Cybercrime, Data breaches and Web Fraud

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation.

Data breaches

Data breaches Banking Cybercrime Marketing

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

” Perm is the current administrator of Star Fraud , one of the more consequential cybercrime communities on Telegram and one that has emerged as a foundry of innovation in voice phishing attacks. As we’ll see in a moment, that phishing kit is operated and rented out by a cybercriminal known as “ Perm ” a.k.a.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. Until recently, the so-called “ Smishing Triad ” mainly impersonated toll road operators and shipping companies. Image: Prodaft. Image: Prodaft.

Banking

Banking Phishing Mobile Retail

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Department of Justice in April.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The 911 service as it existed until July 28, 2022.

Cybercrime

Cybercrime Software VPN Backups

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. .”

Passwords

Passwords Password Management Phishing Scams

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. In early 2022, a video surfaced on a popular cybercrime channel purporting to show attackers hurling a brick through a window at an address that matches the spacious and upscale home of Urban’s parents in Sanford, Fl.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The answer involved Bitcoin, but also Taleon’s new service.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

RaidForums Gets Raided, Alleged Admin Arrested

Krebs on Security

APRIL 12, 2022

Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015.

Government

Government Identity Theft Mobile Data breaches

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

JANUARY 25, 2023

The tip about the Experian weakness came from Jenya Kushnir , a security researcher living in Ukraine who said he discovered the method being used by identity thieves after spending time on Telegram chat channels dedicated to cybercrime.

Cybercrime

Cybercrime Web Fraud Data breaches

When Efforts to Contain a Data Breach Backfire

Security Boulevard

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation.

Data breaches

Data breaches Banking Cybercrime Cybersecurity

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

Constella Intelligence , a data breach and threat actor research platform, now allows users to cross-reference popular cybercrime websites and denizens of these forums with inadvertent malware infections by information-stealing trojans.

Phishing

Phishing Passwords Hacking Internet

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

in cybercrime forums, Telegram channels throughout 2020. “There’s been a real shift in the market from data-centric identity verification to verifying through something you have and something you are, like a phone or face or ID,” he said. protections. Mentions of id.me Source: Flashpoint-intel.com.

Scams

Scams Insurance DDOS Authentication

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

Constella Intelligence , a security firm that indexes passwords and other personal information exposed in past data breaches, revealed dozens of variations on email addresses used by Alexander I. Ukraincki ,” whose personal information also is included in the domains tpos[.]ru ru and alphadisplay[.]ru, Ukraincki over the years.

Passwords

Passwords Malware Internet Internet

RaidForums Gets Raided, Alleged Admin Arrested

Security Boulevard

APRIL 12, 2022

Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largest data breaches since 2015.

Identity Theft

Identity Theft Data breaches Cybercrime Web Fraud

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Security Boulevard

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.

Hacking

Hacking Cybercrime Accountability Web Fraud

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Mobile

Mobile Phishing Authentication Advertising

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

The security firm CrowdStrike dubbed the group “ Scattered Spider ,” a recognition that the MGM hackers came from different hacker cliques scattered across an ocean of Telegram and Discord servers dedicated to financially-oriented cybercrime. ” Beige members were implicated in two stories published here in 2020.

Cybercrime

Cybercrime Accountability Mobile Hacking

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

JULY 16, 2019

For at least the past decade, a computer crook variously known as “ Yalishanda ,” “ Downlow ” and “ Stas_vl ” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers.

Cybercrime

Cybercrime Phishing Banking Malware

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

OCTOBER 15, 2019

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground. The leaked data shows that in 2015, BriansClub added just 1.7 THE TARGET BREACH OF THE UNDERGROUND?

Hacking

Hacking Cybercrime Marketing Banking

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

” On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo.

Malware

Malware eCommerce Mobile Media

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

.” Indeed, a screenshot of the ViLE group website includes the group’s official roster, which lists KT at the top, followed by Weep and Ominus. A screenshot of the website for the cybercriminal group “ViLE.” ” Image: USDOJ.

Hacking

Hacking Government Media Accountability

Cyber Security Informer

When Efforts to Contain a Data Breach Backfire

A Day in the Life of a Prolific Voice Phishing Crew

Webinars

Trending Sources

China-based SMS Phishing Triad Pivots to Banks

Webinars

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

911 Proxy Service Implodes After Disclosing Breach

The Life Cycle of a Breached Database

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

RaidForums Gets Raided, Alleged Admin Arrested

Experian Glitch Exposing Credit Files Lasted 47 Days

When Efforts to Contain a Data Breach Backfire

Karma Catches Up to Global Phishing Service 16Shop

How $100M in Jobless Claims Went to Inmates

The Link Between AWM Proxy & the Glupteba Botnet

RaidForums Gets Raided, Alleged Admin Arrested

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

The Dark Nexus Between Harm Groups and ‘The Com’

Meet the World’s Biggest ‘Bulletproof’ Hoster

“BriansClub” Hack Rescues 26M Stolen Cards

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Stay Connected