Schneier on Security

SEPTEMBER 9, 2022

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found?

Cryptocurrency 246

Cryptocurrency Software Engineering Passwords 246

Schneier on Security

JANUARY 3, 2020

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. tk third-party website.

Cryptocurrency 186

Cryptocurrency Passwords Risk 186

Krebs on Security

NOVEMBER 21, 2024

The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. According to prosecutors, the group mainly sought to steal cryptocurrency from victim companies and their employees. Tylerb was reputed to have fled the United Kingdom after that assault.

Identity Theft 250

Identity Theft Phishing Cryptocurrency Accountability 250

Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. 13, with an attack on cryptocurrency trading platform liquid.com. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency 360

Cryptocurrency Passwords Encryption Accountability 360

SecureList

NOVEMBER 6, 2024

Type of data Details Browser data Cookies, credit cards, location, search history Software Installed software, antivirus solutions, running services, installed addons System info Build date (if possible), version, revision, installation date Network info Wireless interfaces, networks and passwords (extracted as plaintext) SIM SIM-card data (if applicable) (..)

Software 124

Software Cryptocurrency Malware DNS 124

Adam Levin

MAY 5, 2020

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems. The post Ghost Blogging Platform Hacked To Mine Cryptocurrency appeared first on Adam Levin.

Cryptocurrency 162

Cryptocurrency Hacking System Administration Passwords 162

Security Affairs

MARCH 10, 2025

This aligns with prior findings that cybercriminals cracked master passwords from LastPass to carry out major heists. DoJ, threat actors may have used private keys extracted by cracking the victim’s password vault stolen from the 2022 security breach suffered by an online password manager. ” reads the complaint.

Password Management 87

Password Management Cryptocurrency Passwords Data breaches 87

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov

Malware 116

Malware Scams Identity Theft Antivirus 116

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

Hacking 331

Hacking Cybercrime Phishing Passwords 331

CyberSecurity Insiders

NOVEMBER 26, 2021

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers. The post Compromised cloud accounts leading to Cryptocurrency mining appeared first on Cybersecurity Insiders.

Cryptocurrency 131

Cryptocurrency Accountability Passwords Software 131

The Hacker News

MARCH 1, 2024

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices.

Cryptocurrency 142

Cryptocurrency Phishing Passwords Mobile 142

Malwarebytes

MARCH 18, 2025

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. These two malware families have wreaked havoc, pillaging victims’ personal data and enabling their distributors to make substantial gains, mostly by taking over cryptocurrency wallets.

Cryptocurrency 116

Cryptocurrency Malware Scams Antivirus 116

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Fake tools and websites for cryptocurrency are common. The site claims: MetaMask cannot recover your password. You can paste your entire secret recovery phrase below.

Cryptocurrency 131

Cryptocurrency Scams Phishing Engineering 131

Krebs on Security

NOVEMBER 14, 2024

Hydra trafficked in illegal drugs and financial services, including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. “Hi, how are you?” ” he inquired. “Maybe we can open business?

Retail 253

Retail Advertising Cryptocurrency Cybercrime 253

Tech Republic Security

JULY 6, 2023

The post New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers appeared first on TechRepublic. Learn how the Meduza Stealer malware works, what it targets and how to protect your company from this cybersecurity threat.

Password Management 207

Password Management Passwords Malware Cybersecurity 207

Schneier on Security

AUGUST 24, 2020

This week Stuart Schechter, a computer scientist at the University of California, Berkeley, is launching DiceKeys, a simple kit for physically generating a single super-secure key that can serve as the basis for creating all the most important passwords in your life for years or even decades to come.

Passwords 257

Passwords Cryptocurrency Password Management Authentication 257

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. It specializes in stealing credentials stored in most browsers, session cookie theft for platforms like Discord and Steam, and information theft related to cryptocurrency wallets.

Scams 142

Scams Identity Theft Media Accountability 142

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Malware 143

Malware Cryptocurrency Encryption Passwords 143

Security Affairs

NOVEMBER 21, 2024

Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 110

Cybercrime Identity Theft Cryptocurrency Phishing 110

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords 363

Passwords Password Management Phishing Scams 363

The Hacker News

AUGUST 14, 2024

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.

Passwords 137

Passwords IoT Cryptocurrency Cybersecurity 137

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.

Encryption 116

Encryption Password Management Social Engineering Cryptocurrency 116

Bleeping Computer

FEBRUARY 7, 2024

A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. [.]

Passwords 125

Passwords Malware Cryptocurrency Advertising 125

Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency 291

Cryptocurrency Mobile Authentication Accountability 291

Approachable Cyber Threats

MARCH 1, 2022

Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table. Hackers solve this problem by cracking the passwords instead. Keep reading!

Passwords 145

Passwords Software Internet Internet 145

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. “Sorry, change password please.”

Cryptocurrency 133

Cryptocurrency Scams Accountability Hacking 133

Penetration Testing

MARCH 11, 2024

A dangerous new malware named Planet Stealer is making its rounds in the cybercriminal underworld, and security experts warn that your passwords, cryptocurrency wallets, and other sensitive information could be in its sights.

Passwords 130

Passwords Penetration Testing Malware Risk 130

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 357

Passwords Accountability Engineering Phishing 357

Krebs on Security

JULY 15, 2024

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network , Compound Finance , Pendle Finance , and Unstoppable Domains. What’s more, Monahan said, Squarespace did not require email verification for new accounts created with a password.

Accountability 325

Accountability Cryptocurrency Passwords DNS 325

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft.

Cryptocurrency 133

Cryptocurrency Phishing Accountability VPN 133

Security Affairs

MARCH 4, 2025

Threat actors use weak credential brute force to gain access to target systems, then deploy cryptocurrency miners and crimeware with capabilities like data exfiltration, persistence, self-termination, and pivot attacks. The folder also contains text files listing over 4,000 target IPs and passwords, focusing on ISPs in China and the U.S.

Cryptocurrency 106

Cryptocurrency Malware Passwords Hacking 106

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection. Archive file and its contents.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords 129

Passwords Software Firmware Malware 129

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. capital).

Malware 323

Malware Cryptocurrency Software Phishing 323

Krebs on Security

JUNE 27, 2023

But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control.

Cryptocurrency 269

Cryptocurrency Accountability Mobile Hacking 269