Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 110

Cybercrime Identity Theft Cryptocurrency Phishing 110

Penetration Testing

NOVEMBER 12, 2023

Microsoft has issued a warning about the North Korean hacking group Sapphire Sleet (BlueNoroff), which is deploying a new infrastructure for impending social engineering campaigns on LinkedIn.

Social Engineering 82

Social Engineering Cryptocurrency Engineering Penetration Testing 82

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking 327

Hacking Accountability Scams Media 327

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Security Affairs

NOVEMBER 24, 2020

Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy employees into handing over the control of the targeted domains with social engineering attacks.

Social Engineering 106

Social Engineering Engineering DNS Accountability 106

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. ” reads the report published by Insikt Group.

Scams 84

Scams Media Cryptocurrency Cybercrime 84

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Department of Justice announced that it has arrested and charged members of a major cybercriminal ring in connection with $2.4

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering 355

Social Engineering Mobile Passwords Cybercrime 355

Security Boulevard

JULY 16, 2024

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 131

Hacking Cryptocurrency Phishing Social Engineering 131

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency 285

Cryptocurrency Social Engineering Accountability Mobile 285

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. SecurityAffairs – hacking, cryptocurrency-themed apps).

Cryptocurrency 129

Cryptocurrency Mobile Hacking Accountability 129

Security Boulevard

DECEMBER 3, 2021

Schadenfreude: This week saw a pair of high-profile cryptocurrency thefts, totalling over $150 million. The post $150M Stolen in ‘Imaginary Money’ Crypto/DeFi Hacks appeared first on Security Boulevard.

Hacking 126

Hacking Cryptocurrency Social Engineering Engineering 126

Heimadal Security

APRIL 19, 2022

CISA, the FBI, and the US Treasury Department have recently issued a warning that firms in the cryptocurrency and blockchain industries are being targeted by the North Korean Lazarus hacking gang. It seems that the threat actors are using trojanized cryptocurrency applications in this wave of cyberattacks.

Social Engineering 122

Social Engineering Cryptocurrency Engineering Hacking 122

Threatpost

NOVEMBER 23, 2020

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.

Cryptocurrency 121

Cryptocurrency Social Engineering VPN Engineering 121

CyberSecurity Insiders

APRIL 5, 2023

North Korea has established a hacking group named APT43 to fund its cybercrime activities, aimed at advancing Pyongyang’s geopolitical interests. On April 3 of this year, Google’s Threat Analysis Group (TAG) announced that APT43 was in-volved in cryptocurrency theft and digital currency laundering.

Hacking 105

Hacking Social Engineering Cryptocurrency Manufacturing 105

SecureWorld News

JULY 11, 2022

Axie Infinity, a video game that utilizes NFTs and Ethereum-based cryptocurrencies, lost $540 million in March of this year after a senior engineer was tricked into opening a PDF of a fake job application, according to a story from The Block. The employee who fell for the social engineering scheme no longer works for Sky Mavis.

Social Engineering 96

Social Engineering Hacking Cryptocurrency Cybercrime 96

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. Microsoft researchers warn of a new social engineering campaign aimed at IT job seekers that relied on a new cluster of bogus skills assessment portals. ” warns Microsoft through a series of posts on X.

Social Engineering 142

Social Engineering Cryptocurrency Engineering Malware 142

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. Tank, seen here performing as a DJ in Ukraine in an undated photo from social media.

Cryptocurrency 287

Cryptocurrency Cybercrime Computers and Electronics Scams 287

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 95

Insurance Cryptocurrency Cyber threats Marketing 95

Security Affairs

JUNE 30, 2022

North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. SecurityAffairs – hacking, Harmony). ” reads the report published by Elliptic. ” concludes the post.

Hacking 100

Hacking Social Engineering Cryptocurrency Engineering 100

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. Microsoft Corp.

Malware 328

Malware Software Technology Accountability 328

CyberSecurity Insiders

FEBRUARY 8, 2021

And an official confirmation says that the attack was launched by notorious North Korean Lazarus hacking group that is known for its social engineering attacks such as the Wannacry 2017. And all the expenses are borne by the Kim Jung UN led nation who steals cryptocurrency to fund its nuclear programs.

Ransomware 134

Ransomware Social Engineering Cryptocurrency Cybercrime 134

Security Affairs

NOVEMBER 8, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. blog, which was chosen by the attackers in an attempt to appear as the legitimate cryptocurrency exchange swissborg.com. The binary is ad-hoc signed that was observed communicating with the domain swissborg[.]blog,

Malware 134

Malware Cryptocurrency Social Engineering Engineering 134

Security Boulevard

AUGUST 2, 2022

Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. It is easy to detect and block things like malicious cryptocurrency apps or crypto-phishing websites.

Cryptocurrency 98

Cryptocurrency Ransomware Government Risk 98

Hacker Combat

AUGUST 8, 2022

North Korean hackers use phoney Coinbase job offers to target cryptocurrency professionals. The renowned North Korean hacking outfit Lazarus has uncovered a new social engineering scheme in which the hackers pose as Coinbase to lure workers into the fintech sector. Lazarus hackers go after cryptocurrency.

Social Engineering 105

Social Engineering Cryptocurrency Engineering Malware 105

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. SecurityAffairs – hacking, MailChimp). Pierluigi Paganini.

Phishing 138

Phishing Data breaches Cryptocurrency Social Engineering 138

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

Security Affairs

SEPTEMBER 17, 2023

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. The group is also suspected to have recently stolen $31 million from the professional global cryptocurrency exchange CoinEx. ” reads the report. million has vanished due to private key breaches.

Cryptocurrency 141

Cryptocurrency Social Engineering Hacking Engineering 141

Security Affairs

JANUARY 12, 2025

CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog Threat actors breached the Argentinas airport security police (PSA) payroll Moxa router flaws pose serious risks to industrial environmets US adds Tencent to the list of companies supporting Chinese military Eagerbee backdoor targets govt entities (..)

Data breaches 61

Data breaches Phishing Social Engineering Engineering 61

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Ransomware. Password and info stealers.

Cryptocurrency 109

Cryptocurrency Social Engineering Malware Cybercrime 109

Security Affairs

OCTOBER 20, 2021

According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums. Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. Pierluigi Paganini.

Accountability 144

Accountability Malware Phishing Social Engineering 144

SecureList

AUGUST 10, 2022

Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering hack-for-hire services, or acting as an information broker to support competitive and financial intelligence efforts. Malicious DOCX social engineering message. xml version="1.0" encoding="UTF-8" standalone="yes"?>

Cryptocurrency 118

Cryptocurrency Encryption Social Engineering Passwords 118

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 132

Scams Phishing Cryptocurrency Social Engineering 132

Security Affairs

JUNE 17, 2024

. “A 22-year-old British man has been arrested in Palma de Mallorca in a joint effort by Spanish police and the FBI on suspicion of being the ringleader of a hacking group which targeted 45 companies and people in the United States.” ” reported the Murcia Today. ” continues Krebs.

Cybercrime 129

Cybercrime Hacking Social Engineering Cryptocurrency 129

eSecurity Planet

NOVEMBER 18, 2022

This involved using an “unsecured group email account as the root user to access confidential private keys and critically sensitive data for the FTX Group companies around the world…” About $740 million in cryptocurrency has been placed into new cold wallets. One way is through hijacking computer resources to mine cryptocurrencies.

Risk 143

Risk Cybersecurity Cryptocurrency Social Engineering 143