Cryptocurrency, Hacking and Web Fraud - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Image: Shutterstock, iHaMoo.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Phishing Cybercrime Passwords

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. On May 9, MetrixCoin reported that its Discord server was hacked, with fake airdrop details pushed to all users.

Hacking

Hacking Accountability Scams Cryptocurrency

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

men have been charged with hacking into a U.S. The complaint doesn’t specify which agency portal was hacked, but it does state that the portal included access to law enforcement databases that track narcotics seizures in the United States. federal government portal without authorization.

Hacking

Hacking Government Media Accountability

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. It is possible this incident was not mentioned because it was the work of yet another group of intruders.

Hacking

Hacking Social Engineering Phishing Scams

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Phishing

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. ru , which periodically published hacking tools and exploits for software vulnerabilities. The links have been redacted.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. cryptocurrency holdings online. In December 2022, Troy Woody Jr. attorney general.

Cryptocurrency

Cryptocurrency Government Internet Internet

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months.

Scams

Scams Malware Cryptocurrency Hacking

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. 22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. Urgency should be a giant red flag.

Passwords

Passwords Password Management Phishing Scams

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Nor was he ever forced to improve his master password. ”

Passwords

Passwords Encryption Password Management Cryptocurrency

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers. Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men. In a private message dated Nov.

Scams

Scams Wireless Identity Theft Mobile

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

Security experts say both VPNFilter and Cyclops Blink are the work of a hacking group known as Sandworm or Voodoo Bear , the same Russian team blamed for disrupting Ukraine’s electricity in 2015. SANDWORM AND TRITON. energy facilities. and international companies and entities, including U.S. ” HYDRA. . ” HYDRA.

Marketing

Marketing Energy and Utilities Malware Ransomware

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

This identity has been highly active on Breached and its predecessor RaidForums for more than two years, mostly selling databases from hacked Mexican entities. There was no reason to believe Holistic-K1ller had fabricated their breach claim.

Data breaches

Data breaches Banking Cybercrime Marketing

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

JANUARY 17, 2024

That changed recently when Punchmade’s various video and social media accounts began promoting a new web shop that is selling stolen payment cards and identity data, as well as hacked financial accounts and software for producing counterfeit checks. Punchmade Dev’s shop. Among them is mainpage[.]me/punchmade,

Cybercrime

Cybercrime Media Banking Accountability

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

” According to 911, the service was hacked in early July, and it was discovered that someone manipulated the balances of a large number of user accounts. Its [sic] confirmed that the recharge system was also hacked the same way. “Not sure how did the hacker get in,” the 911 message reads.

Cybercrime

Cybercrime Software VPN Backups

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. The spreadsheet also included the cryptocurrency account numbers that were to be credited each month with SWAT’s earnings.

Cybercrime

Cybercrime Marketing Scams Retail

Discord Admins Hacked by Malicious Bookmarks

Security Boulevard

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. The post Discord Admins Hacked by Malicious Bookmarks appeared first on Security Boulevard.

Hacking

Hacking Cryptocurrency Web Fraud

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

A Google-translated snippet of the hacked ChronoPay Confluence installation. The latest document in the hacked archive is dated April 2021. ” A native of Donetsk, Ukraine, Horohorin told KrebsOnSecurity he hacked and shared the ChronoPay Confluence installation because Vrublevsky had threatened a family member.

Banking

Banking Marketing DDOS Risk

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem.

Mobile

Mobile Government Media Technology

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

While MGM was still trying to evict the intruders from its systems, an individual who claimed to have firsthand knowledge of the hack contacted multiple media outlets to offer interviews about how it all went down. ’s West Midlands Police as part of a joint investigation with the FBI into the MGM hack.

Cybercrime

Cybercrime Accountability Mobile Hacking

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. Unfortunately for Griffin, years ago he used Google Photos to store an image of the secret seed phrase that was protecting his cryptocurrency wallet. Image: Shutterstock, iHaMoo. io ) that mimicked the official Trezor website.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

A Day in the Life of a Prolific Voice Phishing Crew

Trending Sources

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Discord Admins Hacked by Malicious Bookmarks

Two U.S. Men Charged in 2022 Hacking of DEA Portal

When Low-Tech Hacks Cause High-Impact Breaches

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Calendar Meeting Links Used to Spread Mac Malware

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

The Fake Browser Update Scam Gets a Makeover

Lamborghini Carjackers Lured by $243M Cyberheist

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

The Life Cycle of a Breached Database

Interview With a Crypto Scam Investment Spammer

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Two Charged in SIM Swapping, Vishing Scams

Actions Target Russian Govt. Botnet, Hydra Dark Market

When Efforts to Contain a Data Breach Backfire

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

911 Proxy Service Implodes After Disclosing Breach

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Discord Admins Hacked by Malicious Bookmarks

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Fighting Fake EDRs With ‘Credit Ratings’ for Police

The Dark Nexus Between Harm Groups and ‘The Com’

Double-Your-Crypto Scams Share Crypto Scam Host

How to Lose a Fortune with Just One Bad Click

Stay Connected