Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Credit to Author: BrianKrebs| Date: Thu, 19 Dec 2024 17:07:30 +0000

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Read more

Hacker in Snowflake Extortions May Be a U.S. Soldier

Credit to Author: BrianKrebs| Date: Wed, 27 Nov 2024 00:45:48 +0000

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Read more

Fintech Giant Finastra Investigating Data Breach

Credit to Author: BrianKrebs| Date: Wed, 20 Nov 2024 01:12:15 +0000

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. 

Read more

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Credit to Author: BrianKrebs| Date: Sat, 09 Nov 2024 19:20:26 +0000

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.

Read more

Booking.com Phishers May Leave You With Reservations

Credit to Author: BrianKrebs| Date: Fri, 01 Nov 2024 21:12:38 +0000

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

Read more

Change Healthcare Breach Hits 100M Americans

Credit to Author: BrianKrebs| Date: Wed, 30 Oct 2024 13:34:08 +0000

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.

Read more

The Global Surveillance Free-for-All in Mobile Ad Data

Credit to Author: BrianKrebs| Date: Wed, 23 Oct 2024 11:30:18 +0000

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.

Read more

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Credit to Author: BrianKrebs| Date: Thu, 26 Sep 2024 14:54:07 +0000

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

Read more

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Credit to Author: BrianKrebs| Date: Tue, 27 Aug 2024 14:26:41 +0000

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Read more