image
By Carolina The Cadastro de Pessoas Físicas (CPFs) is a taxpayer registry identification for Brazilians – In this case, 120 million CPFs were exposed online. The IT security researchers at InfoArmor's Advanced Threat Intelligence team discovered a treasure trove of personal sensitive data belonging to over 120 million Brazilians exposed on an unprotected AWS (Amazon Web Service) S3 cloud […] This is a post from HackRead.com Read the original post: Personal & banking data of 120 million Brazilians leaked online

Source

“Pay $20,000 worth of bitcoin, or a bomb will detonate in your building”

A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and police response.

The bomb threat emails were apparently sent by spammers, threatening people that

Source

image
A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient's building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” The email reads: My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims. My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb. I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don't try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network. Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode. This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action. I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away. If the explosive device explodes and the authorities notice this letter: We are not terrorists and dont assume any responsibility for explosions in other buildings. The bitcoin address included in the email was different in each message forwarded to KrebsOnSecurity. In that respect, this scam is reminiscent of the various email sextortion campaigns that went viral earlier this year, which led with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. I could see this spam campaign being extremely disruptive in the short run. There is little doubt that some businesses receiving this extortion email will treat it as a credible threat. This is exactly what happened today at one of the banks that forwarded me their copy of this email. Also, KrebsOnSecurity has received reports that numerous school districts across the country have closed schools early today in response to this hoax email threat. “There are several serious legal problems with this — people will be calling the police, and they cannot ignore even a known hoax,” said Jason McNew, CEO and founder of Stronghold Cyber Security, a consultancy based in Gettysburg, Pa. This is a developing story, and may be updated throughout the day. Update: 4:46 p.m. ET: Added bit about school closings.

Source

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.”

The email reads:

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter:
We are not terrorists and dont assume any responsibility for explosions in other buildings.

The bitcoin address included in the email was different in each message forwarded to KrebsOnSecurity. In that respect, this scam is reminiscent of the various email sextortion campaigns that went viral earlier this year, which led with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid.

I could see this spam campaign being extremely disruptive in the short run. There is little doubt that some businesses receiving this extortion email will treat it as a credible threat. This is exactly what happened today at one of the banks that forwarded me their copy of this email.

“There are several serious legal problems with this — people will be calling the police, and they cannot ignore even a known hoax,” said Jason McNew, CEO and founder of Stronghold Cyber Security, a consultancy based in Gettysburg, Pa.

This is a developing story, and may be updated throughout the day.

Source

image
By Waqas Ransomware has become a persistent threat to users globally but for cybercriminals, it is a lucrative business. Recently, IT security researchers at Check Point unearthed a sophisticated ransomware decryption scam in which a Russian IT consultant company has been caught scamming ransomware victims. The company according to Check Point researchers calls itself ‘Dr. Shifro’ and claims to provide […] This is a post from HackRead.com Read the original post: IT consultancy firm caught running ransomware decryption scam

Source

The online spell check platform is taking its private bounty program public in hopes of outing more threats.

Source

Attacks targeting critical infrastructure system are ramping up – and defense has become a top priority for the U.S. government.

Source