Krebs on Security

JANUARY 17, 2024

Images from Punchmade Dev’s Twitter/X account show him displaying bags of cash and wearing a functional diamond-crusted payment card skimmer. Punchmade Dev’s most controversial mix — a rap called “Wire Fraud Tutorial” — was taken down by Youtube last summer for violating the site’s rules.

Cybercrime 322

Cybercrime Media Banking Accountability 322

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability 312

Accountability Scams Artificial Intelligence Cryptocurrency 312

Krebs on Security

SEPTEMBER 30, 2022

” “Since playing Tradewars on my Tandy 1000 with a 300 baud modem in the early ’90s, I’ve had a lifelong passion for technology, which I’ve carried with me as Deputy CISO of the world’s largest health plan,” her profile reads. Maryann’s profile says she’s from Tupelo, Miss.,

CISO 340

CISO Cybercrime Accountability Information Security 340

Krebs on Security

SEPTEMBER 29, 2021

The idea is that even if the user’s password gets stolen, the attacker still can’t access the user’s account without that second factor — i.e. without access to the victim’s mobile device or phone number. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords 342

Passwords Mobile Authentication Banking 342

Krebs on Security

FEBRUARY 28, 2024

The profile also linked to Mr. Lee’s Twitter/X account , which features the same profile image. Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link.

Malware 326

Malware Cryptocurrency Software Phishing 326

Krebs on Security

MAY 21, 2021

In late April, the FBI warned that technology is making these scams easier and more lucrative for fraudsters, who are particularly fond of impersonating recruiters. LinkedIn said its platform uses automated and manual defenses to detect and address fake accounts or fraudulent payments. of the fake accounts. .

Scams 364

Scams Accountability Advertising Web Fraud 364

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. Image: Cloudflare.com. 2, and Aug. On that last date, Twilio disclosed that on Aug. According to an Aug. In an Aug.

Mobile 337

Mobile Phishing Authentication Accountability 337

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. 252) are currently blocked by Google’s Safebrowsing technology, and labeled with a conspicuous red warning saying the website will try to foist malware on visitors who ignore the warning and continue.

Software 318

Software Advertising Malware Accountability 318

Krebs on Security

OCTOBER 18, 2023

But when Cloudflare blocked those accounts the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain (BSC), a technology designed to run decentralized apps and “smart contracts,” or coded agreements that execute actions automatically when certain conditions are met. .”

Scams 332

Scams Malware Cryptocurrency Hacking 332

Krebs on Security

AUGUST 2, 2022

account for a slew of other “iboss” themed email addresses, one of which is tied to a LinkedIn profile for an Oleg Iskhusnyh , who describes himself as a senior web developer living in Nur-Sultan, Kazakhstan. The various “iboss” email accounts appear to have been shared by multiple parties.

Malware 315

Malware Cybercrime Internet Internet 315

Krebs on Security

JULY 18, 2022

“Our technology ensures the maximum security from reverse engineering and antivirus detections,” ExEClean promised. However there are two cybercriminal identities on the forums that have responded to individual 911 help requests, and who promoted the sale of 911 accounts via their handles. su between 2016 and 2019.

VPN 352

VPN Computers and Electronics Antivirus Software 352

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. OG accounts typically can be resold for thousands of dollars. ” FAKE IDs AND PHONY NOTES. .

Mobile 269

Mobile Cryptocurrency Accountability Passwords 269

Krebs on Security

JULY 29, 2021

. “You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar , chief technology officer at security firm Emsisoft. customers this month.

Passwords 363

Passwords Password Management Phishing Scams 363

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. technology companies during the summer of 2022. 9, 2024, U.S. A graphic depicting how 0ktapus leveraged one victim to attack another. Twilio disclosed in Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Krebs on Security

AUGUST 16, 2022

“There has been no violation of our platforms and technological infrastructure,” Banorte said. But in a brief written statement picked up on Twitter , Banorte said there was no breach involving their infrastructure, and the data being sold is old. ” That statement may be 100 percent true.

Data breaches 319

Data breaches Banking Cybercrime Marketing 319

Krebs on Security

DECEMBER 8, 2022

Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication. Running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities. Encrypting sensitive data wherever possible. ”

Healthcare 323

Healthcare Backups Ransomware Insurance 323

Krebs on Security

APRIL 7, 2022

Department of Justice (DOJ) says the GRU’s hackers built Cyclops Blink by exploiting previously undocumented security weaknesses in firewalls and routers made by both ASUS and WatchGuard Technologies. “In some cases, the spearphishing attacks were successful, including in the compromise of the business network (i.e.,

Marketing 301

Marketing Energy and Utilities Malware Ransomware 301

Krebs on Security

JUNE 22, 2023

In April 2022, KrebsOnSecurity heard from Alex, the CEO of a technology company in Canada who asked to leave his last name out of this story. A smishing website targeting Canadians who recently purchased from Adidas online. The site would only load in a mobile browser.

Phishing 323

Phishing Retail Mobile Scams 323

Krebs on Security

JANUARY 22, 2019

The crux of Bryant’s discovery was that the spammers in those 2016 campaigns learned that countless hosting firms and registrars would allow anyone to add a domain to their account without ever validating that the person requesting the change actually owned the domain. domaincontrol.com and ns18.domaincontrol.com). domaincontrol.com).

DNS 271

DNS Internet Internet Computers and Electronics 271

Krebs on Security

APRIL 4, 2024

Launched in 2008, privnote.com employs technology that encrypts each message so that even Privnote itself cannot read its contents. For example, this account at Medium has authored more than a dozen blog posts in the past year singing the praises of Tornote as a secure, self-destructing messaging service.

Phishing 274

Phishing Cryptocurrency DDOS Internet 274

Security Boulevard

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S.

Mobile 52

Mobile Media Government Accountability 52

Krebs on Security

FEBRUARY 18, 2025

Rather, the missives are sent through the Apple iMessage service and through RCS , the functionally equivalent technology on Google phones. Merrill has been studying the evolution of several China-based smishing gangs, and found that most of them feature helpful and informative video tutorials in their sales accounts on Telegram.

Phishing 283

Phishing Mobile Scams Banking 283

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. co saying he could be hired to perform fake EDRs on targets at will, provided the account was recently active.

Government 312

Government Accountability Education Media 312

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. ” NEEDLES IN THE HAYSTACK.

Mobile 229

Mobile Government Media Technology 229

Krebs on Security

SEPTEMBER 13, 2024

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account.

Cybercrime 320

Cybercrime Accountability Mobile Hacking 320

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. One of many self portraits published on the Instagram account of Enzo Zelocchi.

Cryptocurrency 312

Cryptocurrency Government Internet Internet 312

Krebs on Security

JANUARY 25, 2022

27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile. Then on Nov. Take a look at that 546.56 A portion of the Jan.

Financial Services 245

Financial Services Banking Accountability Identity Theft 245

Krebs on Security

MARCH 29, 2022

It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death. THE LAPSUS$ CONNECTION.

Accountability 289

Accountability Government Hacking Social Engineering 289

Krebs on Security

MARCH 22, 2023

On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo’s source code included a “backdoor,” a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will.

Malware 320

Malware eCommerce Mobile Media 320

Krebs on Security

JANUARY 30, 2025

Amazon said AWS was already aware of the Funnull addresses tracked by Silent Push, and that it had suspended all known accounts linked to the activity. Hummel said NoName’s history suggests they are adept at cycling through new cloud provider accounts, making anti-abuse efforts into a game of whac-a-mole.

Accountability 238

Accountability Scams Passwords Retail 238