SecureList

NOVEMBER 29, 2024

CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. One of these was an implant called GrewApacha, used by APT31 since at least 2021. CloudSorcerer also employs GitHub as its initial C2 server.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Related: Credential stuffing fuels account takeovers. Breaches to multiple accounts that share the same or similar passwords. Stolen passwords that can lead to data leaks. Attacks by keystroke loggers who steal common login credentials.

Passwords 182

Passwords Password Management Accountability Authentication 182

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering 144

Social Engineering Media Data collection Passwords 144

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. banks are stiffing account takeover victims. million user accounts earlier this year. Elizabeth Warren (D-Mass.)

Cryptocurrency 291

Cryptocurrency Cybercrime Computers and Electronics Scams 291

CyberSecurity Insiders

MARCH 25, 2021

This is why it is essential to your device performance to make sure any endpoints include flexible, secure, default-settings and, in particular, optional mechanisms like password complexity, password expiration, and account lock-out, which forces users to modify the default credentials when setting up the device.

IoT 100

IoT Authentication Passwords Data collection 100

SecureList

SEPTEMBER 6, 2022

One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave. Such an engaged, solvent and eager-to-win audience becomes a tidbit for cybercriminals, who always find ways to fool their victims.

Mobile 133

Mobile Passwords Software Accountability 133

eSecurity Planet

DECEMBER 1, 2021

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. Also read: Top GRC Tools & Software for 2021.

Data privacy 131

Data privacy Data collection Accountability Software 131

Thales Cloud Protection & Licensing

MAY 23, 2022

This should be a focus area for organizations to improve their defensive tactics, such as ensuring secure credentials and removing unnecessary privileged accounts. In August 2021, a ransomware attack on Scripps Health in California resulted in over $113 million in losses. Attacks against the food sector. Healthcare sector.

Healthcare 126

Healthcare Ransomware Authentication Threat Reports 126

SecureList

MARCH 13, 2025

This confirms the trend of hacktivists exploiting trusted relationships (T1199 Trusted Relationship and T1078 Valid Accounts). In one incident, they exploited the Microsoft Exchange server vulnerability CVE-2021-26855 (ProxyLogon). They use these accounts to connect to the server via RDP to transfer and execute tools interactively.

Energy and Utilities 79

Energy and Utilities Software Accountability Phishing 79

SecureList

OCTOBER 18, 2023

Each phishing document contains an external link to fetch a remote page containing a CVE-2021-26411 exploit. The same module is also responsible for transporting data collected by the malware on the infected system, which is also done via USB. Overall, the campaign remained active over 6 months, until May 2023.

Malware 142

Malware Phishing Internet Internet 142

Malwarebytes

JANUARY 18, 2021

The message read: By tapping Agree, you accept the new terms, which take effect on February 8, 2021. You can also visit the Help Center if you would prefer to delete your account. The key focus of concern around the update, was how data would be shared going forward. This would naturally be a cause for concern for some people.

Data collection 75

Data collection Encryption Accountability Passwords 75

Malwarebytes

JUNE 6, 2023

Microsoft is counting the cost of privacy violations, with $20m in fines related to illegal data collection from children’s Xbox accounts. Microsoft was holding on to that data even in situations where the account didn’t complete the registration process.

Advertising 96

Advertising Accountability Data collection Manufacturing 96

SecureList

DECEMBER 9, 2021

The resulting data and conclusions could be used to improve mechanisms for re-scanning pages which have ended up in anti-phishing databases, to determine the response time to new cases of phishing, and for other purposes. Data retrieval method. We obtained the date of the domain creation from the WHOIS public data. No content.

Phishing 144

Phishing Hacking Engineering Scams 144

Security Affairs

JULY 1, 2021

“Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update,” reads the LinkedIn statement.

Data breaches 103

Data breaches Social Engineering Data collection Media 103

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. in Q2 2022.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

SecureList

SEPTEMBER 24, 2024

In South Asia, it accounted for 25.47% of DNT component triggers, and in East Asia – 24.45%. The share of DNT triggers for Google AdSense trackers in each region, July 2021 — June 2022, and July 2023 — June 2024 ( download ) In almost all regions, the share for this tracking system increased.

Advertising 129

Advertising Technology Marketing Media 129

Malwarebytes

MAY 23, 2023

Practices highlighted included “hard to find” location settings, misleading descriptions of location settings, and “repeated nudging” to enable location settings alongside incomplete disclosures of Google’s location data collection.

Advertising 98

Advertising Accountability Data collection Engineering 98

SecureList

OCTOBER 7, 2022

In April 2021, we detected several targeted attacks using a complex chain of zero-day exploits. We were not able to obtain the exploit, but suspected the flaw in question was CVE-2021-21224 , which enabled an attacker to execute arbitrary code inside the browser sandbox. PuzzleMaker. TENSHO (aka White Tur).

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? Rapid7’s market capitalization in 2021 is over $6.75

DNS 131

DNS Technology Cybersecurity Data collection 131

Security Affairs

OCTOBER 27, 2022

Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days. DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm.

Ransomware 108

Ransomware Malware Encryption Data collection 108

McAfee

NOVEMBER 22, 2021

Based on the data collected by our research team from millions of connected McAfee Enterprise users across the globe, the overall usage of enterprise cloud services spiked by 50% across all industries, while the collaboration services witnessed an increase of up to 600% in usage.

