Cryptocurrency, Hacking and Passwords - Cyber Security Informer

Using Hacked LastPass Keys to Steal Cryptocurrency

Schneier on Security

SEPTEMBER 18, 2023

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? That’s a really profitable hack. (It’s Look, I know that online password databases are more convenient.

Cryptocurrency

Cryptocurrency Hacking Passwords Encryption

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Image: Shutterstock, iHaMoo.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. Internet address was used to operate a Discord account that specified a cryptocurrency wallet when asking another user to send funds.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

MAY 5, 2020

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems. The post Ghost Blogging Platform Hacked To Mine Cryptocurrency appeared first on Adam Levin.

Cryptocurrency

Cryptocurrency Hacking System Administration Passwords

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities.

Retail

Retail Advertising Cryptocurrency Cybercrime

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking

Hacking Social Engineering Phishing Scams

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. This aligns with prior findings that cybercriminals cracked master passwords from LastPass to carry out major heists. Authorities seized $24M in frozen assets before they could be withdrawn.

Password Management

Password Management Cryptocurrency Passwords Data breaches

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency

Cryptocurrency Hacking InfoSec Data breaches

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov

Malware

Malware Scams Identity Theft Antivirus

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

Working with law enforcement partners in France, Germany, Latvia, the Netherlands, Romania and the United Kingdom, the DOJ said it was able to seize more than 50 Internet servers tied to the malware network, and nearly $9 million in ill-gotten cryptocurrency from QakBot’s cybercriminal overlords.

Hacking

Hacking Malware Ransomware Government

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. A familiar name behind major hacks Golden Chickens has been active since at least 2018.

Passwords

Passwords Malware Cryptocurrency Cybercrime

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Cryptocurrency

Cryptocurrency Scams Accountability Hacking

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking

Hacking Accountability Scams Media

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Malware

Malware Cryptocurrency Encryption Passwords

Hackers stole €1.2m worth of cryptocurrency from 2gether

Security Affairs

AUGUST 3, 2020

million worth of cryptocurrency from cryptocurrency investment accounts. . Hackers stole roughly €1.183 million worth of cryptocurrency from investment accounts of 2gether, 26.79% of overall funds stored by the accounts. Estrada urges users to change their passwords because they have been compromised in the attack. .

Cryptocurrency

Cryptocurrency Accountability Hacking Advertising

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. LW: So cryptocurrency got discovered as the ideal payment vehicle for ransomware. In 2011, total cryptocurrency value was about $10 billion. It was insane.

Cryptocurrency

Cryptocurrency Ransomware Passwords Malware

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor. I don’t care,” O’Connor told The Times.

Cryptocurrency

Cryptocurrency Accountability Mobile Hacking

Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

Security Affairs

MARCH 4, 2025

Threat actors use weak credential brute force to gain access to target systems, then deploy cryptocurrency miners and crimeware with capabilities like data exfiltration, persistence, self-termination, and pivot attacks. The folder also contains text files listing over 4,000 target IPs and passwords, focusing on ISPs in China and the U.S.

Cryptocurrency

Cryptocurrency Malware Passwords Hacking

Convicted SIM Swapper Gets 3 Years in Jail

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency

Cryptocurrency Mobile Authentication Accountability

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions. Researchers at Elastic Security Labs who first analyzed the malware confirmed it can steal keychain passwords and data from multiple browsers.

Malware

Malware Advertising Antivirus Cybercrime

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business

Small Business Cybersecurity Passwords Scams

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Phishing

Largest Cryptocurrency Hack in History, $10k For Stolen Network Access, Your Identity and the Metaverse

Security Boulevard

AUGUST 15, 2021

Over $600 million stolen in the largest DeFi cryptocurrency hack in history, attackers are getting around $10k for stolen network access credentials, and why your identity is trapped inside a social network and what this means for the next potential evolution of the Internet…the metaverse! ** Links mentioned on the show ** Apple to refuse […].

Cryptocurrency

Cryptocurrency Hacking Internet Internet

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Linux Servers Hacked to Launch DDoS Attacks and Mine Monero Cryptocurrency

Heimadal Security

JUNE 21, 2023

Hackers port scanned for publicly exposed Linux SSH servers and brute-forced username-password pairs to log in to the server. More about the Attack on […] The post Linux Servers Hacked to Launch DDoS Attacks and Mine Monero Cryptocurrency appeared first on Heimdal Security Blog.

DDOS

DDOS Cryptocurrency Hacking Passwords

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft.

Cryptocurrency

Cryptocurrency Phishing Accountability VPN

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords

Passwords Accountability Engineering Cryptocurrency

Details on VirusTotal Hacking

CyberSecurity Insiders

JANUARY 19, 2022

To prove it, researchers from SafeBreach purchased a €600 license from the anti-malware firm to collect over 1,000,000 usernames and passwords stored on the cloud based database of the said company. The post Details on VirusTotal Hacking appeared first on Cybersecurity Insiders.

Hacking

Hacking Malware Passwords Accountability

Cybercriminals pose as LastPass staff to hack password vaults

Bleeping Computer

APRIL 18, 2024

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [.]

Passwords

Passwords Cryptocurrency Hacking Phishing

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability

Accountability Hacking Cryptocurrency Cybersecurity

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Monero Cryptocurrency campaign exploits ProxyLogon flaws

Security Affairs

APRIL 18, 2021

Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. The miner’s pools.txt file is temporarily written to disk, its analysis allowed the researchers to determine the wallet address and its password, and the name DRUGS assigned to the pool of miners.

Cryptocurrency

Cryptocurrency Passwords Hacking Information Security

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner.

Hacking

Hacking Cryptocurrency Passwords Authentication

A Taxonomy of Access Control

Schneier on Security

AUGUST 12, 2022

The paper is about cryptocurrency wallet design, but the ideas are more general. Once you know these states, you can assign probabilities of transitioning from one state to another (someone hacks your account and locks you out, you forgot your own password, etc.) theft Only the adversary has access.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

Using Hacked LastPass Keys to Steal Cryptocurrency

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Webinars

Trending Sources

A Day in the Life of a Prolific Voice Phishing Crew

Webinars

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

An Interview With the Target & Home Depot Hacker

When Low-Tech Hacks Cause High-Impact Breaches

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

FBI warns of malicious free online document converters spreading malware

U.S. Hacks QakBot, Quietly Removes Botnet Infections

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

Crooks hacked Mandiant X account to push cryptocurrency scam

The Life Cycle of a Breached Database

Twitter Hacking for Profit and the LoLs

The source code of Banshee Stealer leaked online

Hackers stole €1.2m worth of cryptocurrency from 2gether

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

Convicted SIM Swapper Gets 3 Years in Jail

Banshee macOS stealer supports new evasion mechanisms

The 3 biggest cybersecurity threats to small businesses

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Calendar Meeting Links Used to Spread Mac Malware

Largest Cryptocurrency Hack in History, $10k For Stolen Network Access, Your Identity and the Metaverse

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Linux Servers Hacked to Launch DDoS Attacks and Mine Monero Cryptocurrency

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Details on VirusTotal Hacking

Cybercriminals pose as LastPass staff to hack password vaults

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Monero Cryptocurrency campaign exploits ProxyLogon flaws

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

A Taxonomy of Access Control

Stay Connected