Cryptocurrency, Data breaches and Web Fraud

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Image: Shutterstock, iHaMoo.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

That same month, they also sold data on 1.4 But this history was either overlooked or ignored by Group-IB , the Singapore-based cybersecurity firm apparently hired by Banorte to help respond to the data breach. “We ask you to remove this post containing Banorte data.

Data breaches

Data breaches Banking Cybercrime Marketing

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Hacking

Hacking Phishing Cybercrime Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Passwords

Passwords Password Management Phishing Scams

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. A 2016 screen shot of the Joker’s Stash homepage.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network , Compound Finance , Pendle Finance , and Unstoppable Domains.

Accountability

Accountability Cryptocurrency Passwords DNS

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Nor was he ever forced to improve his master password.

Passwords

Passwords Encryption Password Management Cryptocurrency

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The 911 service as it existed until July 28, 2022.

Cybercrime

Cybercrime Software VPN Backups

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. .” On July 28 and again on Aug. 7, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group. According to an Aug.

Mobile

Mobile Phishing Authentication Accountability

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

In 2018, KrebsOnSecurity detailed how Stevenson earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their websites, all the while secretly peddling those same vulnerabilities to cybercriminals.

Hacking

Hacking Government Media Accountability

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Data breaches Scams

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

On May 2, 2024, a user by the name “ Judische ” claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims.

Cybercrime

Cybercrime Accountability Mobile Hacking

Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

When Efforts to Contain a Data Breach Backfire

Trending Sources

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

The Life Cycle of a Breached Database

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

911 Proxy Service Implodes After Disclosing Breach

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

How 1-Time Passcodes Became a Corporate Liability

Two U.S. Men Charged in 2022 Hacking of DEA Portal

SSNDOB marketplace shut down by global law enforcement operation

The Dark Nexus Between Harm Groups and ‘The Com’

Stay Connected