. Resolution #3: Protect Privileged Accounts in the Modern Digital Era In the face of evolving cybersecurity threats, protecting privileged accounts is essential.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

JUNE 21, 2021

The ISAC found when it comes to IT systems tied to “operational technology” (OT) — systems responsible for monitoring and controlling the industrial operation of these utilities and their safety features — just 30.5 percent of utilities have identified all IT-networked assets, with an additional 21.7 Image: WaterISAC.

Hacking

Hacking Accountability Cybersecurity Technology

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

Schneier on Security

APRIL 9, 2024

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.

Hacking

Hacking Government Accountability Technology

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

In information technology, brittleness also results from the fact that hundreds of companies, none of which you;ve heard of, each perform a small but essential role in keeping the internet running. We have built a society based on complex technology that we’re utterly dependent on, with no reliable way to manage that technology.

Marketing

Marketing Software Internet Internet

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Why Phishers Love New TLDs Like.shop,top and.xyz

Trending Sources

Upload a video selfie to get your Facebook or Instagram account back

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

How Cryptocurrency Turns to Cash in Russian Banks

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Fintech Giant Finastra Investigating Data Breach

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

New Atrium Health data breach impacts 585,000 individuals

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Storm-2372 used the device code phishing technique since August 2024

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

3CX Breach Was a Double Supply Chain Compromise

Android devices track you before you even sign in

LinkedIn Adds Verified Emails, Profile Creation Dates

AI tool GeoSpy analyzes images and identifies locations in seconds

France’s second-largest telecoms provider Free suffered a cyber attack

Thai police arrested Chinese hackers involved in SMS blaster attacks

On the Zero-Day Market

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Inside the DemandScience by Pure Incubation Data Breach

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

New AI “agents” could hold people for ransom in 2025

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Hackers Stole Access Tokens from Okta’s Support Unit

Okta: Breach Affected All Customer Support Users

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Americans urged to use encrypted messaging after large, ongoing cyberattack

Public AI as an Alternative to Corporate AI

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

How threat actors can use generative artificial intelligence?

News alert: Gcore Radar reveals 56% rise in DDoS attacks – gaming industry targeted the most

Threats of Machine-Generated Text

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Discord Admins Hacked by Malicious Bookmarks

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

Cybersecurity Resolutions for 2025

How Cyber Safe is Your Drinking Water Supply?

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

The CrowdStrike Outage and Market-Driven Brittleness

Stay Connected