Security News

The Russian FSB has identified the entire criminal enterprise known as "REvil". Police raids on 25 addresses in at least Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk.

Cybersecurity Myths vs. Truths Myth #1 - Too much security diminishes productivity. There is a common idea that increased security makes it difficult for even employees to access what they need, not just hackers.

A 30-year-old alleged sports content pirate in Minneapolis, Minn., has found himself on the receiving end of a criminal complaint alleging that he not only stole user account credentials and sold access to pirated sports content. According to prosecutors, the MLB lost at least $2,995,272 due to Streit's alleged theft of games.

Authorities in Ukraine have made another cybersecurity bust - this time shutting down what they said is one of the largest underground cryptomining operations ever found. Stealing the vast amounts of electricity needed to power the computer farms required to mine cryptocurrency is most definitely prohibited.

A Moroccan man suspected of being "Dr HeX" - the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding - has been arrested. Interpol announced the bust - which took place in Morocco in May - on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums.

You don't need to be fluent in Ukrainian to understand the shouted command: "Open up, Police!". At which point the door opens outwards, slowly and tentatively, and the raid is ON! According to the Ukrainian police, law enforcement officers conducted 21 searches in the capital and Kyiv region.

Alleged malware coder from the Trickbot gang arrested. 5500 passwords cracked and salaries stolen by "Credential stuffing" crook.

In a huge sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an "Encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. "For almost three years, the AFP and the FBI have monitored criminals' encrypted communications over a Dedicated Encrypted Communications Platform," AFP said.

Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. Oh! No! of the week.

As Naked Security readers have pointed out before, you don't always know in advance which courier company an online vendor might might use, so even if the crooks send you a fake message from a company you wouldn't normally expect, it's easy to fall for it. The trick you see in the "Pay page" above is very common: to set your mind at rest, the crooks ask for very little money, typically from about 99 cents up to amounts such as £1.49, €1.99 or, as shown above, $3. The idea is that the modest fee sounds believable, and it might feels at though it's worth the risk of paying out the money anyway, given that it's only a few dollars, in case it is a real delivery and you miss out.