Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Credit to Author: BrianKrebs| Date: Thu, 19 Dec 2024 17:07:30 +0000

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Read more

How to Lose a Fortune with Just One Bad Click

Credit to Author: BrianKrebs| Date: Wed, 18 Dec 2024 13:17:59 +0000

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Read more

How Cryptocurrency Turns to Cash in Russian Banks

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2024 21:38:48 +0000

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.

Read more

Patch Tuesday, December 2024 Edition

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2024 01:53:13 +0000

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »

Read more

U.S. Offered $10M for Hacker Just Arrested by Russia

Credit to Author: BrianKrebs| Date: Wed, 04 Dec 2024 14:08:45 +0000

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Read more

Hacker in Snowflake Extortions May Be a U.S. Soldier

Credit to Author: BrianKrebs| Date: Wed, 27 Nov 2024 00:45:48 +0000

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Read more

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Credit to Author: BrianKrebs| Date: Thu, 21 Nov 2024 20:13:08 +0000

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.

Read more