Flashpoint – Page 2 – Computer Security Articles

Who is the Network Access Broker ‘Wazawaka?’

February 2, 2022 admin 902228, abakan, abaza, Breadcrumbs, constella intelligence, cs-arena.org, darkside, ddosis.ru, devdelphi@yandex.ru, domaintools, Flashpoint, initial access broker, kopyovo-a, lockbit, mikhail matveev, mikhail mix matveev, mix@devilart.net, mixfb@yandex.ru, Ne'er-Do-Well News, ransomware, uhodiransomware, wazawaka

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.

Independent Krebs

“BriansClub” Hack Rescues 26M Stolen Cards

October 15, 2019 admin Allison Nixon, andrei barysevich, briansclub, briansclub hack, data breaches, Flashpoint, Gemini Advisory, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 15 Oct 2019 11:05:09 +0000

“BriansClub,” a popular underground store for buying stolen credit card data that uses Yours Truly’s likeness in its advertising, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Independent Krebs

Interview With the Guy Who Tried to Frame Me for Heroin Possession

September 25, 2019 admin Flashpoint, fly, Flycracker, muxacc1, Ne'er-Do-Well News, pauch, sergei vovnenko

Credit to Author: BrianKrebs| Date: Thu, 26 Sep 2019 00:28:36 +0000

In April 2013, I received via U.S. mail more than a gram of pure heroin as part of a scheme to get me arrested for drug possession. But the plan failed and the Ukrainian mastermind behind it soon after was imprisoned for unrelated cybercrime offenses. That individual recently gave his first interview since finishing his jail time here in the states, and he’s shared some select (if often abrasive and coarse) details on how he got into cybercrime and why. Below are a few translated excerpts.

Independent Krebs

Why Phone Numbers Stink As Identity Proof

March 17, 2019 admin A Little Sunshine, Allison Nixon, Flashpoint, Security Tools, SIM swap

Credit to Author: BrianKrebs| Date: Sun, 17 Mar 2019 23:25:06 +0000

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Independent Krebs

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

November 13, 2018 admin A Little Sunshine, Abuse.ch, Flashpoint, instagram, Julie Randall, Latest Warnings, Magecart, RiskIQ, Shadowserver, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 13 Nov 2018 16:26:39 +0000

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

Independent Krebs

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

October 29, 2018 admin 419 scams, A Little Sunshine, BEC Mailing List, BEC scams, Business Email Compromise, FBI, Flashpoint, ic3, Internet Crime Complaint Center, M3AAWG, Messaging Malware Mobile Anti-Abuse Working Group, Nigerian prince scams, Ronnie Tokazowski, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 25 Oct 2018 16:11:57 +0000

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, but in truth it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that.

Independent Krebs

Hanging Up on Mobile in the Name of Security

August 16, 2018 admin A Little Sunshine, Allison Nixon, AT&T, Flashpoint, Google Voice, instagram, Joel Ortiz, Michael Terpin, Ne'er-Do-Well News, ogusers, SIM swapping, Sprint, T-Mobile, The Coming Storm, Time to Patch, Twitter, Verizon

Credit to Author: BrianKrebs| Date: Thu, 16 Aug 2018 17:01:36 +0000

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

Independent Krebs

Further Down the Trello Rabbit Hole

June 6, 2018 admin A Little Sunshine, David Shear, Flashpoint, HHS, Maricopa County Department of Public Health, Michael Pryor, National Coordinator for Health Information Technology, Red Hat Linux, Seceon, Trello, Trello privacy settings

Credit to Author: BrianKrebs| Date: Wed, 06 Jun 2018 14:45:13 +0000

Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the major search engines.