Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). banks, ISPs, and mobile phone providers. million customers.

Cybercrime 280

Cybercrime Mobile Media Hacking 280

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency 296

Cryptocurrency Mobile Authentication Accountability 296

Security Affairs

MARCH 10, 2025

This aligns with prior findings that cybercriminals cracked master passwords from LastPass to carry out major heists. DoJ, threat actors may have used private keys extracted by cracking the victim’s password vault stolen from the 2022 security breach suffered by an online password manager. ” reads the complaint.

Password Management 84

Password Management Cryptocurrency Passwords Data breaches 84

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. ” On July 28 and again on Aug.

Mobile 343

Mobile Phishing Authentication Accountability 343

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

The Hacker News

MARCH 1, 2024

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices.

Cryptocurrency 142

Cryptocurrency Phishing Passwords Mobile 142

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile 251

Mobile Cryptocurrency Computers and Electronics Scams 251

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” T-Mobile has not yet responded to requests for comment. .

Mobile 235

Mobile Cyber Risk Data breaches Cryptocurrency 235

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 9, 2024, U.S. According to an Aug.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Krebs on Security

NOVEMBER 3, 2020

Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “ vishing ” attacks and “ SIM swapping ,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men.

Scams 342

Scams Wireless Identity Theft Mobile 342

Krebs on Security

JUNE 27, 2023

But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control.

Cryptocurrency 275

Cryptocurrency Accountability Mobile Hacking 275

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Fake tools and websites for cryptocurrency are common. The site claims: MetaMask cannot recover your password. The MetaMask site is a secret recovery phrase phish.

Cryptocurrency 128

Cryptocurrency Scams Phishing Engineering 128

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Krebs on Security

FEBRUARY 5, 2019

One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit. “Once they had that, they called Verizon customer service and had them reset the password. . Soon after that, his phone went dead.

Cryptocurrency 222

Cryptocurrency Identity Theft Mobile Accountability 222

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile 133

Mobile Data breaches Telecommunications Identity Theft 133

Krebs on Security

MAY 10, 2019

From there, the attackers simply start requesting password reset links via text message for a variety of accounts tied to the hijacked phone number. From there, the attackers simply start requesting password reset links via text message for a variety of accounts tied to the hijacked phone number.

Mobile 255

Mobile Identity Theft Accountability Cryptocurrency 255

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 360

Passwords Accountability Engineering Phishing 360

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency 292

Cryptocurrency Social Engineering Accountability Mobile 292

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers.

Cryptocurrency 294

Cryptocurrency Cybercrime Computers and Electronics Scams 294

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. 14, 2021, by executing an unauthorized SIM-swap that involved an employee at his mobile phone provider who switched Dellone’s phone number over to a new device the attackers controlled.

Cryptocurrency 337

Cryptocurrency Government Cybercrime Accountability 337

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. cryptocurrency holdings online. which shows an LASD deputy unlawfully added E.Z.’s

Cryptocurrency 316

Cryptocurrency Government Internet Internet 316

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 Mobile malware Nearly 248,000 users encountered mobile banking malware in 2024 almost 3.6 of all mobile banker attacks.

Phishing 72

Phishing Banking Scams Mobile 72

Krebs on Security

MARCH 17, 2019

Nixon said much of her perspective on mobile identity is colored by the lens of her work, which has her identifying some of the biggest criminals involved in hijacking phone numbers via SIM swapping attacks. Many major providers still let people reset their passwords with just a text message.

Accountability 277

Accountability Passwords Mobile Banking 277

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 330

Hacking Social Engineering Phishing Scams 330

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. Constella also shows the email address zankomario@gmail.com used the password “dugidox2407.” ” Mr.

DNS 313

DNS Cybercrime Passwords Accountability 313

Krebs on Security

SEPTEMBER 13, 2024

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account.

Cybercrime 325

Cybercrime Accountability Mobile Hacking 325

Malwarebytes

JUNE 3, 2024

Password [ **] USDT Balance 1,660,086.50 Malwarebytes blocked the domain for fraud To fully understand the message, it’s good to know that USTD stands for Tether , a cryptocurrency referred to as a stablecoin because its value is pegged to a flat currency. I received one message from a number hailing from the Togolese Republic.

Cryptocurrency 108

Cryptocurrency Scams Accountability Banking 108

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S.

Cryptocurrency 106

Cryptocurrency Identity Theft Accountability Media 106

Krebs on Security

JULY 26, 2021

02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor. Investigators say O’Connor was involved in a “SIM swap” against Thorne’s mobile phone number. From there, the attackers can reset the password for any online account that allows password resets via SMS. BAD REACTION.

Media 353

Media Hacking Accountability Scams 353

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Internet 111

Internet Internet Passwords Malware 111

Malwarebytes

DECEMBER 20, 2022

If you’re a user of the Gemini cryptocurrency exchange, it’s time to be on your guard against phishing attacks. Breaches in cryptocurrency land are always a major issue. Some folks have their life savings and investments in these realms, and cryptocurrency/Web3 phishing generally has been running riot for some time now.

Cryptocurrency 90

Cryptocurrency Phishing Scams Accountability 90

The Last Watchdog

SEPTEMBER 6, 2023

Over time, Bitcoin has become the most widely used cryptocurrency in the world. These wallets are available in a variety of formats, including hardware wallets, online wallets, mobile wallets, and desktop wallets. Use strong passwords, 2FA. Select a reliable wallet. Update frequently.

Cryptocurrency 100

Cryptocurrency Backups Passwords Software 100

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. “They were calling up consumer service and tech support personnel, instructing them to reset their passwords.

Social Engineering 293

Social Engineering Phishing Engineering Accountability 293

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. Pierluigi Paganini.

Cryptocurrency 111

Cryptocurrency Malware Ransomware Cybercrime 111

SecureList

FEBRUARY 5, 2025

The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2. We suspect that mobile users in other regions besides Europe and Asia may have been targeted by this malicious campaign as well. HEUR:Trojan.AndroidOS.SparkCat.*

Malware 139

Malware Encryption Mobile Cryptocurrency 139

Security Boulevard

MARCH 24, 2025

Privacy Services Cape opens $99/month beta of its privacy-first mobile plan, inks Proton deal, raises $30M TechCrunch I usually don't include beta software on in this series (or really on avoidthehack) or early-stage startups because things in those early-stages go through such turbulence. They also have appeared to partner with Proton.

Surveillance 75

Surveillance Telecommunications Data breaches Malware 75