Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. capital).

Malware 329

Malware Cryptocurrency Software Phishing 329

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 276

Phishing Cryptocurrency DDOS Internet 276

Krebs on Security

JULY 26, 2024

Google said the now-fixed authentication bypass is unrelated to a recent issue involving cryptocurrency-based domain names that were apparently compromised in their transition to Squarespace , which last year acquired more than 10 million domains that were registered via Google Domains.

Accountability 322

Accountability Authentication Cryptocurrency Web Fraud 322

Krebs on Security

JULY 21, 2022

“The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. Many of these platforms include extensive study materials and tutorials on cryptocurrency investing.

Scams 333

Scams Cryptocurrency Marketing Internet 333

Krebs on Security

OCTOBER 15, 2022

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

Cryptocurrency 296

Cryptocurrency Marketing Cybercrime Technology 296

Krebs on Security

SEPTEMBER 26, 2024

The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. Holden has long maintained visibility into cryptocurrency transactions made by BriansClub. The links have been redacted.

Cryptocurrency 297

Cryptocurrency Cybercrime Retail Government 297

Krebs on Security

JUNE 15, 2024

One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

Hacking 337

Hacking Cybercrime Phishing Passwords 337

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

Krebs on Security

JULY 15, 2024

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network , Compound Finance , Pendle Finance , and Unstoppable Domains.

Accountability 331

Accountability Cryptocurrency Passwords DNS 331

Krebs on Security

OCTOBER 20, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed , as part of an elaborate scheme to land jobs at cryptocurrency firms. Up until Sept.

Accountability 324

Accountability Cryptocurrency Scams CISO 324

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. Image: Trend Micro.

Accountability 256

Accountability Scams Cryptocurrency Advertising 256

Krebs on Security

OCTOBER 18, 2023

New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams 336

Scams Malware Cryptocurrency Hacking 336

Krebs on Security

SEPTEMBER 22, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Nor was he ever forced to improve his master password.

Passwords 324

Passwords Encryption Password Management Cryptocurrency 324

Krebs on Security

OCTOBER 13, 2021

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. ” Last month, Coinbase disclosed that malicious hackers stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

Passwords 363

Passwords Phishing Accountability Mobile 363

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. On May 9, MetrixCoin reported that its Discord server was hacked, with fake airdrop details pushed to all users.

Hacking 342

Hacking Accountability Scams Cryptocurrency 342

Krebs on Security

AUGUST 30, 2022

12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. .” On July 28 and again on Aug. 7, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group. According to an Aug. In an Aug.

Mobile 341

Mobile Phishing Authentication Accountability 341

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

Krebs on Security

NOVEMBER 3, 2020

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers. Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men.

Scams 343

Scams Wireless Identity Theft Mobile 343

Krebs on Security

OCTOBER 5, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.

Accountability 317

Accountability Scams Artificial Intelligence Cryptocurrency 317

Krebs on Security

SEPTEMBER 30, 2022

None of the profiles listed here responded to requests for comment (or to become a connection). In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down. of spam and scam.”

CISO 345

CISO Cybercrime Accountability Information Security 345

Krebs on Security

JULY 29, 2021

22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. Allison Nixon , chief research officer with New York City-based cyber intelligence firm Unit221B , recalled what happened in the weeks leading up to Dec.

Passwords 363

Passwords Password Management Phishing Scams 363

Krebs on Security

AUGUST 16, 2022

It is true that a large number of hacked databases put up for sale on the cybercrime underground are sold only after a small subset of in-the-know thieves have harvested all of the low-hanging fruit in the data — e.g., access to cryptocurrency accounts or user credentials that are recycled across multiple websites.

Data breaches 323

Data breaches Banking Cybercrime Marketing 323

Krebs on Security

JANUARY 17, 2024

Purchases can be made in cryptocurrencies, and checking out prompts one to continue payment at Coinbase.com. Clicking “purchase” on the C@sh App offering, for example, shows that for $80 the buyer will receive logins to Cash App accounts with balances between $3,000 and $5,000. ” the site promises.

Cybercrime 325

Cybercrime Media Banking Accountability 325

Krebs on Security

APRIL 7, 2022

Treasury sanctioned a number of cryptocurrency wallets associated with Hydra and with a virtual currency exchange called “ Garantex ,” which the agency says processed more than $100 million in transactions associated with illicit actors and darknet markets.

Marketing 305

Marketing Energy and Utilities Malware Ransomware 305

Krebs on Security

JULY 29, 2022

In the meantime, 911’s absence may coincide with a measurable (if only short-lived) reprieve in unwanted traffic to top Internet destinations, including banks, retailers and cryptocurrency platforms, as many former customers of the proxy service scramble to make alternative arrangements.

Cybercrime 321

Cybercrime Software VPN Backups 321

Krebs on Security

FEBRUARY 26, 2023

Absent from GoDaddy’s SEC statement is another spate of attacks in November 2020, in which unknown intruders redirected email and web traffic for multiple cryptocurrency services that used GoDaddy in some capacity. It is possible this incident was not mentioned because it was the work of yet another group of intruders.

Hacking 328

Hacking Social Engineering Phishing Scams 328

Krebs on Security

DECEMBER 5, 2022

Collectively, the tens of thousands of systems infected with Glupteba on any given day feed into a number of major cybercriminal businesses: The botnet’s proprietors sell the credential data they steal, use the botnet to place disruptive ads on the infected computers, and mine cryptocurrencies.

Cybercrime 298

Cybercrime Malware Internet Internet 298

Krebs on Security

MARCH 22, 2022

Inferno Pay, a cryptocurrency and payment API allegedly operated by the ChronoPay CEO. “The services of Inferno Pay, whose commission came to 30% of the transaction, were actively used by online casinos,” Kommersant wrote on Mar.

Banking 233

Banking Marketing DDOS Risk 233

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS 126

DDOS Cryptocurrency Data breaches Scams 126

Security Boulevard

OCTOBER 15, 2022

AMLBot, a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

Cryptocurrency 69

Cryptocurrency Cybercrime Technology Web Fraud 69

Security Boulevard

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. The post Discord Admins Hacked by Malicious Bookmarks appeared first on Security Boulevard.

Hacking 59

Hacking Cryptocurrency Web Fraud 59

Security Boulevard

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms.

Scams 64

Scams Cryptocurrency Accountability Software 64

Security Boulevard

AUGUST 13, 2021

Two new dark web services are marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity.

Cryptocurrency 52

Cryptocurrency Marketing Web Fraud 52

Security Boulevard

JULY 21, 2022

The post Massive Losses Define Epidemic of ‘Pig Butchering’ appeared first on Security Boulevard.

Cryptocurrency 59

Cryptocurrency Scams Web Fraud Marketing 59

Security Boulevard

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers.

Scams 52

Scams Cryptocurrency Web Fraud 52

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. cryptocurrency holdings online. In December 2022, Troy Woody Jr. attorney general.

Cryptocurrency 315

Cryptocurrency Government Internet Internet 315

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency 291

Cryptocurrency Social Engineering Accountability Mobile 291