Security News

Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it. The data collection included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records.

Members of a phishing gang behind millions of euros in losses were arrested today following a law enforcement operation coordinated by the Europol. "A cross-border operation, supported by Europol and involving the Belgian Police and the Dutch Police, resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering," the Europol announced on Tuesday.

The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

San Francisco police have been using driverless cars for surveillance to assist in law enforcement investigations. A handful of tech giants have pledged more than $30 million to implement a plan to improve open-source and software supply chain security.

The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries. According to the DoJ, the marketplace offered for sale more than 10 billion unique records from hundreds of stolen databases that impacted people residing in the U.S. In a separate announcement today, Europol says that RaidForums had more than 500,000 users and "Was considered one of the world's biggest hacking forums".

German police have located and closed down the servers of Hydra, allegedly one of the world's biggest underground online stores. According to a report from the BBC, locating the actual servers used to run Hydra was not an easy task, but German police said they started following up on a tip in the middle of 2021 that suggested the servers were actually hosted in Germany.

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. "Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data," Detective Inspector Michael O'Sullivan, from the City of London Police, said in a statement.

A] large-scale social engineering and extortion campaign against multiple organizations, with some seeing evidence of destructive elements. More recent campaigns have expanded to include organizations globally spanning a variety of sectors.

The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims' bank accounts.