Schneier on Security

AUGUST 19, 2021

It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000.

Mobile 363

Mobile Data breaches Phishing Cybercrime 363

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up!

Mobile 341

Mobile Phishing Authentication Advertising 341

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information.

Phishing 362

Phishing Cybercrime Accountability Advertising 362

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile 340

Mobile Accountability Data breaches Identity Theft 340

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 331

Phishing Scams Banking Mobile 331

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing 115

Phishing Artificial Intelligence Password Management Accountability 115

Schneier on Security

JUNE 4, 2019

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. Several new cybercrimes are significant enough to mention, including business email compromise and crimes involving cryptocurrencies. and more on response.

Cybercrime 251

Cybercrime Scams Cryptocurrency Antivirus 251

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. A fake browser update page pushing mobile malware. The bulletproof hosting provider BEARHOST.

Malware 244

Malware Antivirus Software DDOS 244

Krebs on Security

AUGUST 18, 2021

T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-Mobile hasn’t yet responded to requests for clarification regarding how many of the 7.8

Mobile 264

Mobile Identity Theft Accountability Cybercrime 264

Security Affairs

SEPTEMBER 21, 2024

A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using a phishing platform.

Mobile 132

Mobile Phishing Computers and Electronics Marketing 132

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Automated mobile farms that deploy phishing messages at scale.

Phishing 58

Phishing Scams Cybercrime Retail 58

Security Affairs

NOVEMBER 25, 2024

Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. ” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group.

Mobile 123

Mobile Scams Technology Telecommunications 123

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). SMS campaigns sent phishing links indiscriminately to Czech phone numbers.

Phishing 132

Phishing Mobile Banking Social Engineering 132

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow.

Cybercrime 143

Cybercrime Small Business Data breaches Mobile 143

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., On July 28 and again on Aug. According to an Aug.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes. This scenario follows the common phishing tactics: strike at personal interest.

Scams 82

Scams Social Engineering Mobile Phishing 82

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Security Affairs

MARCH 21, 2025

Law Enforcement and Cybercrime Control Russian authorities may want to monitor criminal organizations, opposition groups, or foreign entities using Telegram. Zero-day prices have risen as the level of security of messaging apps and mobile devices becomes harder to hack. continues the announcement.

Government 144

Government Surveillance Mobile Hacking 144

Hacker Combat

SEPTEMBER 14, 2022

With an enterprise-grade iPhone protection app, mobile phishing defense firm novoShield has come out of hiding. According to novoShield, the new solution was created to shield organizations and end users against the rising amount of phishing attempts. The Apple AppStore already has the iPhone application.

Mobile 105

Mobile Phishing Cybercrime Risk 105

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. The OTP interception service featured earlier this year — Otp[.]agency

Passwords 346

Passwords Mobile Authentication Banking 346

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing 141

Phishing Cybercrime Mobile Internet 141

Security Affairs

JUNE 7, 2021

“Over the past month, operators of one of the top Russian-language cybercrime forums have been running a “contest,” calling for the community to submit papers that examine how to target cryptocurrency-related technology.” ” reads a post published by Intel 471. ” Follow me on Twitter: @securityaffairs and Facebook.

Cryptocurrency 144

Cryptocurrency Cybercrime Hacking Technology 144

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Krebs on Security

AUGUST 25, 2023

And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. 19, 2023, someone targeted a T-Mobile phone number belonging to a Kroll employee “in a highly sophisticated ‘SIM swapping’ attack.” ” T-Mobile has not yet responded to requests for comment. .

Mobile 235

Mobile Cyber Risk Data breaches Cryptocurrency 235

SecureWorld News

MARCH 18, 2025

Some reports indicate that Chinese smishing groups are selling SMS phishing kits, enabling scammers to efficiently spoof toll operators and target users in multiple states, including Massachusetts, Florida, and Texas. 84% of IT leaders globally recognize that phishing and smishing have become harder to detect due to AI-powered tools.

Scams 84

Scams Mobile Phishing Education 84

Security Affairs

FEBRUARY 28, 2020

An interesting report published by RiskIQ on 2019 Mobile App Threat Landscape, lists the most dangerous mobile app store online. Mobile users downloaded over 200 billion apps in 2019 and the overall expense in app stores worldwide has been estimated in more than $120 billion. ” concludes RiskIQ. Pierluigi Paganini.

Mobile 143

Mobile Advertising Cybercrime Phishing 143

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 74

Phishing Banking Scams Mobile 74

Security Affairs

DECEMBER 21, 2023

More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. In the wrong hands, this data can be exploited for financial gain.

Mobile 134

Mobile Identity Theft Passwords Phishing 134

Security Affairs

DECEMBER 28, 2020

Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Ho mobile is an Italian mobile telephone service offered by Vodafone Enabler Italia, an Italian virtual mobile telephone operator. SecurityAffairs – hacking, Ho Mobile).

Mobile 141

Mobile Banking Data breaches Phishing 141

Security Boulevard

DECEMBER 14, 2021

Phishing scams continue to top the list of cybercrimes. Phishing attacks account for more than 80% of reported security incidents. have experienced a successful phishing. have experienced a successful phishing. The post Preparing for Evolving Phishing Scams appeared first on Security Boulevard.

Scams 126

Scams Phishing Social Engineering Cybercrime 126

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 332

Malware Banking Phishing DDOS 332

Krebs on Security

SEPTEMBER 13, 2024

The security firm CrowdStrike dubbed the group “ Scattered Spider ,” a recognition that the MGM hackers came from different hacker cliques scattered across an ocean of Telegram and Discord servers dedicated to financially-oriented cybercrime.

Cybercrime 322

Cybercrime Accountability Mobile Hacking 322

CyberSecurity Insiders

JANUARY 3, 2023

Already some have used the OpenAI platform to have ChatGPT write phishing emails and insert malicious links. The emails don’t have the usual spelling, grammar, and syntax errors that today’s phishing messages composed by non-native-English speakers tend to contain – errors that serve as a tip-off to recipients.

Technology 135

Technology Cybercrime Artificial Intelligence Government 135

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 98

Phishing Cybercrime Authentication Advertising 98

eSecurity Planet

SEPTEMBER 3, 2021

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. Therein lies a key issue raised by the phishing campaign.

Phishing 142

Phishing Architecture Education Marketing 142

Security Boulevard

AUGUST 23, 2021

The post AI-Fueled Deep Fakes Signal New Era of Cybercrime appeared first on Security Boulevard. Events like the 2020 U.S. elections or COVID-19 vaccinations highlight how political opponents and rogue nations actively practice disinformation campaigns to undermine confidence in governments and science, sowing.

Cybercrime 145

Cybercrime Government Social Engineering Engineering 145

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries.

Phishing 108

Phishing Mobile Encryption Technology 108