Cryptocurrency, Passwords and Telecommunications

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). Other frequent targets of the Beige group included employees at numerous top U.S.

Cybercrime

Cybercrime Mobile Media Hacking

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

but given the Salt Typhoon breach and the apparent lackluster security practices and culture at just about every American telecommunications company, this was too interesting to ignore. Cape is a mobile carrier startup claiming to provide a more secure and private service alternative to traditional telecommunications services.

Surveillance

Surveillance Telecommunications Malware Data breaches

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Data breaches Telecommunications Accountability

Store manager admits SIM swapping his customers

Malwarebytes

MARCH 19, 2024

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. Katz pleaded guilty before Chief U.S.

Social Engineering

Social Engineering Computers and Electronics Mobile Identity Theft

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Use a variation of unique passwords to access online accounts.

Mobile

Mobile Cryptocurrency Accountability Passwords

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

The botnet is used to launch brute-force attacks against MSSQL databases to take over servers and install Monero and Vollar cryptocurrency miners. The botnet tatgeted victims in various industries, including healthcare, aviation, IT & telecommunications and higher education sectors. and Windows Script Host Object Model (wshom). .

Advertising

Advertising Telecommunications Passwords Malware

Nvidia, the ransomware breach with some plot twists

Malwarebytes

MARCH 3, 2022

The LAPSUS$ group is a relative newcomer to the ransomware scene, but it has made a name for itself by bringing down big targets like Impresa, the largest media conglomerate in Portugal, Brazil’s Ministry of Health, and Brazilian telecommunications operator Claro. The passwords and email addresses of some 70k employees were involved.

Ransomware

Ransomware Password Management Passwords Hacking

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries. Primarily, that includes any social media and email accounts, as well as associated financial instruments such as bank accounts and any cryptocurrencies.

Phishing

Phishing VPN Social Engineering Media

800 arrests after police dupe crime groups into using backdoored phones

Malwarebytes

JUNE 8, 2021

The goal of the new platform was to target global organized crime, drug trafficking, and money laundering organizations, regardless of where they operated, with an encrypted device that had features that would appeal to organized crime networks, such as remote wipe and duress passwords , to persuade criminal networks to pivot to the device.

Encryption

Encryption Telecommunications Cryptocurrency Advertising

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Cryptographic keys can be random numbers, products of large prime numbers, points on an ellipse, or a password generated by a user. ECC is used for email encryption, cryptocurrency digital signatures, and internet communication protocols. While the math remains the same, unique cryptographic keys generate unique ciphertext.

Encryption

Encryption Passwords IoT Firewall

Caught in the Act: StealC, the Cyber Thief in C

Security Boulevard

JULY 15, 2024

StealC is an information stealer capable of exfiltrating a variety of confidential information, including passwords, emails, and cryptocurrency wallets. It’s been available for less than two years as a Malware-as-a-Service product, and is a regular occurrence in HYAS malware detonations.

Malware

Malware Encryption Telecommunications DNS

Ten Years Later, New Clues in the Target Breach

Krebs on Security

DECEMBER 14, 2023

Even if one managed to steal (or guess) a user’s DirectConnection password, the login page could not be reached unless the visitor also possessed a special browser certificate that the forum administrator gave only to approved members. A screen shot of the org chart from ChronoPay’s MegaPlan Intranet system. WHERE ARE THEY NOW?

Cybercrime

Cybercrime Accountability Advertising Computers and Electronics

The Crypto Game of Lazarus APT: Investors vs. Zero-days

SecureList

OCTOBER 23, 2024

Attackers’ accounts on X One of the tactics used by the attackers was to contact influential figures in the cryptocurrency space to get them to promote their malicious website and most likely to also compromise them. Is that really all this game has to offer?

Engineering

Engineering Social Engineering Accountability Cryptocurrency

Cyber Security Informer

Canadian Man Arrested in Snowflake Data Extortions

Happy 13th Birthday, KrebsOnSecurity!

Trending Sources

Privacy Roundup: Week 12 of Year 2025

T-Mobile customers were hit with SIM swapping attacks

Store manager admits SIM swapping his customers

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Nvidia, the ransomware breach with some plot twists

Voice Phishers Targeting Corporate VPNs

800 arrests after police dupe crime groups into using backdoored phones

What Is Encryption? Definition, How it Works, & Examples

Caught in the Act: StealC, the Cyber Thief in C

Ten Years Later, New Clues in the Target Breach

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Stay Connected