How Coinbase Phishers Steal One-Time Passwords

Credit to Author: BrianKrebs| Date: Wed, 13 Oct 2021 14:27:40 +0000

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Read more

Does Your Organization Have a Security.txt File?

Credit to Author: BrianKrebs| Date: Mon, 20 Sep 2021 21:57:27 +0000

It happens all the time: Organizations get hacked because there isn’t an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn’t entirely clear who should get the report when remote access to an organization’s internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting “Security.txt,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.

Read more

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Credit to Author: BrianKrebs| Date: Thu, 08 Jul 2021 15:22:58 +0000

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Read more

How Does One Get Hired by a Top Cybercrime Gang?

Credit to Author: BrianKrebs| Date: Tue, 15 Jun 2021 15:41:26 +0000

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers.

Read more

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Credit to Author: BrianKrebs| Date: Thu, 29 Oct 2020 00:43:30 +0000

On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”

Read more

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Credit to Author: BrianKrebs| Date: Wed, 28 Oct 2020 16:58:55 +0000

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of clients globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Read more

Report: U.S. Cyber Command Behind Trickbot Tricks

Credit to Author: BrianKrebs| Date: Sat, 10 Oct 2020 04:47:09 +0000

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command.

Read more

Attacks Aimed at Disrupting the Trickbot Botnet

Credit to Author: BrianKrebs| Date: Fri, 02 Oct 2020 18:20:26 +0000

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Read more