Security News

Clop ransomware suspects busted in Ukraine, money and motors seized
2021-06-16 18:44

You don't need to be fluent in Ukrainian to understand the shouted command: "Open up, Police!". At which point the door opens outwards, slowly and tentatively, and the raid is ON! According to the Ukrainian police, law enforcement officers conducted 21 searches in the capital and Kyiv region.

S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast]
2021-06-10 19:59

Alleged malware coder from the Trickbot gang arrested. 5500 passwords cracked and salaries stolen by "Credential stuffing" crook.

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals
2021-06-09 20:44

In a huge sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an "Encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. "For almost three years, the AFP and the FBI have monitored criminals' encrypted communications over a Dedicated Encrypted Communications Platform," AFP said.

S3 Ep34: Apple bugs, scammers busted, and how crooks bypass 2FA [Podcast]
2021-05-26 18:56

Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. Oh! No! of the week.

Eight suspects busted in raid on “home delivery” scamming operation
2021-05-25 01:15

As Naked Security readers have pointed out before, you don't always know in advance which courier company an online vendor might might use, so even if the crooks send you a fake message from a company you wouldn't normally expect, it's easy to fall for it. The trick you see in the "Pay page" above is very common: to set your mind at rest, the crooks ask for very little money, typically from about 99 cents up to amounts such as £1.49, €1.99 or, as shown above, $3. The idea is that the modest fee sounds believable, and it might feels at though it's worth the risk of paying out the money anyway, given that it's only a few dollars, in case it is a real delivery and you miss out.

Egregor ransomware criminals allegedly busted in Ukraine
2021-02-15 18:40

According to a report from radio station France Inter, numerous cybercriminals connected to the Egregor ransomware gang have recently been arrested. Since Tuesday [last week], police in the two countries have been working together in an effort to dismantle a cybercrime group suspected of initiating hundreds of ransomware attacks dating back to September 2020.[] Police arrested a number of hackers suspected of working with the Egregor cybercrime gang, providing hacking, logistical, and financial support.

Cybercrime Money-launders Busted by European Police, FBI
2020-10-15 19:42

European and American officials said Thursday that they have arrested 20 people in several countries for allegedly belonging to an international ring that laundered millions of euros stolen by cybercriminals through malware schemes. The international police operation "2BaGoldMule" led by Portuguese investigators and the FBI included 14 more European countries, under the umbrella of Europol.

Old and busted: Targeting servers and web bugs. New hotness: Pwning devs with targeted poisoned stacks
2020-09-04 11:15

Speaking at the 2020 Disclosure conference, Jones outlined how the trust many developers put in their software stacks and shared code, paired with a disturbing lack of online savvy, can make them easy pickings for hackers. "Systems are generally hardened - they have patches, they have firewalls, they have monitoring," Jones explained, "But [some] developers will run literally any bullshit they find on Stack Overflow. They keep credentials lying about, they're obviously going to have the source code and some production data sitting on their hardware as well."

Twitter hackers busted 2FA to access accounts and then reset user passwords
2020-07-20 06:25

Twitter has revealed more about the July 15 attack that saw several prominent accounts hijacked to promote a Bitcoin scam. The Saturday, July 18 update admits "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections."

Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown
2020-03-23 14:57

The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines. The website was live as of March 21, according to the DoJ; but as of Monday, the website is currently down.