Digital transformation 86

Digital transformation Data collection Technology Mobile 86

eSecurity Planet

MAY 5, 2021

Here is our list of the top MDR services for 2021. Then in 2021 it acquired the Israeli Kubernetes security company Alcide.IO In 2021 the vendor promoted CFO John Post to CEO and brought on multiple executives from Carbonite and Webroot to round out an experienced team of technology leaders. Top MDR services. eSentire Atlas.

Threat Detection 57

Threat Detection Technology Artificial Intelligence Engineering 57

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived.

Data breaches 77

Data breaches Data collection Ransomware Hacking 77

SecureList

APRIL 5, 2023

Common users are not the only ones who have recognized the messaging app’s handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. As mentioned above, the creators of phishing bots and kits can get access to data collected with tools they made.

Phishing 144

Phishing Marketing Scams Accountability 144

Malwarebytes

DECEMBER 16, 2021

According to GDPR, the personal data that companies must protect includes any information that can “directly or indirectly” identify a person—or subject—to whom the data belongs or describes. million following an initial ruling in January 2021, but later revised this amount down to 7.7

Advertising 107

Advertising Marketing Data collection Mobile 107

SecureList

NOVEMBER 10, 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. The main tool we use to obtain and analyze threat-related data is Kaspersky Security Network (KSN). The data from 2022 is compared to data from 2021 to assess year-on-year development trends in cryptojacking.

Cryptocurrency 134

Cryptocurrency Malware Software Ransomware 134

eSecurity Planet

APRIL 26, 2022

billion in 2021, and growing concerns over data security , software supply chains , and ransomware suggest the market will remain strong through economic ups and downs. Luckily for cybersecurity startups, there’s no shortage of interest in tomorrow’s next big security vendors. AllegisCyber Investments. EEP Investments.

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

Security Affairs

FEBRUARY 3, 2022

The backdoor was undetected for at least 18 months in a cyberespionage campaign against entities in Taiwan between 2020 and 2021. ” xPack allowed threat actors to run WMI commands remotely and mount shares over SMB to transfer data from C2 servers to them. In some cases threat actors staged stolen data for further exfiltration.

Manufacturing 98

Manufacturing Malware Data collection Encryption 98

eSecurity Planet

SEPTEMBER 16, 2022

billion in reported fraud in 2021 alone. For example, Experian’s 2021 Global Identity and Fraud Report stated that 82% of surveyed businesses had adopted customer recognition strategies. According to a report by the United States Sentencing Commission, the median loss of healthcare fraud in 2021 was over $1 million per infraction.

eCommerce 113

eCommerce Risk Financial Services Authentication 113

eSecurity Planet

OCTOBER 11, 2022

In the world of cybersecurity, the path of least resistance has consistently been shown to be the human element, specifically user accounts with enough access privileges or credentials for the cybercriminal to execute their plan. Compromised employee account login information was also the costliest infection vector for enterprises.

Advertising 125

Advertising Cybersecurity DDOS Data breaches 125

SecureList

MARCH 13, 2024

Global detection figures: affected users Using global and regional statistics, Kaspersky has been able to compare data collected in 2023 with the previous four years. When compared to 2021, there were slight changes to the top 10 affected countries, with most remaining in the same position.

Mobile 108

Mobile Passwords Surveillance Technology 108

SecureList

NOVEMBER 19, 2024

As shoppers seek the best deals in the run-up to major sales events like Black Friday, cybercriminals and fraudsters gear up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures. This report draws on data collected from January through October 2024.

Banking 103

Banking Phishing Scams Retail 103

eSecurity Planet

FEBRUARY 16, 2024

In November 2021, the FBI disclosed a FatPipe VPN exploit that enabled backdoor access via web shells. Reconnaissance Reconnaissance is the starting point of Volt Typhoon’s cyber campaign, characterized by thorough planning and data collection. government and defense institutions for intelligence gathering.

Internet 113

Internet Internet Network Security Cybersecurity 113

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. link] — Troy Hunt (@troyhunt) February 28, 2021. The data leak of SuperVPN, GeckoVPN, and ChatVPN.

VPN 145

VPN Passwords Internet Internet 145

SecureList

NOVEMBER 14, 2023

The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026). Although there was a public report of drones used to hack a Wi-Fi network in 2022, there are no accounts of similar events happening in 2023.

Hacking 141

Hacking Energy and Utilities Media Malware 141

Centraleyes

MARCH 27, 2024

ISO 42001, in alignment with ISO/IEC TR 24030:2021, defines AI as the “capability to acquire, process, create and apply knowledge, held in the form of a model, to conduct one or more given tasks.” Centraleyes revolutionizes risk management by automating the entire lifecycle, from data collection to analysis and remediation.

Artificial Intelligence 52

Artificial Intelligence Risk Data collection Technology 52

Hacker Combat

NOVEMBER 12, 2021

Other measures were also being implemented to for effective and thorough data collection and analysis. Between 2019 and 2021, the center for security and protection have detected and handled approximately 1.4 The hackers were said to have had access to nearly 6000 email accounts. This was an attempt to steal data.

Government 52

Government Cyber Attacks Accountability Data collection 52